Mandrake Local Security Checks : Mandrake Security Advisory MDVSA-2009:132 (libsndfile)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.64183

Kategorie: Mandrake Local Security Checks

Titel: Mandrake Security Advisory MDVSA-2009:132 (libsndfile)

Zusammenfassung: The remote host is missing an update to libsndfile;announced via advisory MDVSA-2009:132.

Beschreibung: Summary:
The remote host is missing an update to libsndfile
announced via advisory MDVSA-2009:132.

Vulnerability Insight:
Multiple vulnerabilities has been found and corrected in libsndfile:

Heap-based buffer overflow in voc_read_header in libsndfile 1.0.15
through 1.0.19, as used in Winamp 5.552 and possibly other media
programs, allows remote attackers to cause a denial of service
(application crash) and possibly execute arbitrary code via a VOC
file with an invalid header value (CVE-2009-1788).

Heap-based buffer overflow in aiff_read_header in libsndfile 1.0.15
through 1.0.19, as used in Winamp 5.552 and possibly other media
programs, allows remote attackers to cause a denial of service
(application crash) and possibly execute arbitrary code via an AIFF
file with an invalid header value (CVE-2009-1791).

This update provides fixes for these vulnerabilities.

Affected: 2008.1, 2009.0, 2009.1, Corporate 3.0, Corporate 4.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2009-1788
BugTraq ID: 34978
http://www.securityfocus.com/bid/34978
Debian Security Information: DSA-1814 (Google Search)
http://www.debian.org/security/2009/dsa-1814
http://security.gentoo.org/glsa/glsa-200905-09.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2009:132
http://trapkit.de/advisories/TKADV2009-006.txt
http://secunia.com/advisories/35076
http://secunia.com/advisories/35126
http://secunia.com/advisories/35247
http://secunia.com/advisories/35443
http://www.vupen.com/english/advisories/2009/1324
http://www.vupen.com/english/advisories/2009/1348
XForce ISS Database: libsndfile-aiff-voc-bo(50541)
https://exchange.xforce.ibmcloud.com/vulnerabilities/50541
XForce ISS Database: libsndfile-voc-bo(50827)
https://exchange.xforce.ibmcloud.com/vulnerabilities/50827
Common Vulnerability Exposure (CVE) ID: CVE-2009-1791

Copyright Copyright (C) 2009 E-Soft Inc.

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.64183
Kategorie:	Mandrake Local Security Checks
Titel:	Mandrake Security Advisory MDVSA-2009:132 (libsndfile)
Zusammenfassung:	The remote host is missing an update to libsndfile;announced via advisory MDVSA-2009:132.
Beschreibung:	Summary: The remote host is missing an update to libsndfile announced via advisory MDVSA-2009:132. Vulnerability Insight: Multiple vulnerabilities has been found and corrected in libsndfile: Heap-based buffer overflow in voc_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a VOC file with an invalid header value (CVE-2009-1788). Heap-based buffer overflow in aiff_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an AIFF file with an invalid header value (CVE-2009-1791). This update provides fixes for these vulnerabilities. Affected: 2008.1, 2009.0, 2009.1, Corporate 3.0, Corporate 4.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2009-1788 BugTraq ID: 34978 http://www.securityfocus.com/bid/34978 Debian Security Information: DSA-1814 (Google Search) http://www.debian.org/security/2009/dsa-1814 http://security.gentoo.org/glsa/glsa-200905-09.xml http://www.mandriva.com/security/advisories?name=MDVSA-2009:132 http://trapkit.de/advisories/TKADV2009-006.txt http://secunia.com/advisories/35076 http://secunia.com/advisories/35126 http://secunia.com/advisories/35247 http://secunia.com/advisories/35443 http://www.vupen.com/english/advisories/2009/1324 http://www.vupen.com/english/advisories/2009/1348 XForce ISS Database: libsndfile-aiff-voc-bo(50541) https://exchange.xforce.ibmcloud.com/vulnerabilities/50541 XForce ISS Database: libsndfile-voc-bo(50827) https://exchange.xforce.ibmcloud.com/vulnerabilities/50827 Common Vulnerability Exposure (CVE) ID: CVE-2009-1791
Copyright	Copyright (C) 2009 E-Soft Inc.