exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2011-119

Mandriva Linux Security Advisory 2011-119
Posted Jul 25, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-119 - An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the libsndfile library processed certain Ensoniq PARIS Audio Format audio files. An attacker could create a specially-crafted PAF file that, when opened, could cause an application using libsndfile to crash or, potentially, execute arbitrary code with the privileges of the user running the application.

tags | advisory, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2011-2696
SHA-256 | f4d92c8716e0f50d58737fbae451fe31de12be5ea09eaecb84a3ce88e907f530

Mandriva Linux Security Advisory 2011-119

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2011:119
http://www.mandriva.com/security/
_______________________________________________________________________

Package : libsndfile
Date : July 25, 2011
Affected: 2009.0, 2010.1, Corporate 4.0, Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

A vulnerability was discovered and corrected in libsndfile:

An integer overflow flaw, leading to a heap-based buffer overflow,
was found in the way the libsndfile library processed certain
Ensoniq PARIS Audio Format (PAF) audio files. An attacker could
create a specially-crafted PAF file that, when opened, could cause
an application using libsndfile to crash or, potentially, execute
arbitrary code with the privileges of the user running the application
(CVE-2011-2696).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been patched to correct this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2696
http://secunia.com/advisories/45125/
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2009.0:
9383f6bd15e67d66d3319481274f242c 2009.0/i586/libsndfile1-1.0.18-2.pre22.1.4mdv2009.0.i586.rpm
683841acd0bd1f397a97f7f915922c53 2009.0/i586/libsndfile-devel-1.0.18-2.pre22.1.4mdv2009.0.i586.rpm
5e13dd7bad7f21406bea942ef09e5747 2009.0/i586/libsndfile-progs-1.0.18-2.pre22.1.4mdv2009.0.i586.rpm
35e9a17c4d60f91d26280b7777e4c083 2009.0/i586/libsndfile-static-devel-1.0.18-2.pre22.1.4mdv2009.0.i586.rpm
9ff14b6a740e38689cf287a8e16a4dae 2009.0/SRPMS/libsndfile-1.0.18-2.pre22.1.4mdv2009.0.src.rpm

Mandriva Linux 2009.0/X86_64:
cf2a832f9bfd9859d93195793a5aad10 2009.0/x86_64/lib64sndfile1-1.0.18-2.pre22.1.4mdv2009.0.x86_64.rpm
8aedf342e07affdad07c15644795713b 2009.0/x86_64/lib64sndfile-devel-1.0.18-2.pre22.1.4mdv2009.0.x86_64.rpm
a6e1626f7392b9749578eff6e84a274b 2009.0/x86_64/lib64sndfile-static-devel-1.0.18-2.pre22.1.4mdv2009.0.x86_64.rpm
f68bcf560ba264813eebb8f0ff782baa 2009.0/x86_64/libsndfile-progs-1.0.18-2.pre22.1.4mdv2009.0.x86_64.rpm
9ff14b6a740e38689cf287a8e16a4dae 2009.0/SRPMS/libsndfile-1.0.18-2.pre22.1.4mdv2009.0.src.rpm

Mandriva Linux 2010.1:
fb657db5943e2dc482f5cfd263066d5e 2010.1/i586/libsndfile1-1.0.21-2.1mdv2010.2.i586.rpm
1c09960b6a09abb942892e52a3ab29af 2010.1/i586/libsndfile-devel-1.0.21-2.1mdv2010.2.i586.rpm
f3f41c43d977c6002fce9412ce9cf830 2010.1/i586/libsndfile-progs-1.0.21-2.1mdv2010.2.i586.rpm
e4fe76880b0a4deabc797a7871806baf 2010.1/i586/libsndfile-static-devel-1.0.21-2.1mdv2010.2.i586.rpm
0ead7914eda8fa83bfa99e3e05be29ce 2010.1/SRPMS/libsndfile-1.0.21-2.1mdv2010.2.src.rpm

