what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2009-132

Mandriva Linux Security Advisory 2009-132
Posted Jun 8, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-132 - Heap-based buffer overflow in voc_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a VOC file with an invalid header value. Heap-based buffer overflow in aiff_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an AIFF file with an invalid header value. This update provides fixes for these vulnerabilities.

tags | advisory, remote, denial of service, overflow, arbitrary, vulnerability
systems | linux, mandriva
advisories | CVE-2009-1788, CVE-2009-1791
SHA-256 | 6f4d2d54d09470814756d8bc4bec180c39d9b916098bb46c18bd7d6659f79f1e
Download | Favorite | View

Mandriva Linux Security Advisory 2009-132

Change Mirror Download

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2009:132
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : libsndfile
 Date    : June 7, 2009
 Affected: 2008.1, 2009.0, 2009.1, Corporate 3.0, Corporate 4.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been found and corrected in libsndfile:
 
 Heap-based buffer overflow in voc_read_header in libsndfile 1.0.15
 through 1.0.19, as used in Winamp 5.552 and possibly other media
 programs, allows remote attackers to cause a denial of service
 (application crash) and possibly execute arbitrary code via a VOC
 file with an invalid header value (CVE-2009-1788).
 
 Heap-based buffer overflow in aiff_read_header in libsndfile 1.0.15
 through 1.0.19, as used in Winamp 5.552 and possibly other media
 programs, allows remote attackers to cause a denial of service
 (application crash) and possibly execute arbitrary code via an AIFF
 file with an invalid header value (CVE-2009-1791).
 
 This update provides fixes for these vulnerabilities.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1788
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1791
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.1:
 701da939ef75bb44c6a88091991405f9  2008.1/i586/libsndfile1-1.0.18-1.pre20.1.2mdv2008.1.i586.rpm
 ece4f97fbe7d228e6a68ec2fcfc962a7  2008.1/i586/libsndfile-devel-1.0.18-1.pre20.1.2mdv2008.1.i586.rpm
 e53e91c170e4e7533939e991bd7e6986  2008.1/i586/libsndfile-progs-1.0.18-1.pre20.1.2mdv2008.1.i586.rpm
 99d764b015825c5773e522e244deeecc  2008.1/i586/libsndfile-static-devel-1.0.18-1.pre20.1.2mdv2008.1.i586.rpm 
 516da728e6ec820abe69840d20e81132  2008.1/SRPMS/libsndfile-1.0.18-1.pre20.1.2mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 6442e6ffb57e298b00ec31bcedb942c6  2008.1/x86_64/lib64sndfile1-1.0.18-1.pre20.1.2mdv2008.1.x86_64.rpm
 333380f9a0efa811dc8596bacf924454  2008.1/x86_64/lib64sndfile-devel-1.0.18-1.pre20.1.2mdv2008.1.x86_64.rpm
 0124fa53ba30401ea0c3226efe64f6c0  2008.1/x86_64/lib64sndfile-static-devel-1.0.18-1.pre20.1.2mdv2008.1.x86_64.rpm
 0ff17e4b621107b779c6e1bc13d22d1a  2008.1/x86_64/libsndfile-progs-1.0.18-1.pre20.1.2mdv2008.1.x86_64.rpm 
 516da728e6ec820abe69840d20e81132  2008.1/SRPMS/libsndfile-1.0.18-1.pre20.1.2mdv2008.1.src.rpm

 Mandriva Linux 2009.0:
 3a2368ee951b221c5d69c2c6b7d6a48c  2009.0/i586/libsndfile1-1.0.18-2.pre22.1.2mdv2009.0.i586.rpm
 0f12874d6a5fde2f1af5c1df0d6a1c16  2009.0/i586/libsndfile-devel-1.0.18-2.pre22.1.2mdv2009.0.i586.rpm
 98213ebaed97f0a2e6d49e79fe5ff76e  2009.0/i586/libsndfile-progs-1.0.18-2.pre22.1.2mdv2009.0.i586.rpm
 42229b20ae9a0f49e9924dad505116b3  2009.0/i586/libsndfile-static-devel-1.0.18-2.pre22.1.2mdv2009.0.i586.rpm 
 c444d98f0ffdad126dafc51a58cdc81f  2009.0/SRPMS/libsndfile-1.0.18-2.pre22.1.2mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 6fc6279c15b54e22c23c4a4a1ea055a0  2009.0/x86_64/lib64sndfile1-1.0.18-2.pre22.1.2mdv2009.0.x86_64.rpm
 572f0991372826b65a0605694cde1b43  2009.0/x86_64/lib64sndfile-devel-1.0.18-2.pre22.1.2mdv2009.0.x86_64.rpm
 b184642bfb17c160da33c44eaf288deb  2009.0/x86_64/lib64sndfile-static-devel-1.0.18-2.pre22.1.2mdv2009.0.x86_64.rpm
 a8eb61b1d24bd4390a72de7c2767e78d  2009.0/x86_64/libsndfile-progs-1.0.18-2.pre22.1.2mdv2009.0.x86_64.rpm 
 c444d98f0ffdad126dafc51a58cdc81f  2009.0/SRPMS/libsndfile-1.0.18-2.pre22.1.2mdv2009.0.src.rpm

