Package name
libsndfile
Date
2009-12-03
Advisory ID
MDVSA-2009:132-1
Affected versions
2008.0 i586 , 2008.0 x86_64

Problem description

Multiple vulnerabilities has been found and corrected in libsndfile:

Heap-based buffer overflow in voc_read_header in libsndfile 1.0.15
through 1.0.19, as used in Winamp 5.552 and possibly other media
programs, allows remote attackers to cause a denial of service
(application crash) and possibly execute arbitrary code via a VOC
file with an invalid header value (CVE-2009-1788).

Heap-based buffer overflow in aiff_read_header in libsndfile 1.0.15
through 1.0.19, as used in Winamp 5.552 and possibly other media
programs, allows remote attackers to cause a denial of service
(application crash) and possibly execute arbitrary code via an AIFF
file with an invalid header value (CVE-2009-1791).

This update provides fixes for these vulnerabilities.

Update:

Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers

Updated packages

2008.0 i586

 ea472db88b618bee93d7f3ab1f8ab9b4  2008.0/i586/libsndfile1-1.0.18-0.pre20.0.1mdv2008.0.i586.rpm
 3e7fb05e87d69989223f20c5a9aae811  2008.0/i586/libsndfile-devel-1.0.18-0.pre20.0.1mdv2008.0.i586.rpm
 9bce8a72068db657b5027c88bc256f37  2008.0/i586/libsndfile-progs-1.0.18-0.pre20.0.1mdv2008.0.i586.rpm
 270c48e98c2ce89f2449f0be3d9dbad1  2008.0/i586/libsndfile-static-devel-1.0.18-0.pre20.0.1mdv2008.0.i586.rpm 
 2e269eb125174d1cbb2441a30f484408  2008.0/SRPMS/libsndfile-1.0.18-0.pre20.0.1mdv2008.0.src.rpm

2008.0 x86_64

 9b4bdc3d55214078d297ad89122c567f  2008.0/x86_64/lib64sndfile1-1.0.18-0.pre20.0.1mdv2008.0.x86_64.rpm
 f251a5402b23fce61b9e90e7db24aa29  2008.0/x86_64/lib64sndfile-devel-1.0.18-0.pre20.0.1mdv2008.0.x86_64.rpm
 f1a6a61239498b667ed594bddee1e00b  2008.0/x86_64/lib64sndfile-static-devel-1.0.18-0.pre20.0.1mdv2008.0.x86_64.rpm
 8525f4f8f5bb8455f86cc23abaa40612  2008.0/x86_64/libsndfile-progs-1.0.18-0.pre20.0.1mdv2008.0.x86_64.rpm 
 2e269eb125174d1cbb2441a30f484408  2008.0/SRPMS/libsndfile-1.0.18-0.pre20.0.1mdv2008.0.src.rpm

References