-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:132 http://www.mandriva.com/security/ _______________________________________________________________________ Package : libsndfile Date : June 7, 2009 Affected: 2008.1, 2009.0, 2009.1, Corporate 3.0, Corporate 4.0 _______________________________________________________________________ Problem Description: Multiple vulnerabilities has been found and corrected in libsndfile: Heap-based buffer overflow in voc_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a VOC file with an invalid header value (CVE-2009-1788). Heap-based buffer overflow in aiff_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an AIFF file with an invalid header value (CVE-2009-1791). This update provides fixes for these vulnerabilities. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1788 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1791 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.1: 701da939ef75bb44c6a88091991405f9 2008.1/i586/libsndfile1-1.0.18-1.pre20.1.2mdv2008.1.i586.rpm ece4f97fbe7d228e6a68ec2fcfc962a7 2008.1/i586/libsndfile-devel-1.0.18-1.pre20.1.2mdv2008.1.i586.rpm e53e91c170e4e7533939e991bd7e6986 2008.1/i586/libsndfile-progs-1.0.18-1.pre20.1.2mdv2008.1.i586.rpm 99d764b015825c5773e522e244deeecc 2008.1/i586/libsndfile-static-devel-1.0.18-1.pre20.1.2mdv2008.1.i586.rpm 516da728e6ec820abe69840d20e81132 2008.1/SRPMS/libsndfile-1.0.18-1.pre20.1.2mdv2008.1.src.rpm Mandriva Linux 2008.1/X86_64: 6442e6ffb57e298b00ec31bcedb942c6 2008.1/x86_64/lib64sndfile1-1.0.18-1.pre20.1.2mdv2008.1.x86_64.rpm 333380f9a0efa811dc8596bacf924454 2008.1/x86_64/lib64sndfile-devel-1.0.18-1.pre20.1.2mdv2008.1.x86_64.rpm 0124fa53ba30401ea0c3226efe64f6c0 2008.1/x86_64/lib64sndfile-static-devel-1.0.18-1.pre20.1.2mdv2008.1.x86_64.rpm 0ff17e4b621107b779c6e1bc13d22d1a 2008.1/x86_64/libsndfile-progs-1.0.18-1.pre20.1.2mdv2008.1.x86_64.rpm 516da728e6ec820abe69840d20e81132 2008.1/SRPMS/libsndfile-1.0.18-1.pre20.1.2mdv2008.1.src.rpm Mandriva Linux 2009.0: 3a2368ee951b221c5d69c2c6b7d6a48c 2009.0/i586/libsndfile1-1.0.18-2.pre22.1.2mdv2009.0.i586.rpm 0f12874d6a5fde2f1af5c1df0d6a1c16 2009.0/i586/libsndfile-devel-1.0.18-2.pre22.1.2mdv2009.0.i586.rpm 98213ebaed97f0a2e6d49e79fe5ff76e 2009.0/i586/libsndfile-progs-1.0.18-2.pre22.1.2mdv2009.0.i586.rpm 42229b20ae9a0f49e9924dad505116b3 2009.0/i586/libsndfile-static-devel-1.0.18-2.pre22.1.2mdv2009.0.i586.rpm c444d98f0ffdad126dafc51a58cdc81f 2009.0/SRPMS/libsndfile-1.0.18-2.pre22.1.2mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 6fc6279c15b54e22c23c4a4a1ea055a0 2009.0/x86_64/lib64sndfile1-1.0.18-2.pre22.1.2mdv2009.0.x86_64.rpm 572f0991372826b65a0605694cde1b43 2009.0/x86_64/lib64sndfile-devel-1.0.18-2.pre22.1.2mdv2009.0.x86_64.rpm b184642bfb17c160da33c44eaf288deb 2009.0/x86_64/lib64sndfile-static-devel-1.0.18-2.pre22.1.2mdv2009.0.x86_64.rpm a8eb61b1d24bd4390a72de7c2767e78d 2009.0/x86_64/libsndfile-progs-1.0.18-2.pre22.1.2mdv2009.0.x86_64.rpm c444d98f0ffdad126dafc51a58cdc81f 2009.0/SRPMS/libsndfile-1.0.18-2.pre22.1.2mdv2009.0.src.rpm Mandriva Linux 2009.1: 89b4e3e227f6707669f91189294af292 