English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 75096 CVE descriptions
and 39644 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.66438
Category:Fedora Local Security Checks
Title:Fedora Core 10 FEDORA-2009-11499 (libsndfile)
Summary:Fedora Core 10 FEDORA-2009-11499 (libsndfile)
Description:The remote host is missing an update to libsndfile
announced via advisory FEDORA-2009-11499.

Update Information:

Version 1.0.20 (2009-03-14)
* Fix potential heap overflow in VOC file parser
(Tobias Klein, http://www.trapkit.de/).
Version 1.0.19 (2009-03-02)
* Fix for CVE-2009-0186 (Alin Rad Pop, Secunia Research).
* Huge number of minor bug fixes as a result of static analysis.
Version 1.0.18 (2009-02-07)
* Add Ogg/Vorbis support (thanks to John ffitch).
* Remove captive FLAC library.
* Many new features and bug fixes.

ChangeLog:

* Sat Nov 14 2009 Orcan Ogetbil - 1.0.20-3
- Add FLAC/Ogg/Vorbis support (BR: libvorbis-devel)
- Make build verbose
- Remove rpath
- Fix ChangeLog encoding
- Move the big Changelog to the devel package

References:

[ 1 ] Bug #488361 - CVE-2009-0186 libsndfile: overflows may lead to execution of arbitrary code
https://bugzilla.redhat.com/show_bug.cgi?id=488361
[ 2 ] Bug #502657 - CVE-2009-1788 libsndfile VOC file heap based buffer overflow
https://bugzilla.redhat.com/show_bug.cgi?id=502657
[ 3 ] Bug #502658 - CVE-2009-1791 libsndfile AIFF file heap based buffer overflow
https://bugzilla.redhat.com/show_bug.cgi?id=502658

Solution: Apply the appropriate updates.

This update can be installed with the yum update program. Use
su -c 'yum update libsndfile' at the command line.
For more information, refer to Managing Software with yum,
available at http://docs.fedoraproject.org/yum/.

http://www.securityspace.com/smysecure/catid.html?in=FEDORA-2009-11499
Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2009-0186
Bugtraq: 20090303 Secunia Research: Winamp CAF Processing Integer Overflow Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/archive/1/501399/100/0/threaded
Bugtraq: 20090303 Secunia Research: libsndfile CAF Processing Integer Overflow Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/archive/1/501413/100/0/threaded
http://secunia.com/secunia_research/2009-7/
http://secunia.com/secunia_research/2009-8/
Debian Security Information: DSA-1742 (Google Search)
http://www.debian.org/security/2009/dsa-1742
http://security.gentoo.org/glsa/glsa-200904-16.xml
SuSE Security Announcement: SUSE-SR:2009:008 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html
http://www.ubuntu.com/usn/USN-749-1
BugTraq ID: 33963
http://www.securityfocus.com/bid/33963
http://www.securitytracker.com/id?1021784
http://secunia.com/advisories/33980
http://secunia.com/advisories/33981
http://secunia.com/advisories/34316
http://secunia.com/advisories/34526
http://secunia.com/advisories/34642
http://secunia.com/advisories/34791
http://www.vupen.com/english/advisories/2009/0584
http://www.vupen.com/english/advisories/2009/0585
XForce ISS Database: libsndfile-caf-bo(49038)
http://xforce.iss.net/xforce/xfdb/49038
Common Vulnerability Exposure (CVE) ID: CVE-2009-1788
http://trapkit.de/advisories/TKADV2009-006.txt
Debian Security Information: DSA-1814 (Google Search)
http://www.debian.org/security/2009/dsa-1814
http://security.gentoo.org/glsa/glsa-200905-09.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2009:132
BugTraq ID: 34978
http://www.securityfocus.com/bid/34978
http://secunia.com/advisories/35076
http://secunia.com/advisories/35126
http://secunia.com/advisories/35247
http://secunia.com/advisories/35443
http://www.vupen.com/english/advisories/2009/1324
http://www.vupen.com/english/advisories/2009/1348
XForce ISS Database: libsndfile-aiff-voc-bo(50541)
http://xforce.iss.net/xforce/xfdb/50541
XForce ISS Database: libsndfile-voc-bo(50827)
http://xforce.iss.net/xforce/xfdb/50827
Common Vulnerability Exposure (CVE) ID: CVE-2009-1791
CopyrightCopyright (c) 2009 E-Soft Inc. http://www.securityspace.com

This is only one of 39644 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2014 E-Soft Inc. All rights reserved.