MDVSA-2009:132
- Package name
- libsndfile
- Date
- 2009-06-07
- Advisory ID
- MDVSA-2009:132
- Affected versions
- 2009.0 x86_64 , CS4.0 x86_64 , 2009.1 i586 , 2009.0 i586 , 2008.1 i586 , CS3.0 x86_64 , CS4.0 i586 , CS3.0 i586 , 2008.1 x86_64 , 2009.1 x86_64
Problem description
Multiple vulnerabilities has been found and corrected in libsndfile:
Heap-based buffer overflow in voc_read_header in libsndfile 1.0.15
through 1.0.19, as used in Winamp 5.552 and possibly other media
programs, allows remote attackers to cause a denial of service
(application crash) and possibly execute arbitrary code via a VOC
file with an invalid header value (CVE-2009-1788).
Heap-based buffer overflow in aiff_read_header in libsndfile 1.0.15
through 1.0.19, as used in Winamp 5.552 and possibly other media
programs, allows remote attackers to cause a denial of service
(application crash) and possibly execute arbitrary code via an AIFF
file with an invalid header value (CVE-2009-1791).
This update provides fixes for these vulnerabilities.
Updated packages
2009.0 x86_64
6fc6279c15b54e22c23c4a4a1ea055a0 2009.0/x86_64/lib64sndfile1-1.0.18-2.pre22.1.2mdv2009.0.x86_64.rpm 572f0991372826b65a0605694cde1b43 2009.0/x86_64/lib64sndfile-devel-1.0.18-2.pre22.1.2mdv2009.0.x86_64.rpm b184642bfb17c160da33c44eaf288deb 2009.0/x86_64/lib64sndfile-static-devel-1.0.18-2.pre22.1.2mdv2009.0.x86_64.rpm a8eb61b1d24bd4390a72de7c2767e78d 2009.0/x86_64/libsndfile-progs-1.0.18-2.pre22.1.2mdv2009.0.x86_64.rpm c444d98f0ffdad126dafc51a58cdc81f 2009.0/SRPMS/libsndfile-1.0.18-2.pre22.1.2mdv2009.0.src.rpm
CS4.0 x86_64
95da0be2ca10d4aedba59098c7de13f3 corporate/4.0/x86_64/lib64sndfile1-1.0.11-1.1.20060mlcs4.x86_64.rpm 2a9c964b442552efd9759653f0bcbc77 corporate/4.0/x86_64/lib64sndfile1-devel-1.0.11-1.1.20060mlcs4.x86_64.rpm edbc77703f3170e49c02086931429d80 corporate/4.0/x86_64/lib64sndfile1-static-devel-1.0.11-1.1.20060mlcs4.x86_64.rpm 7fda385d55c1079a8280c9937a98f84e corporate/4.0/x86_64/libsndfile-progs-1.0.11-1.1.20060mlcs4.x86_64.rpm 13185887dbb05ae457218dbab126ba61 corporate/4.0/SRPMS/libsndfile-1.0.11-1.1.20060mlcs4.src.rpm
2009.1 i586
89b4e3e227f6707669f91189294af292 2009.1/i586/libsndfile1-1.0.19-1.1mdv2009.1.i586.rpm a31e77b54e28effbe5a6b19869112f28 2009.1/i586/libsndfile-devel-1.0.19-1.1mdv2009.1.i586.rpm df23c2bebe552c1ef9a4516daa5a5bef 2009.1/i586/libsndfile-progs-1.0.19-1.1mdv2009.1.i586.rpm 9bffa66c3ccb14aba57e8161960a6b05 2009.1/i586/libsndfile-static-devel-1.0.19-1.1mdv2009.1.i586.rpm a55dd246457aea313d82f70332c8f36b 2009.1/SRPMS/libsndfile-1.0.19-1.1mdv2009.1.src.rpm
2009.0 i586
3a2368ee951b221c5d69c2c6b7d6a48c 2009.0/i586/libsndfile1-1.0.18-2.pre22.1.2mdv2009.0.i586.rpm 0f12874d6a5fde2f1af5c1df0d6a1c16 2009.0/i586/libsndfile-devel-1.0.18-2.pre22.1.2mdv2009.0.i586.rpm 98213ebaed97f0a2e6d49e79fe5ff76e 2009.0/i586/libsndfile-progs-1.0.18-2.pre22.1.2mdv2009.0.i586.rpm 42229b20ae9a0f49e9924dad505116b3 2009.0/i586/libsndfile-static-devel-1.0.18-2.pre22.1.2mdv2009.0.i586.rpm c444d98f0ffdad126dafc51a58cdc81f 2009.0/SRPMS/libsndfile-1.0.18-2.pre22.1.2mdv2009.0.src.rpm