2009.1/i586/libsndfile1-1.0.19-1.1mdv2009.1.i586.rpm a31e77b54e28effbe5a6b19869112f28 2009.1/i586/libsndfile-devel-1.0.19-1.1mdv2009.1.i586.rpm df23c2bebe552c1ef9a4516daa5a5bef 2009.1/i586/libsndfile-progs-1.0.19-1.1mdv2009.1.i586.rpm 9bffa66c3ccb14aba57e8161960a6b05 2009.1/i586/libsndfile-static-devel-1.0.19-1.1mdv2009.1.i586.rpm a55dd246457aea313d82f70332c8f36b 2009.1/SRPMS/libsndfile-1.0.19-1.1mdv2009.1.src.rpm Mandriva Linux 2009.1/X86_64: 3d4170e84aea8f0c32c59c818c9c7280 2009.1/x86_64/lib64sndfile1-1.0.19-1.1mdv2009.1.x86_64.rpm 17fe0c03e79959feb26e4e4448456af1 2009.1/x86_64/lib64sndfile-devel-1.0.19-1.1mdv2009.1.x86_64.rpm 072e67a45dbb68b23935b3806fa0a602 2009.1/x86_64/lib64sndfile-static-devel-1.0.19-1.1mdv2009.1.x86_64.rpm 956bf413c247969d743327c343b1c14c 2009.1/x86_64/libsndfile-progs-1.0.19-1.1mdv2009.1.x86_64.rpm a55dd246457aea313d82f70332c8f36b 2009.1/SRPMS/libsndfile-1.0.19-1.1mdv2009.1.src.rpm Corporate 3.0: 60bdde82db8a5c84f89b04b918f1754b corporate/3.0/i586/libsndfile1-1.0.5-4.1.C30mdk.i586.rpm d806f60be51bf593ea9e0b3229767d8c corporate/3.0/i586/libsndfile1-devel-1.0.5-4.1.C30mdk.i586.rpm 1d0da98153c7586db0f9b33f2697d1a2 corporate/3.0/i586/libsndfile1-static-devel-1.0.5-4.1.C30mdk.i586.rpm 5eab2abf9a9efd63b3b330c530ba871a corporate/3.0/i586/libsndfile-progs-1.0.5-4.1.C30mdk.i586.rpm 91eef247c8bb071839cab8b2e72da048 corporate/3.0/SRPMS/libsndfile-1.0.5-4.1.C30mdk.src.rpm Corporate 3.0/X86_64: ff7314675c98acd10988512d061bc08b corporate/3.0/x86_64/lib64sndfile1-1.0.5-4.1.C30mdk.x86_64.rpm e4504c8f36f99b89a50a098494c42648 corporate/3.0/x86_64/lib64sndfile1-devel-1.0.5-4.1.C30mdk.x86_64.rpm 647d44fc6c873ee4edd2073a9eb31a27 corporate/3.0/x86_64/lib64sndfile1-static-devel-1.0.5-4.1.C30mdk.x86_64.rpm 883283f7ead7833a682a5b378e597473 corporate/3.0/x86_64/libsndfile-progs-1.0.5-4.1.C30mdk.x86_64.rpm 91eef247c8bb071839cab8b2e72da048 corporate/3.0/SRPMS/libsndfile-1.0.5-4.1.C30mdk.src.rpm Corporate 4.0: e37710f568c24ac630e808824be2bcb7 corporate/4.0/i586/libsndfile1-1.0.11-1.1.20060mlcs4.i586.rpm 6edfa31978c0507fec3e6c7196b8eb90 corporate/4.0/i586/libsndfile1-devel-1.0.11-1.1.20060mlcs4.i586.rpm 164bf5a93311aba0c28881ff1e16aff7 corporate/4.0/i586/libsndfile1-static-devel-1.0.11-1.1.20060mlcs4.i586.rpm b4d2bca7afe885d18cedfbf984199437 corporate/4.0/i586/libsndfile-progs-1.0.11-1.1.20060mlcs4.i586.rpm 13185887dbb05ae457218dbab126ba61 corporate/4.0/SRPMS/libsndfile-1.0.11-1.1.20060mlcs4.src.rpm Corporate 4.0/X86_64: 95da0be2ca10d4aedba59098c7de13f3 corporate/4.0/x86_64/lib64sndfile1-1.0.11-1.1.20060mlcs4.x86_64.rpm 2a9c964b442552efd9759653f0bcbc77 corporate/4.0/x86_64/lib64sndfile1-devel-1.0.11-1.1.20060mlcs4.x86_64.rpm edbc77703f3170e49c02086931429d80 corporate/4.0/x86_64/lib64sndfile1-static-devel-1.0.11-1.1.20060mlcs4.x86_64.rpm 7fda385d55c1079a8280c9937a98f84e corporate/4.0/x86_64/libsndfile-progs-1.0.11-1.1.20060mlcs4.x86_64.rpm 13185887dbb05ae457218dbab126ba61 corporate/4.0/SRPMS/libsndfile-1.0.11-1.1.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFKK7xemqjQ0CJFipgRAitZAJ4pmmVZN+8HWX6k/vZJ2oBj9oXzLQCg3Fgz r6IGgMZMbGyAEPEVyUOZDAo= =bldV -----END PGP SIGNATURE-----