Mandriva Linux 2010.1/X86_64:
05dc31ed72e63ac04fc5d69067369c93 2010.1/x86_64/lib64sndfile1-1.0.21-2.1mdv2010.2.x86_64.rpm
1dc1ce52163ea91aa5b2ad3635217635 2010.1/x86_64/lib64sndfile-devel-1.0.21-2.1mdv2010.2.x86_64.rpm
770ce057d9c276f15a10715782355fff 2010.1/x86_64/lib64sndfile-static-devel-1.0.21-2.1mdv2010.2.x86_64.rpm
bb1039622949ecc92974f9b1ca9a275b 2010.1/x86_64/libsndfile-progs-1.0.21-2.1mdv2010.2.x86_64.rpm
0ead7914eda8fa83bfa99e3e05be29ce 2010.1/SRPMS/libsndfile-1.0.21-2.1mdv2010.2.src.rpm

Corporate 4.0:
0878ddfb767aaaccbac23948f78ddea1 corporate/4.0/i586/libsndfile1-1.0.11-1.3.20060mlcs4.i586.rpm
dcf983bfa07ca4f6d4391f80cb645f5e corporate/4.0/i586/libsndfile1-devel-1.0.11-1.3.20060mlcs4.i586.rpm
4f99c74a97354beed0443ea11dd1629a corporate/4.0/i586/libsndfile1-static-devel-1.0.11-1.3.20060mlcs4.i586.rpm
34fa74c7ea214834e9d0575db01a8f40 corporate/4.0/i586/libsndfile-progs-1.0.11-1.3.20060mlcs4.i586.rpm
fa0424c0e169e1614666d7736756b031 corporate/4.0/SRPMS/libsndfile-1.0.11-1.3.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
087a22aa5bc3c5b4ea42d3ee53d047b2 corporate/4.0/x86_64/lib64sndfile1-1.0.11-1.3.20060mlcs4.x86_64.rpm
4bb229456d4f0c791a7528c9cb49bbb7 corporate/4.0/x86_64/lib64sndfile1-devel-1.0.11-1.3.20060mlcs4.x86_64.rpm
8871bdf19b7a8a3ab8a7fd567b6e5770 corporate/4.0/x86_64/lib64sndfile1-static-devel-1.0.11-1.3.20060mlcs4.x86_64.rpm
d203a707cbaba0d40735dfee35f45337 corporate/4.0/x86_64/libsndfile-progs-1.0.11-1.3.20060mlcs4.x86_64.rpm
fa0424c0e169e1614666d7736756b031 corporate/4.0/SRPMS/libsndfile-1.0.11-1.3.20060mlcs4.src.rpm

Mandriva Enterprise Server 5:
dffc2b02d4a2170064283ab09d22425d mes5/i586/libsndfile1-1.0.18-2.pre22.1.4mdvmes5.2.i586.rpm
a1637a2915f1a3d2f0152f008cecfc70 mes5/i586/libsndfile-devel-1.0.18-2.pre22.1.4mdvmes5.2.i586.rpm
b85d2b9dc8b497da15696f559c14c1c5 mes5/i586/libsndfile-progs-1.0.18-2.pre22.1.4mdvmes5.2.i586.rpm
b5f58e41a413fd79fe280c59ea35cc3b mes5/i586/libsndfile-static-devel-1.0.18-2.pre22.1.4mdvmes5.2.i586.rpm
ea4edf4a49507b9d52b38ade640afebf mes5/SRPMS/libsndfile-1.0.18-2.pre22.1.4mdvmes5.2.src.rpm

Mandriva Enterprise Server 5/X86_64:
b41d97a1fffb62568532d19479967616 mes5/x86_64/lib64sndfile1-1.0.18-2.pre22.1.4mdvmes5.2.x86_64.rpm
336081aa960401cbc63cee0cc9b979c4 mes5/x86_64/lib64sndfile-devel-1.0.18-2.pre22.1.4mdvmes5.2.x86_64.rpm
5286d2f3580b3e01c554da2fe727a3ee mes5/x86_64/lib64sndfile-static-devel-1.0.18-2.pre22.1.4mdvmes5.2.x86_64.rpm
089e4c44779b913bca93b4b3c35ea2ab mes5/x86_64/libsndfile-progs-1.0.18-2.pre22.1.4mdvmes5.2.x86_64.rpm
ea4edf4a49507b9d52b38ade640afebf mes5/SRPMS/libsndfile-1.0.18-2.pre22.1.4mdvmes5.2.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFOLU+wmqjQ0CJFipgRApqdAKDP+TE3JfCP9LgI5wmZJl+eRMaBOwCgoGF6
aIqvPfLcHXFxS1PD1/x8Zxs=
=nMEX
-----END PGP SIGNATURE-----

Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close