To: [email protected]Subject: [ MDVSA-2009:132 ] libsndfile
Date: Sun, 07 Jun 2009 18:24:01 +0200
From: [email protected]
Reply-To: <xsecurity@mandriva.com.>
Message-Id: <E1MDLA9-0007Nf-GT@titan.mandriva.com.>
X-Virus-Scanned: antivirus-gw at tyumen.ru
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2009:132
http://www.mandriva.com/security/
_______________________________________________________________________
Package : libsndfile
Date : June 7, 2009
Affected: 2008.1, 2009.0, 2009.1, Corporate 3.0, Corporate 4.0
_______________________________________________________________________
Problem Description:
Multiple vulnerabilities has been found and corrected in libsndfile:
Heap-based buffer overflow in voc_read_header in libsndfile 1.0.15
through 1.0.19, as used in Winamp 5.552 and possibly other media
programs, allows remote attackers to cause a denial of service
(application crash) and possibly execute arbitrary code via a VOC
file with an invalid header value (CVE-2009-1788).
Heap-based buffer overflow in aiff_read_header in libsndfile 1.0.15
through 1.0.19, as used in Winamp 5.552 and possibly other media
programs, allows remote attackers to cause a denial of service
(application crash) and possibly execute arbitrary code via an AIFF
file with an invalid header value (CVE-2009-1791).
This update provides fixes for these vulnerabilities.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1788http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1791
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.1:
701da939ef75bb44c6a88091991405f9 2008.1/i586/libsndfile1-1.0.18-1.pre20.1.2mdv2008.1.i586.rpm
ece4f97fbe7d228e6a68ec2fcfc962a7 2008.1/i586/libsndfile-devel-1.0.18-1.pre20.1.2mdv2008.1.i586.rpm
e53e91c170e4e7533939e991bd7e6986 2008.1/i586/libsndfile-progs-1.0.18-1.pre20.1.2mdv2008.1.i586.rpm
99d764b015825c5773e522e244deeecc 2008.1/i586/libsndfile-static-devel-1.0.18-1.pre20.1.2mdv2008.1.i586.rpm
516da728e6ec820abe69840d20e81132 2008.1/SRPMS/libsndfile-1.0.18-1.pre20.1.2mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64:
6442e6ffb57e298b00ec31bcedb942c6 2008.1/x86_64/lib64sndfile1-1.0.18-1.pre20.1.2mdv2008.1.x86_64.rpm
333380f9a0efa811dc8596bacf924454 2008.1/x86_64/lib64sndfile-devel-1.0.18-1.pre20.1.2mdv2008.1.x86_64.rpm
0124fa53ba30401ea0c3226efe64f6c0 2008.1/x86_64/lib64sndfile-static-devel-1.0.18-1.pre20.1.2mdv2008.1.x86_64.rpm
0ff17e4b621107b779c6e1bc13d22d1a 2008.1/x86_64/libsndfile-progs-1.0.18-1.pre20.1.2mdv2008.1.x86_64.rpm
516da728e6ec820abe69840d20e81132 2008.1/SRPMS/libsndfile-1.0.18-1.pre20.1.2mdv2008.1.src.rpm
Mandriva Linux 2009.0:
3a2368ee951b221c5d69c2c6b7d6a48c 2009.0/i586/libsndfile1-1.0.18-2.pre22.1.2mdv2009.0.i586.rpm
0f12874d6a5fde2f1af5c1df0d6a1c16 2009.0/i586/libsndfile-devel-1.0.18-2.pre22.1.2mdv2009.0.i586.rpm
98213ebaed97f0a2e6d49e79fe5ff76e 2009.0/i586/libsndfile-progs-1.0.18-2.pre22.1.2mdv2009.0.i586.rpm
42229b20ae9a0f49e9924dad505116b3 2009.0/i586/libsndfile-static-devel-1.0.18-2.pre22.1.2mdv2009.0.i586.rpm
c444d98f0ffdad126dafc51a58cdc81f 2009.0/SRPMS/libsndfile-1.0.18-2.pre22.1.2mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
6fc6279c15b54e22c23c4a4a1ea055a0 2009.0/x86_64/lib64sndfile1-1.0.18-2.pre22.1.2mdv2009.0.x86_64.rpm
572f0991372826b65a0605694cde1b43 2009.0/x86_64/lib64sndfile-devel-1.0.18-2.pre22.1.2mdv2009.0.x86_64.rpm
b184642bfb17c160da33c44eaf288deb 2009.0/x86_64/lib64sndfile-static-devel-1.0.18-2.pre22.1.2mdv2009.0.x86_64.rpm