2008.1 i586
701da939ef75bb44c6a88091991405f9 2008.1/i586/libsndfile1-1.0.18-1.pre20.1.2mdv2008.1.i586.rpm ece4f97fbe7d228e6a68ec2fcfc962a7 2008.1/i586/libsndfile-devel-1.0.18-1.pre20.1.2mdv2008.1.i586.rpm e53e91c170e4e7533939e991bd7e6986 2008.1/i586/libsndfile-progs-1.0.18-1.pre20.1.2mdv2008.1.i586.rpm 99d764b015825c5773e522e244deeecc 2008.1/i586/libsndfile-static-devel-1.0.18-1.pre20.1.2mdv2008.1.i586.rpm 516da728e6ec820abe69840d20e81132 2008.1/SRPMS/libsndfile-1.0.18-1.pre20.1.2mdv2008.1.src.rpm
CS3.0 x86_64
ff7314675c98acd10988512d061bc08b corporate/3.0/x86_64/lib64sndfile1-1.0.5-4.1.C30mdk.x86_64.rpm e4504c8f36f99b89a50a098494c42648 corporate/3.0/x86_64/lib64sndfile1-devel-1.0.5-4.1.C30mdk.x86_64.rpm 647d44fc6c873ee4edd2073a9eb31a27 corporate/3.0/x86_64/lib64sndfile1-static-devel-1.0.5-4.1.C30mdk.x86_64.rpm 883283f7ead7833a682a5b378e597473 corporate/3.0/x86_64/libsndfile-progs-1.0.5-4.1.C30mdk.x86_64.rpm 91eef247c8bb071839cab8b2e72da048 corporate/3.0/SRPMS/libsndfile-1.0.5-4.1.C30mdk.src.rpm
CS4.0 i586
e37710f568c24ac630e808824be2bcb7 corporate/4.0/i586/libsndfile1-1.0.11-1.1.20060mlcs4.i586.rpm 6edfa31978c0507fec3e6c7196b8eb90 corporate/4.0/i586/libsndfile1-devel-1.0.11-1.1.20060mlcs4.i586.rpm 164bf5a93311aba0c28881ff1e16aff7 corporate/4.0/i586/libsndfile1-static-devel-1.0.11-1.1.20060mlcs4.i586.rpm b4d2bca7afe885d18cedfbf984199437 corporate/4.0/i586/libsndfile-progs-1.0.11-1.1.20060mlcs4.i586.rpm 13185887dbb05ae457218dbab126ba61 corporate/4.0/SRPMS/libsndfile-1.0.11-1.1.20060mlcs4.src.rpm
CS3.0 i586
60bdde82db8a5c84f89b04b918f1754b corporate/3.0/i586/libsndfile1-1.0.5-4.1.C30mdk.i586.rpm d806f60be51bf593ea9e0b3229767d8c corporate/3.0/i586/libsndfile1-devel-1.0.5-4.1.C30mdk.i586.rpm 1d0da98153c7586db0f9b33f2697d1a2 corporate/3.0/i586/libsndfile1-static-devel-1.0.5-4.1.C30mdk.i586.rpm 5eab2abf9a9efd63b3b330c530ba871a corporate/3.0/i586/libsndfile-progs-1.0.5-4.1.C30mdk.i586.rpm 91eef247c8bb071839cab8b2e72da048 corporate/3.0/SRPMS/libsndfile-1.0.5-4.1.C30mdk.src.rpm
2008.1 x86_64
6442e6ffb57e298b00ec31bcedb942c6 2008.1/x86_64/lib64sndfile1-1.0.18-1.pre20.1.2mdv2008.1.x86_64.rpm 333380f9a0efa811dc8596bacf924454 2008.1/x86_64/lib64sndfile-devel-1.0.18-1.pre20.1.2mdv2008.1.x86_64.rpm 0124fa53ba30401ea0c3226efe64f6c0 2008.1/x86_64/lib64sndfile-static-devel-1.0.18-1.pre20.1.2mdv2008.1.x86_64.rpm 0ff17e4b621107b779c6e1bc13d22d1a 2008.1/x86_64/libsndfile-progs-1.0.18-1.pre20.1.2mdv2008.1.x86_64.rpm 516da728e6ec820abe69840d20e81132 2008.1/SRPMS/libsndfile-1.0.18-1.pre20.1.2mdv2008.1.src.rpm
2009.1 x86_64
3d4170e84aea8f0c32c59c818c9c7280 2009.1/x86_64/lib64sndfile1-1.0.19-1.1mdv2009.1.x86_64.rpm 17fe0c03e79959feb26e4e4448456af1 2009.1/x86_64/lib64sndfile-devel-1.0.19-1.1mdv2009.1.x86_64.rpm 072e67a45dbb68b23935b3806fa0a602 2009.1/x86_64/lib64sndfile-static-devel-1.0.19-1.1mdv2009.1.x86_64.rpm 956bf413c247969d743327c343b1c14c 2009.1/x86_64/libsndfile-progs-1.0.19-1.1mdv2009.1.x86_64.rpm a55dd246457aea313d82f70332c8f36b 2009.1/SRPMS/libsndfile-1.0.19-1.1mdv2009.1.src.rpm