Mandrake Local Security Checks : Mandriva Security Advisory MDVSA-2009:132-1 (libsndfile)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.66372

Categoría: Mandrake Local Security Checks

Título: Mandriva Security Advisory MDVSA-2009:132-1 (libsndfile)

Resumen: The remote host is missing an update to libsndfile;announced via advisory MDVSA-2009:132-1.

Descripción: Summary:
The remote host is missing an update to libsndfile
announced via advisory MDVSA-2009:132-1.

Vulnerability Insight:
Multiple vulnerabilities has been found and corrected in libsndfile:

Heap-based buffer overflow in voc_read_header in libsndfile 1.0.15
through 1.0.19, as used in Winamp 5.552 and possibly other media
programs, allows remote attackers to cause a denial of service
(application crash) and possibly execute arbitrary code via a VOC
file with an invalid header value (CVE-2009-1788).

Heap-based buffer overflow in aiff_read_header in libsndfile 1.0.15
through 1.0.19, as used in Winamp 5.552 and possibly other media
programs, allows remote attackers to cause a denial of service
(application crash) and possibly execute arbitrary code via an AIFF
file with an invalid header value (CVE-2009-1791).

This update provides fixes for these vulnerabilities.

Update:

Packages for 2008.0 are being provided due to extended support for
Corporate products.

Affected: 2008.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-1788
BugTraq ID: 34978
http://www.securityfocus.com/bid/34978
Debian Security Information: DSA-1814 (Google Search)
http://www.debian.org/security/2009/dsa-1814
http://security.gentoo.org/glsa/glsa-200905-09.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2009:132
http://trapkit.de/advisories/TKADV2009-006.txt
http://secunia.com/advisories/35076
http://secunia.com/advisories/35126
http://secunia.com/advisories/35247
http://secunia.com/advisories/35443
http://www.vupen.com/english/advisories/2009/1324
http://www.vupen.com/english/advisories/2009/1348
XForce ISS Database: libsndfile-aiff-voc-bo(50541)
https://exchange.xforce.ibmcloud.com/vulnerabilities/50541
XForce ISS Database: libsndfile-voc-bo(50827)
https://exchange.xforce.ibmcloud.com/vulnerabilities/50827
Common Vulnerability Exposure (CVE) ID: CVE-2009-1791

Copyright Copyright (C) 2009 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.66372
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Security Advisory MDVSA-2009:132-1 (libsndfile)
Resumen:	The remote host is missing an update to libsndfile;announced via advisory MDVSA-2009:132-1.
Descripción:	Summary: The remote host is missing an update to libsndfile announced via advisory MDVSA-2009:132-1. Vulnerability Insight: Multiple vulnerabilities has been found and corrected in libsndfile: Heap-based buffer overflow in voc_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a VOC file with an invalid header value (CVE-2009-1788). Heap-based buffer overflow in aiff_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an AIFF file with an invalid header value (CVE-2009-1791). This update provides fixes for these vulnerabilities. Update: Packages for 2008.0 are being provided due to extended support for Corporate products. Affected: 2008.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-1788 BugTraq ID: 34978 http://www.securityfocus.com/bid/34978 Debian Security Information: DSA-1814 (Google Search) http://www.debian.org/security/2009/dsa-1814 http://security.gentoo.org/glsa/glsa-200905-09.xml http://www.mandriva.com/security/advisories?name=MDVSA-2009:132 http://trapkit.de/advisories/TKADV2009-006.txt http://secunia.com/advisories/35076 http://secunia.com/advisories/35126 http://secunia.com/advisories/35247 http://secunia.com/advisories/35443 http://www.vupen.com/english/advisories/2009/1324 http://www.vupen.com/english/advisories/2009/1348 XForce ISS Database: libsndfile-aiff-voc-bo(50541) https://exchange.xforce.ibmcloud.com/vulnerabilities/50541 XForce ISS Database: libsndfile-voc-bo(50827) https://exchange.xforce.ibmcloud.com/vulnerabilities/50827 Common Vulnerability Exposure (CVE) ID: CVE-2009-1791
Copyright	Copyright (C) 2009 E-Soft Inc.