-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2010:150 http://www.mandriva.com/security/ _______________________________________________________________________ Package : libsndfile Date : August 14, 2010 Affected: 2008.0, 2009.0, 2009.1, 2010.0, Corporate 4.0, Enterprise Server 5.0 _______________________________________________________________________ Problem Description: A vulnerability has been discovered and corrected in libsndfile: The (1) htk_read_header, (2) alaw_init, (3) ulaw_init, (4) pcm_init, (5) float32_init, and (6) sds_read_header functions in libsndfile 1.0.20 allow context-dependent attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted audio file (CVE-2009-4835). Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4835 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: c93c7c7068d000b91eae61a8c09229c9 2008.0/i586/libsndfile1-1.0.18-0.pre20.0.2mdv2008.0.i586.rpm 76dfe39ea12d4a7dfeadb2ec3a844cc4 2008.0/i586/libsndfile-devel-1.0.18-0.pre20.0.2mdv2008.0.i586.rpm acf42bb8cd11016a44cb395ace8e99c1 2008.0/i586/libsndfile-progs-1.0.18-0.pre20.0.2mdv2008.0.i586.rpm 944dda961426efd66bd5a2546da06f44 2008.0/i586/libsndfile-static-devel-1.0.18-0.pre20.0.2mdv2008.0.i586.rpm f5500769668619ffe40b24db7fc4d3fd 2008.0/SRPMS/libsndfile-1.0.18-0.pre20.0.2mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 7d180d971b3da58cb75361372651f3e3 2008.0/x86_64/lib64sndfile1-1.0.18-0.pre20.0.2mdv2008.0.x86_64.rpm 21afa308fd9532d4d9e6b3fd81544a7d 2008.0/x86_64/lib64sndfile-devel-1.0.18-0.pre20.0.2mdv2008.0.x86_64.rpm 0b3ceb2670f62127f92884b3f5c2e134 2008.0/x86_64/lib64sndfile-static-devel-1.0.18-0.pre20.0.2mdv2008.0.x86_64.rpm c7bbba6a5f2b6d3540fb6b22400f5897 2008.0/x86_64/libsndfile-progs-1.0.18-0.pre20.0.2mdv2008.0.x86_64.rpm f5500769668619ffe40b24db7fc4d3fd 2008.0/SRPMS/libsndfile-1.0.18-0.pre20.0.2mdv2008.0.src.rpm Mandriva Linux 2009.0: 56645881aeec875d661a072abe86c48b 2009.0/i586/libsndfile1-1.0.18-2.pre22.1.3mdv2009.0.i586.rpm 08be4bc8a20fd892d43eddd352d2e5e5 2009.0/i586/libsndfile-devel-1.0.18-2.pre22.1.3mdv2009.0.i586.rpm c11393e67f6527e6ff6e4003cef263ec 2009.0/i586/libsndfile-progs-1.0.18-2.pre22.1.3mdv2009.0.i586.rpm 3621901a1665cab19f5edcf276f49982 2009.0/i586/libsndfile-static-devel-1.0.18-2.pre22.1.3mdv2009.0.i586.rpm 76b4d09a0602f488c38eca666dd7e28b 2009.0/SRPMS/libsndfile-1.0.18-2.pre22.1.3mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: fc887d2f087fb70702294dba17722575 2009.0/x86_64/lib64sndfile1-1.0.18-2.pre22.1.3mdv2009.0.x86_64.rpm 6baee87b88f90e245f272e8408e13b52 2009.0/x86_64/lib64sndfile-devel-1.0.18-2.pre22.1.3mdv2009.0.x86_64.rpm f8e665f9d1d193b0d8370873d7835579 2009.0/x86_64/lib64sndfile-static-devel-1.0.18-2.pre22.1.3mdv2009.0.x86_64.rpm e6a01db2f7248dabc8284b786bb041d9 2009.0/x86_64/libsndfile-progs-1.0.18-2.pre22.1.3mdv2009.0.x86_64.rpm 76b4d09a0602f488c38eca666dd7e28b 2009.0/SRPMS/libsndfile-1.0.18-2.pre22.1.3mdv2009.0.src.rpm Mandriva Linux 2009.1: ec8b2916fa28d7248d84d37211b3414e 2009.1/i586/libsndfile1-1.0.19-1.2mdv2009.1.i586.rpm b505744ecf8dc0aea55b15136314cb59 2009.1/i586/libsndfile-devel-1.0.19-1.2mdv2009.1.i586.rpm da9d2c8885a8f8e376209b658065bd1f 2009.1/i586/libsndfile-progs-1.0.19-1.2mdv2009.1.i586.rpm 8fa4827a35d0b33f0c7c22ceb088335f 2009.1/i586/libsndfile-static-devel-1.0.19-1.2mdv2009.1.i586.rpm e22990103ad877308ba7c037c0e04ba5 2009.1/SRPMS/libsndfile-1.0.19-1.2mdv2009.1.src.rpm Mandriva Linux 2009.1/X86_64: 24a7f6e860fd6490befaa82ce1c61b80 2009.1/x86_64/lib64sndfile1-1.0.19-1.2mdv2009.1.x86_64.rpm f5d77b1c1f83f546b6941c68acd29e4b 