Package name
snack
Date
2013-04-10
Advisory ID
MDVSA-2013:126
Affected versions
MBS1 x86_64

Problem description

Updated snack packages fix security vulnerability:

Two vulnerabilities have been discovered in Snack Sound Toolkit,
which are caused due to missing boundary checks in the GetWavHeader()
function (generic/jkSoundFile.c) when parsing either format sub-chunks
or unknown sub-chunks. This can be exploited to cause a heap-based
buffer overflow via specially crafted WAV files with overly large
chunk sizes specified (CVE-2012-6303).

Updated packages

MBS1 x86_64

 cc5a34a07194a2d4f226de5b7f336c8c  mbs1/x86_64/python-snack-2.2.10-11.1.mbs1.x86_64.rpm
 6c10508707c1370f2ba84756c912e83b  mbs1/x86_64/tcl-snack-2.2.10-11.1.mbs1.x86_64.rpm 
 834f2117e1251aa60d1aa7d8f95b2cec  mbs1/SRPMS/snack-2.2.10-11.1.mbs1.src.rpm

References