a8eb61b1d24bd4390a72de7c2767e78d 2009.0/x86_64/libsndfile-progs-1.0.18-2.pre22.1.2mdv2009.0.x86_64.rpm
c444d98f0ffdad126dafc51a58cdc81f 2009.0/SRPMS/libsndfile-1.0.18-2.pre22.1.2mdv2009.0.src.rpm
Mandriva Linux 2009.1:
89b4e3e227f6707669f91189294af292 2009.1/i586/libsndfile1-1.0.19-1.1mdv2009.1.i586.rpm
a31e77b54e28effbe5a6b19869112f28 2009.1/i586/libsndfile-devel-1.0.19-1.1mdv2009.1.i586.rpm
df23c2bebe552c1ef9a4516daa5a5bef 2009.1/i586/libsndfile-progs-1.0.19-1.1mdv2009.1.i586.rpm
9bffa66c3ccb14aba57e8161960a6b05 2009.1/i586/libsndfile-static-devel-1.0.19-1.1mdv2009.1.i586.rpm
a55dd246457aea313d82f70332c8f36b 2009.1/SRPMS/libsndfile-1.0.19-1.1mdv2009.1.src.rpm
Mandriva Linux 2009.1/X86_64:
3d4170e84aea8f0c32c59c818c9c7280 2009.1/x86_64/lib64sndfile1-1.0.19-1.1mdv2009.1.x86_64.rpm
17fe0c03e79959feb26e4e4448456af1 2009.1/x86_64/lib64sndfile-devel-1.0.19-1.1mdv2009.1.x86_64.rpm
072e67a45dbb68b23935b3806fa0a602 2009.1/x86_64/lib64sndfile-static-devel-1.0.19-1.1mdv2009.1.x86_64.rpm
956bf413c247969d743327c343b1c14c 2009.1/x86_64/libsndfile-progs-1.0.19-1.1mdv2009.1.x86_64.rpm
a55dd246457aea313d82f70332c8f36b 2009.1/SRPMS/libsndfile-1.0.19-1.1mdv2009.1.src.rpm
Corporate 3.0:
60bdde82db8a5c84f89b04b918f1754b corporate/3.0/i586/libsndfile1-1.0.5-4.1.C30mdk.i586.rpm
d806f60be51bf593ea9e0b3229767d8c corporate/3.0/i586/libsndfile1-devel-1.0.5-4.1.C30mdk.i586.rpm
1d0da98153c7586db0f9b33f2697d1a2 corporate/3.0/i586/libsndfile1-static-devel-1.0.5-4.1.C30mdk.i586.rpm
5eab2abf9a9efd63b3b330c530ba871a corporate/3.0/i586/libsndfile-progs-1.0.5-4.1.C30mdk.i586.rpm
91eef247c8bb071839cab8b2e72da048 corporate/3.0/SRPMS/libsndfile-1.0.5-4.1.C30mdk.src.rpm
Corporate 3.0/X86_64:
ff7314675c98acd10988512d061bc08b corporate/3.0/x86_64/lib64sndfile1-1.0.5-4.1.C30mdk.x86_64.rpm
e4504c8f36f99b89a50a098494c42648 corporate/3.0/x86_64/lib64sndfile1-devel-1.0.5-4.1.C30mdk.x86_64.rpm
647d44fc6c873ee4edd2073a9eb31a27 corporate/3.0/x86_64/lib64sndfile1-static-devel-1.0.5-4.1.C30mdk.x86_64.rpm
883283f7ead7833a682a5b378e597473 corporate/3.0/x86_64/libsndfile-progs-1.0.5-4.1.C30mdk.x86_64.rpm
91eef247c8bb071839cab8b2e72da048 corporate/3.0/SRPMS/libsndfile-1.0.5-4.1.C30mdk.src.rpm
Corporate 4.0:
e37710f568c24ac630e808824be2bcb7 corporate/4.0/i586/libsndfile1-1.0.11-1.1.20060mlcs4.i586.rpm
6edfa31978c0507fec3e6c7196b8eb90 corporate/4.0/i586/libsndfile1-devel-1.0.11-1.1.20060mlcs4.i586.rpm
164bf5a93311aba0c28881ff1e16aff7 corporate/4.0/i586/libsndfile1-static-devel-1.0.11-1.1.20060mlcs4.i586.rpm
b4d2bca7afe885d18cedfbf984199437 corporate/4.0/i586/libsndfile-progs-1.0.11-1.1.20060mlcs4.i586.rpm
13185887dbb05ae457218dbab126ba61 corporate/4.0/SRPMS/libsndfile-1.0.11-1.1.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
95da0be2ca10d4aedba59098c7de13f3 corporate/4.0/x86_64/lib64sndfile1-1.0.11-1.1.20060mlcs4.x86_64.rpm
2a9c964b442552efd9759653f0bcbc77 corporate/4.0/x86_64/lib64sndfile1-devel-1.0.11-1.1.20060mlcs4.x86_64.rpm
edbc77703f3170e49c02086931429d80 corporate/4.0/x86_64/lib64sndfile1-static-devel-1.0.11-1.1.20060mlcs4.x86_64.rpm
7fda385d55c1079a8280c9937a98f84e corporate/4.0/x86_64/libsndfile-progs-1.0.11-1.1.20060mlcs4.x86_64.rpm
13185887dbb05ae457218dbab126ba61 corporate/4.0/SRPMS/libsndfile-1.0.11-1.1.20060mlcs4.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFKK7xemqjQ0CJFipgRAitZAJ4pmmVZN+8HWX6k/vZJ2oBj9oXzLQCg3Fgz
r6IGgMZMbGyAEPEVyUOZDAo=
=bldV
-----END PGP SIGNATURE-----