LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: April 21st, 2014
Linux Security Week: April 7th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandriva: Subject: [Security Announce] [ MDVSA-2008:238 ] libsamplerate Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake A buffer overflow was found by Russell O'Conner in the libsamplerate library versions prior to 0.1.4 that could possibly lead to the execution of arbitrary code via a specially crafted audio file (CVE-2008-5008).
 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2008:238
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : libsamplerate
 Date    : December 4, 2008
 Affected: 2008.0, 2008.1, Corporate 3.0, Corporate 4.0
 _______________________________________________________________________

 Problem Description:

 A buffer overflow was found by Russell O'Conner in the libsamplerate
 library versions prior to 0.1.4 that could possibly lead to the
 execution of arbitrary code via a specially crafted audio file
 (CVE-2008-5008).
 
 The updated packages have been patched to prevent this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5008
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.0:
 9a9cc1fbac25741ad38e914c98d90826  2008.0/i586/libsamplerate0-0.1.3-0.pre6.3.1mdv2008.0.i586.rpm
 294117b4e81f6d38553faf47b0d0b561  2008.0/i586/libsamplerate-devel-0.1.3-0.pre6.3.1mdv2008.0.i586.rpm
 695ab47e44749f3f0a6df321992f6064  2008.0/i586/libsamplerate-progs-0.1.3-0.pre6.3.1mdv2008.0.i586.rpm 
 4068b67bd67786501ddc388824763a19  2008.0/SRPMS/libsamplerate-0.1.3-0.pre6.3.1mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 24a792941fa5fbff89764b724923a616  2008.0/x86_64/lib64samplerate0-0.1.3-0.pre6.3.1mdv2008.0.x86_64.rpm
 c1ac9d056ca38c36658158fec3ee3f31  2008.0/x86_64/lib64samplerate-devel-0.1.3-0.pre6.3.1mdv2008.0.x86_64.rpm
 dcdffc679e6af71864d8cdb78e335df8  2008.0/x86_64/libsamplerate-progs-0.1.3-0.pre6.3.1mdv2008.0.x86_64.rpm 
 4068b67bd67786501ddc388824763a19  2008.0/SRPMS/libsamplerate-0.1.3-0.pre6.3.1mdv2008.0.src.rpm

 Mandriva Linux 2008.1:
 f44c5b4f55bbe4ad946f46456dce4745  2008.1/i586/libsamplerate0-0.1.3-0.pre6.3.1mdv2008.1.i586.rpm
 18a7016e5da1f0f37c3cde4222703f87  2008.1/i586/libsamplerate-devel-0.1.3-0.pre6.3.1mdv2008.1.i586.rpm
 6064159a6a594c006d16c42d29cfd240  2008.1/i586/libsamplerate-progs-0.1.3-0.pre6.3.1mdv2008.1.i586.rpm 
 32697b41d7fd390e91b4d4dbeacc0db2  2008.1/SRPMS/libsamplerate-0.1.3-0.pre6.3.1mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 6497eadf29decebda33422f431a83d45  2008.1/x86_64/lib64samplerate0-0.1.3-0.pre6.3.1mdv2008.1.x86_64.rpm
 2df7b9d3f1656f728667e68569cfc8af  2008.1/x86_64/lib64samplerate-devel-0.1.3-0.pre6.3.1mdv2008.1.x86_64.rpm
 b9c0276018ac620bbcd68f998b4daeac  2008.1/x86_64/libsamplerate-progs-0.1.3-0.pre6.3.1mdv2008.1.x86_64.rpm 
 32697b41d7fd390e91b4d4dbeacc0db2  2008.1/SRPMS/libsamplerate-0.1.3-0.pre6.3.1mdv2008.1.src.rpm

 Corporate 3.0:
 91ef6d6952ac4d845f4ed16b74117d8d  corporate/3.0/i586/libsamplerate0-0.0.15-2.1.C30mdk.i586.rpm
 7d1aef25a43863e4a7d89fd559312b29  corporate/3.0/i586/libsamplerate0-devel-0.0.15-2.1.C30mdk.i586.rpm
 e3d9b6a0c2d32d36bd55b3d2b9ff8fa7  corporate/3.0/i586/libsamplerate-progs-0.0.15-2.1.C30mdk.i586.rpm 
 67cdb6d349097d08925e2c4cb86d1fe6  corporate/3.0/SRPMS/libsamplerate-0.0.15-2.1.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 3efec8fbd1ea1fd00f9eea336afd5798  corporate/3.0/x86_64/lib64samplerate0-0.0.15-2.1.C30mdk.x86_64.rpm
 5783d23a1019bed054e713b94c5ad989  corporate/3.0/x86_64/lib64samplerate0-devel-0.0.15-2.1.C30mdk.x86_64.rpm
 f970ddd128def98252bc4090f576f4ec  corporate/3.0/x86_64/libsamplerate-progs-0.0.15-2.1.C30mdk.x86_64.rpm 
 67cdb6d349097d08925e2c4cb86d1fe6  corporate/3.0/SRPMS/libsamplerate-0.0.15-2.1.C30mdk.src.rpm

 Corporate 4.0:
 0a2d27263f81d8304028bccadb5142af  corporate/4.0/i586/libsamplerate0-0.1.2-1.1.20060mlcs4.i586.rpm
 7d3dddddbad29db356b97dc77f720c0a  corporate/4.0/i586/libsamplerate0-devel-0.1.2-1.1.20060mlcs4.i586.rpm
 9b2bc33430ac70a2c24eab9f2afee0c2  corporate/4.0/i586/libsamplerate-progs-0.1.2-1.1.20060mlcs4.i586.rpm 
 83cdd1d3349f1017c4c92cb6ee0fb636  corporate/4.0/SRPMS/libsamplerate-0.1.2-1.1.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 ffbc6a9d6d3403a52ca5cbe3c4a3495d  corporate/4.0/x86_64/lib64samplerate0-0.1.2-1.1.20060mlcs4.x86_64.rpm
 991dd38ed664577613f6a55da77eaa29  corporate/4.0/x86_64/lib64samplerate0-devel-0.1.2-1.1.20060mlcs4.x86_64.rpm
 92d88adbf9d580a772b702f33cf8d027  corporate/4.0/x86_64/libsamplerate-progs-0.1.2-1.1.20060mlcs4.x86_64.rpm 
 83cdd1d3349f1017c4c92cb6ee0fb636  corporate/4.0/SRPMS/libsamplerate-0.1.2-1.1.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Fixing OpenSSL's Heartbleed flaw will take MONTHS, warns Secunia
Even the most secure cloud storage may not be so secure, study finds
Targeted Attack Uses Heartbleed to Hijack VPN Sessions
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.