Get the LinuxSecurity news you want faster with RSS
Powered By
Pardus: Libsndfile: Multiple
Posted by Benjamin D. Thomas
exploited by malicious people to cause a DoS (Denial of Service).
--============== 21942281=Content-Type: multipart/alternative; boundary�504502e501079e4f046b6b7d22
--00504502e501079e4f046b6b7d22
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
------------------------------------------------------------------------
Pardus Linux Security Advisory 2009-85 security@pardus.org.tr
------------------------------------------------------------------------
Date: 2009-06-03
Severity: 2
Type: Remote
------------------------------------------------------------------------
Summary
======
Some vulnerabilities have been discovered in libsndfile, which can be
exploited by malicious people to cause a DoS (Denial of Service).
Description
==========
The vulnerabilities are caused due to errors in the "htk_read_header()",
"alaw_init()", "ulaw_init()", "pcm_init()", "float32_init()", and
"sds_read_header()" functions. These can be exploited to cause divisions
by zero via specially crafted audio data.
Affected packages:
Pardus 2008:
libsndfile, all before 1.0.17-8-4
Resolution
=========
There are update(s) for libsndfile. You can update them via Package
Manager or with a single command from console:
pisi up libsndfile
References
=========
* http://bugs.pardus.org.tr/show_bug.cgi?id˜45
* http://secunia.com/advisories/35266/2/
