 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.50341 |
| Category: | Fedora Local Security Checks |
| Title: | Fedora Core 1 FEDORA-2004-235 (sox) |
| Summary: | NOSUMMARY |
| Description: | Description: The remote host is missing an update to sox announced via advisory FEDORA-2004-235. SoX (Sound eXchange) is a sound file format converter SoX can convert between many different digitized sound formats and perform simple sound manipulation functions, including sound effects. Update Information: Updated sox packages that fix buffer overflows in the WAV file handling code are now available. Buffer overflows existed in the parsing of WAV file header fields. It was possible that a malicious WAV file could have caused arbitrary code to be executed when the file was played or converted. * Fri Jul 23 2004 Bill Nottingham - add patch for buffer overflow in wav code (CVE-2004-0557, #128158) * Fri Jul 09 2004 Bill Nottingham - add patch for 64-bit problem (#127502) * Tue Jun 15 2004 Elliot Lee - rebuilt * Tue Mar 02 2004 Elliot Lee - rebuilt * Fri Feb 13 2004 Elliot Lee - rebuilt This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/ d2b828b280d1d58e8431c0a08c8fc5b4 SRPMS/sox-12.17.4-4.fc1.src.rpm ce5294466ad88adf14692995782f54c4 x86_64/sox-12.17.4-4.fc1.x86_64.rpm b30b20e893870aa24e28ddb4eacdb63d x86_64/sox-devel-12.17.4-4.fc1.x86_64.rpm 76ddef2db37bae4ffb61c7da2f7d3c48 x86_64/debug/sox-debuginfo-12.17.4-4.fc1.x86_64.rpm eaf9632817dc3655c8df5b36560828a5 i386/sox-12.17.4-4.fc1.i386.rpm 0c999a2a2536ca9bd8ad029787ffa842 i386/sox-devel-12.17.4-4.fc1.i386.rpm 330681c8062dc91f293c501dc513bc08 i386/debug/sox-debuginfo-12.17.4-4.fc1.i386.rpm This update can also be installed with the Update Agent you can launch the Update Agent with the 'up2date' command. Solution: Apply the appropriate updates. http://www.fedoranews.org/updates/FEDORA-2004-235.shtml Risk factor : Critical CVSS Score: 10.0 |
| Cross-Ref: |
BugTraq ID: 10819 Common Vulnerability Exposure (CVE) ID: CVE-2004-0557 http://www.securityfocus.com/bid/10819 Conectiva Linux advisory: CLA-2004:855 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000855 Debian Security Information: DSA-565 (Google Search) http://www.debian.org/security/2004/dsa-565 http://lwn.net/Articles/95529/ http://lwn.net/Articles/95530/ https://bugzilla.fedora.us/show_bug.cgi?id=1945 http://seclists.org/fulldisclosure/2004/Jul/1227.html http://www.gentoo.org/security/en/glsa/glsa-200407-23.xml http://www.mandriva.com/security/advisories?name=MDKSA-2004:076 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9801 http://www.redhat.com/support/errata/RHSA-2004-409.html http://secunia.com/advisories/12175 http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0014.html XForce ISS Database: sox-wav-bo(16827) https://exchange.xforce.ibmcloud.com/vulnerabilities/16827 |
| Copyright | Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |