Package name
audacity
Date
2009-02-25
Advisory ID
MDVSA-2009:055
Affected versions
2009.0 x86_64 , 2008.0 i586 , 2009.0 i586 , CS3.0 x86_64 , 2008.0 x86_64 , CS3.0 i586 , 2008.1 x86_64 , 2008.1 i586

Problem description

A vulnerability has been identified and corrected in audacity:

Stack-based buffer overflow in the String_parse::get_nonspace_quoted
function in lib-src/allegro/strparse.cpp in Audacity 1.2.6 and other
versions before 1.3.6 allows remote attackers to cause a denial of
service (crash) and possibly execute arbitrary code via a .gro file
containing a long string (CVE-2009-0490).

The updated packages have been patched to prevent this.

Updated packages

2009.0 x86_64

 7cbad35b2e618c6c23dfa65e3921b04b  2009.0/x86_64/audacity-1.3.5-3.1mdv2009.0.x86_64.rpm 
 fe5863c70275c59e6013ad7b1f608aa4  2009.0/SRPMS/audacity-1.3.5-3.1mdv2009.0.src.rpm

2008.0 i586

 25ca1ccf01ee1a356fa5814adf4fd0c4  2008.0/i586/audacity-1.3.3-1.2mdv2008.0.i586.rpm 
 1878d30fc6b986b0f0c77148682305e7  2008.0/SRPMS/audacity-1.3.3-1.2mdv2008.0.src.rpm

2009.0 i586

 9afc58755559aedddc72d06942d419d7  2009.0/i586/audacity-1.3.5-3.1mdv2009.0.i586.rpm 
 fe5863c70275c59e6013ad7b1f608aa4  2009.0/SRPMS/audacity-1.3.5-3.1mdv2009.0.src.rpm

CS3.0 x86_64

 ec8b562cc728084b80262275ecd585df  corporate/3.0/x86_64/audacity-1.2.0-1.2.C30mdk.x86_64.rpm 
 39069c92f797b62d042c2e66af1eeaa0  corporate/3.0/SRPMS/audacity-1.2.0-1.2.C30mdk.src.rpm

2008.0 x86_64

 daaad469ca8e0677806252e565d87982  2008.0/x86_64/audacity-1.3.3-1.2mdv2008.0.x86_64.rpm 
 1878d30fc6b986b0f0c77148682305e7  2008.0/SRPMS/audacity-1.3.3-1.2mdv2008.0.src.rpm

CS3.0 i586

 96055ded4f5c3648e6253e2297ffa3e3  corporate/3.0/i586/audacity-1.2.0-1.2.C30mdk.i586.rpm 
 39069c92f797b62d042c2e66af1eeaa0  corporate/3.0/SRPMS/audacity-1.2.0-1.2.C30mdk.src.rpm

2008.1 x86_64

 064672f5045674f7d32a45ca6b5cd842  2008.1/x86_64/audacity-1.3.4-7.2mdv2008.1.x86_64.rpm 
 2723bdc516e43dd2ec79ec4771445dfe  2008.1/SRPMS/audacity-1.3.4-7.2mdv2008.1.src.rpm

2008.1 i586

 65f0721d62a17e29551c64e8f40b7856  2008.1/i586/audacity-1.3.4-7.2mdv2008.1.i586.rpm 
 2723bdc516e43dd2ec79ec4771445dfe  2008.1/SRPMS/audacity-1.3.4-7.2mdv2008.1.src.rpm

References