2009.1/x86_64/lib64sndfile-devel-1.0.19-1.2mdv2009.1.x86_64.rpm 7b3d9f592ce56fb286847e20bdcb7160 2009.1/x86_64/lib64sndfile-static-devel-1.0.19-1.2mdv2009.1.x86_64.rpm 3b48c5088456b87d8ece99a3000a90ff 2009.1/x86_64/libsndfile-progs-1.0.19-1.2mdv2009.1.x86_64.rpm e22990103ad877308ba7c037c0e04ba5 2009.1/SRPMS/libsndfile-1.0.19-1.2mdv2009.1.src.rpm Mandriva Linux 2010.0: e4487bf36980b6f5d816d8e952204a59 2010.0/i586/libsndfile1-1.0.20-4.2mdv2010.0.i586.rpm b7be27c71f023054b16ecb4acd8e4273 2010.0/i586/libsndfile-devel-1.0.20-4.2mdv2010.0.i586.rpm 238e99e278c704ebcf498f72f1413fac 2010.0/i586/libsndfile-progs-1.0.20-4.2mdv2010.0.i586.rpm 6c165c55ce51484e8e032e2d573e21a5 2010.0/i586/libsndfile-static-devel-1.0.20-4.2mdv2010.0.i586.rpm 67ceb70c109f022fa1d78c62d6565062 2010.0/SRPMS/libsndfile-1.0.20-4.2mdv2010.0.src.rpm Mandriva Linux 2010.0/X86_64: 89e5aa298807cb03527865ef9d33f3e2 2010.0/x86_64/lib64sndfile1-1.0.20-4.2mdv2010.0.x86_64.rpm db24021666e8f09882089977f079cb29 2010.0/x86_64/lib64sndfile-devel-1.0.20-4.2mdv2010.0.x86_64.rpm d42de597d70171cc2088e63cedead400 2010.0/x86_64/lib64sndfile-static-devel-1.0.20-4.2mdv2010.0.x86_64.rpm 09914c069e9a80d87aebd0b54f0509e7 2010.0/x86_64/libsndfile-progs-1.0.20-4.2mdv2010.0.x86_64.rpm 67ceb70c109f022fa1d78c62d6565062 2010.0/SRPMS/libsndfile-1.0.20-4.2mdv2010.0.src.rpm Corporate 4.0: bfe3861366791b73d04442bfaf3bb299 corporate/4.0/i586/libsndfile1-1.0.11-1.2.20060mlcs4.i586.rpm 766afa1f2e9b1c5ddaaa87396e47eea5 corporate/4.0/i586/libsndfile1-devel-1.0.11-1.2.20060mlcs4.i586.rpm dc44890f00939116eb1dd49b8a39629b corporate/4.0/i586/libsndfile1-static-devel-1.0.11-1.2.20060mlcs4.i586.rpm 897269d1d95a3366e8d0aabaf73eaedb corporate/4.0/i586/libsndfile-progs-1.0.11-1.2.20060mlcs4.i586.rpm 1e98b4c0787cf32285f2997aa0373123 corporate/4.0/SRPMS/libsndfile-1.0.11-1.2.20060mlcs4.src.rpm Corporate 4.0/X86_64: 3a2d9401bee2ff5bac422096fb8eda0e corporate/4.0/x86_64/lib64sndfile1-1.0.11-1.2.20060mlcs4.x86_64.rpm 5fbb7cd92538e1f407d9aefe3e4cc668 corporate/4.0/x86_64/lib64sndfile1-devel-1.0.11-1.2.20060mlcs4.x86_64.rpm 21669c84457981cdff0f0be56680d37d corporate/4.0/x86_64/lib64sndfile1-static-devel-1.0.11-1.2.20060mlcs4.x86_64.rpm 7ba9b23784dbfa1ddaed83b8eb6c4863 corporate/4.0/x86_64/libsndfile-progs-1.0.11-1.2.20060mlcs4.x86_64.rpm 1e98b4c0787cf32285f2997aa0373123 corporate/4.0/SRPMS/libsndfile-1.0.11-1.2.20060mlcs4.src.rpm Mandriva Enterprise Server 5: 929b5b97e3bdc675bd666f7e1ed4a60b mes5/i586/libsndfile1-1.0.18-2.pre22.1.3mdvmes5.1.i586.rpm e61a30e23d0545bb8d394752bd1d190b mes5/i586/libsndfile-devel-1.0.18-2.pre22.1.3mdvmes5.1.i586.rpm e8ea7611cafba70eac91c906398c5c38 mes5/i586/libsndfile-progs-1.0.18-2.pre22.1.3mdvmes5.1.i586.rpm 5d059ce533df68af64e2210451fa216b mes5/i586/libsndfile-static-devel-1.0.18-2.pre22.1.3mdvmes5.1.i586.rpm a448b801cd00084c0f4885d83151f955 mes5/SRPMS/libsndfile-1.0.18-2.pre22.1.3mdvmes5.1.src.rpm Mandriva Enterprise Server 5/X86_64: b4e951fcfe36471ad9436946a666fb41 mes5/x86_64/lib64sndfile1-1.0.18-2.pre22.1.3mdvmes5.1.x86_64.rpm 7e2d2be2dfcc45f208bd8cf45044840a mes5/x86_64/lib64sndfile-devel-1.0.18-2.pre22.1.3mdvmes5.1.x86_64.rpm e6a17ad85bbc310829f397d356141907 mes5/x86_64/lib64sndfile-static-devel-1.0.18-2.pre22.1.3mdvmes5.1.x86_64.rpm 9df33998c6f1e98bfd332017d63bf7f4 mes5/x86_64/libsndfile-progs-1.0.18-2.pre22.1.3mdvmes5.1.x86_64.rpm a448b801cd00084c0f4885d83151f955 mes5/SRPMS/libsndfile-1.0.18-2.pre22.1.3mdvmes5.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFMZp/6mqjQ0CJFipgRAjnSAKCHTDHadN251FTgvIRl3M1oKhwr9QCgmvG2 gM2hiAd4TnytIP50VIUzIvc= =f6dB -----END PGP SIGNATURE-----