 Mandriva Linux 2009.1:
 89b4e3e227f6707669f91189294af292  2009.1/i586/libsndfile1-1.0.19-1.1mdv2009.1.i586.rpm
 a31e77b54e28effbe5a6b19869112f28  2009.1/i586/libsndfile-devel-1.0.19-1.1mdv2009.1.i586.rpm
 df23c2bebe552c1ef9a4516daa5a5bef  2009.1/i586/libsndfile-progs-1.0.19-1.1mdv2009.1.i586.rpm
 9bffa66c3ccb14aba57e8161960a6b05  2009.1/i586/libsndfile-static-devel-1.0.19-1.1mdv2009.1.i586.rpm 
 a55dd246457aea313d82f70332c8f36b  2009.1/SRPMS/libsndfile-1.0.19-1.1mdv2009.1.src.rpm

 Mandriva Linux 2009.1/X86_64:
 3d4170e84aea8f0c32c59c818c9c7280  2009.1/x86_64/lib64sndfile1-1.0.19-1.1mdv2009.1.x86_64.rpm
 17fe0c03e79959feb26e4e4448456af1  2009.1/x86_64/lib64sndfile-devel-1.0.19-1.1mdv2009.1.x86_64.rpm
 072e67a45dbb68b23935b3806fa0a602  2009.1/x86_64/lib64sndfile-static-devel-1.0.19-1.1mdv2009.1.x86_64.rpm
 956bf413c247969d743327c343b1c14c  2009.1/x86_64/libsndfile-progs-1.0.19-1.1mdv2009.1.x86_64.rpm 
 a55dd246457aea313d82f70332c8f36b  2009.1/SRPMS/libsndfile-1.0.19-1.1mdv2009.1.src.rpm

 Corporate 3.0:
 60bdde82db8a5c84f89b04b918f1754b  corporate/3.0/i586/libsndfile1-1.0.5-4.1.C30mdk.i586.rpm
 d806f60be51bf593ea9e0b3229767d8c  corporate/3.0/i586/libsndfile1-devel-1.0.5-4.1.C30mdk.i586.rpm
 1d0da98153c7586db0f9b33f2697d1a2  corporate/3.0/i586/libsndfile1-static-devel-1.0.5-4.1.C30mdk.i586.rpm
 5eab2abf9a9efd63b3b330c530ba871a  corporate/3.0/i586/libsndfile-progs-1.0.5-4.1.C30mdk.i586.rpm 
 91eef247c8bb071839cab8b2e72da048  corporate/3.0/SRPMS/libsndfile-1.0.5-4.1.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 ff7314675c98acd10988512d061bc08b  corporate/3.0/x86_64/lib64sndfile1-1.0.5-4.1.C30mdk.x86_64.rpm
 e4504c8f36f99b89a50a098494c42648  corporate/3.0/x86_64/lib64sndfile1-devel-1.0.5-4.1.C30mdk.x86_64.rpm
 647d44fc6c873ee4edd2073a9eb31a27  corporate/3.0/x86_64/lib64sndfile1-static-devel-1.0.5-4.1.C30mdk.x86_64.rpm
 883283f7ead7833a682a5b378e597473  corporate/3.0/x86_64/libsndfile-progs-1.0.5-4.1.C30mdk.x86_64.rpm 
 91eef247c8bb071839cab8b2e72da048  corporate/3.0/SRPMS/libsndfile-1.0.5-4.1.C30mdk.src.rpm

 Corporate 4.0:
 e37710f568c24ac630e808824be2bcb7  corporate/4.0/i586/libsndfile1-1.0.11-1.1.20060mlcs4.i586.rpm
 6edfa31978c0507fec3e6c7196b8eb90  corporate/4.0/i586/libsndfile1-devel-1.0.11-1.1.20060mlcs4.i586.rpm
 164bf5a93311aba0c28881ff1e16aff7  corporate/4.0/i586/libsndfile1-static-devel-1.0.11-1.1.20060mlcs4.i586.rpm
 b4d2bca7afe885d18cedfbf984199437  corporate/4.0/i586/libsndfile-progs-1.0.11-1.1.20060mlcs4.i586.rpm 
 13185887dbb05ae457218dbab126ba61  corporate/4.0/SRPMS/libsndfile-1.0.11-1.1.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 95da0be2ca10d4aedba59098c7de13f3  corporate/4.0/x86_64/lib64sndfile1-1.0.11-1.1.20060mlcs4.x86_64.rpm
 2a9c964b442552efd9759653f0bcbc77  corporate/4.0/x86_64/lib64sndfile1-devel-1.0.11-1.1.20060mlcs4.x86_64.rpm
 edbc77703f3170e49c02086931429d80  corporate/4.0/x86_64/lib64sndfile1-static-devel-1.0.11-1.1.20060mlcs4.x86_64.rpm
 7fda385d55c1079a8280c9937a98f84e  corporate/4.0/x86_64/libsndfile-progs-1.0.11-1.1.20060mlcs4.x86_64.rpm 
 13185887dbb05ae457218dbab126ba61  corporate/4.0/SRPMS/libsndfile-1.0.11-1.1.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFKK7xemqjQ0CJFipgRAitZAJ4pmmVZN+8HWX6k/vZJ2oBj9oXzLQCg3Fgz
r6IGgMZMbGyAEPEVyUOZDAo=
=bldV
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    8 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    11 Files
  • 23
    Apr 23rd
    68 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close