-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2008:238 http://www.mandriva.com/security/ _______________________________________________________________________ Package : libsamplerate Date : December 4, 2008 Affected: 2008.0, 2008.1, Corporate 3.0, Corporate 4.0 _______________________________________________________________________ Problem Description: A buffer overflow was found by Russell O'Conner in the libsamplerate library versions prior to 0.1.4 that could possibly lead to the execution of arbitrary code via a specially crafted audio file (CVE-2008-5008). The updated packages have been patched to prevent this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5008 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: 9a9cc1fbac25741ad38e914c98d90826 2008.0/i586/libsamplerate0-0.1.3-0.pre6.3.1mdv2008.0.i586.rpm 294117b4e81f6d38553faf47b0d0b561 2008.0/i586/libsamplerate-devel-0.1.3-0.pre6.3.1mdv2008.0.i586.rpm 695ab47e44749f3f0a6df321992f6064 2008.0/i586/libsamplerate-progs-0.1.3-0.pre6.3.1mdv2008.0.i586.rpm 4068b67bd67786501ddc388824763a19 2008.0/SRPMS/libsamplerate-0.1.3-0.pre6.3.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 24a792941fa5fbff89764b724923a616 2008.0/x86_64/lib64samplerate0-0.1.3-0.pre6.3.1mdv2008.0.x86_64.rpm c1ac9d056ca38c36658158fec3ee3f31 2008.0/x86_64/lib64samplerate-devel-0.1.3-0.pre6.3.1mdv2008.0.x86_64.rpm dcdffc679e6af71864d8cdb78e335df8 2008.0/x86_64/libsamplerate-progs-0.1.3-0.pre6.3.1mdv2008.0.x86_64.rpm 4068b67bd67786501ddc388824763a19 2008.0/SRPMS/libsamplerate-0.1.3-0.pre6.3.1mdv2008.0.src.rpm Mandriva Linux 2008.1: f44c5b4f55bbe4ad946f46456dce4745 2008.1/i586/libsamplerate0-0.1.3-0.pre6.3.1mdv2008.1.i586.rpm 18a7016e5da1f0f37c3cde4222703f87 2008.1/i586/libsamplerate-devel-0.1.3-0.pre6.3.1mdv2008.1.i586.rpm 6064159a6a594c006d16c42d29cfd240 2008.1/i586/libsamplerate-progs-0.1.3-0.pre6.3.1mdv2008.1.i586.rpm 32697b41d7fd390e91b4d4dbeacc0db2 2008.1/SRPMS/libsamplerate-0.1.3-0.pre6.3.1mdv2008.1.src.rpm Mandriva Linux 2008.1/X86_64: 6497eadf29decebda33422f431a83d45 2008.1/x86_64/lib64samplerate0-0.1.3-0.pre6.3.1mdv2008.1.x86_64.rpm 2df7b9d3f1656f728667e68569cfc8af 2008.1/x86_64/lib64samplerate-devel-0.1.3-0.pre6.3.1mdv2008.1.x86_64.rpm b9c0276018ac620bbcd68f998b4daeac 2008.1/x86_64/libsamplerate-progs-0.1.3-0.pre6.3.1mdv2008.1.x86_64.rpm 32697b41d7fd390e91b4d4dbeacc0db2 2008.1/SRPMS/libsamplerate-0.1.3-0.pre6.3.1mdv2008.1.src.rpm Corporate 3.0: 91ef6d6952ac4d845f4ed16b74117d8d corporate/3.0/i586/libsamplerate0-0.0.15-2.1.C30mdk.i586.rpm 7d1aef25a43863e4a7d89fd559312b29 corporate/3.0/i586/libsamplerate0-devel-0.0.15-2.1.C30mdk.i586.rpm e3d9b6a0c2d32d36bd55b3d2b9ff8fa7 corporate/3.0/i586/libsamplerate-progs-0.0.15-2.1.C30mdk.i586.rpm 67cdb6d349097d08925e2c4cb86d1fe6 corporate/3.0/SRPMS/libsamplerate-0.0.15-2.1.C30mdk.src.rpm Corporate 3.0/X86_64: 3efec8fbd1ea1fd00f9eea336afd5798 corporate/3.0/x86_64/lib64samplerate0-0.0.15-2.1.C30mdk.x86_64.rpm 5783d23a1019bed054e713b94c5ad989 corporate/3.0/x86_64/lib64samplerate0-devel-0.0.15-2.1.C30mdk.x86_64.rpm f970ddd128def98252bc4090f576f4ec corporate/3.0/x86_64/libsamplerate-progs-0.0.15-2.1.C30mdk.x86_64.rpm 67cdb6d349097d08925e2c4cb86d1fe6 corporate/3.0/SRPMS/libsamplerate-0.0.15-2.1.C30mdk.src.rpm Corporate 4.0: 0a2d27263f81d8304028bccadb5142af corporate/4.0/i586/libsamplerate0-0.1.2-1.1.20060mlcs4.i586.rpm 7d3dddddbad29db356b97dc77f720c0a corporate/4.0/i586/libsamplerate0-devel-0.1.2-1.1.20060mlcs4.i586.rpm 9b2bc33430ac70a2c24eab9f2afee0c2 corporate/4.0/i586/libsamplerate-progs-0.1.2-1.1.20060mlcs4.i586.rpm 83cdd1d3349f1017c4c92cb6ee0fb636 corporate/4.0/SRPMS/libsamplerate-0.1.2-1.1.20060mlcs4.src.rpm Corporate 4.0/X86_64: ffbc6a9d6d3403a52ca5cbe3c4a3495d corporate/4.0/x86_64/lib64samplerate0-0.1.2-1.1.20060mlcs4.x86_64.rpm 991dd38ed664577613f6a55da77eaa29 corporate/4.0/x86_64/lib64samplerate0-devel-0.1.2-1.1.20060mlcs4.x86_64.rpm 92d88adbf9d580a772b702f33cf8d027 corporate/4.0/x86_64/libsamplerate-progs-0.1.2-1.1.20060mlcs4.x86_64.rpm 83cdd1d3349f1017c4c92cb6ee0fb636 corporate/4.0/SRPMS/libsamplerate-0.1.2-1.1.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFJOFc0mqjQ0CJFipgRAjweAKDVUt2pCqRSgKnXlJI0gJoSgbuXBACeMk6+ SxoIyNyLtbDX6XnTUTazqts= =Kbrk -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/