LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: October 20th, 2014
Linux Advisory Watch: October 17th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandriva: Subject: [Security Announce] [ MDVSA-2009:232 ] libsamplerate Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake A security vulnerability has been identified and fixed in libsamplerate: Lev Givon discovered a buffer overflow in libsamplerate that could lead to a segfault with specially crafted python code. This problem has been fixed with libsamplerate-0.1.7 but older versions are affected. This update provides a solution to this vulnerability.
 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2009:232
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : libsamplerate
 Date    : September 11, 2009
 Affected: 2008.1, 2009.0, Corporate 3.0, Corporate 4.0
 _______________________________________________________________________

 Problem Description:

 A security vulnerability has been identified and fixed in
 libsamplerate:
 
 Lev Givon discovered a buffer overflow in libsamplerate that could
 lead to a segfault with specially crafted python code. This problem has
 been fixed with libsamplerate-0.1.7 but older versions are affected.
 
 This update provides a solution to this vulnerability.
 _______________________________________________________________________

 References:

 https://qa.mandriva.com/47888
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.1:
 68b6b761ad6f8c5144380adf7e670a20  2008.1/i586/libsamplerate0-0.1.3-0.pre6.3.2mdv2008.1.i586.rpm
 c4048627b6cd47ecc36798e3b95291f8  2008.1/i586/libsamplerate-devel-0.1.3-0.pre6.3.2mdv2008.1.i586.rpm
 8b021bc53c012b993a55b702ca5d4ef3  2008.1/i586/libsamplerate-progs-0.1.3-0.pre6.3.2mdv2008.1.i586.rpm 
 6fc83bb69d28e02bb4676ac8c822bf4c  2008.1/SRPMS/libsamplerate-0.1.3-0.pre6.3.2mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 c912e011f54a3f43adf7592e3f79159c  2008.1/x86_64/lib64samplerate0-0.1.3-0.pre6.3.2mdv2008.1.x86_64.rpm
 52245d2684de49d0c42b127ed25770d3  2008.1/x86_64/lib64samplerate-devel-0.1.3-0.pre6.3.2mdv2008.1.x86_64.rpm
 e009822b488278ce524c98ccd0f4d9e3  2008.1/x86_64/libsamplerate-progs-0.1.3-0.pre6.3.2mdv2008.1.x86_64.rpm 
 6fc83bb69d28e02bb4676ac8c822bf4c  2008.1/SRPMS/libsamplerate-0.1.3-0.pre6.3.2mdv2008.1.src.rpm

 Mandriva Linux 2009.0:
 00c1eddd0f7027881d61c9810c8a7b9e  2009.0/i586/libsamplerate0-0.1.4-1.1mdv2009.0.i586.rpm
 aaa8cb9975747da1fdfde6232ccf59a4  2009.0/i586/libsamplerate-devel-0.1.4-1.1mdv2009.0.i586.rpm
 1ac80dd7e709814263e5b9aeaa398b90  2009.0/i586/libsamplerate-progs-0.1.4-1.1mdv2009.0.i586.rpm 
 440cca6113286912ad26389751846488  2009.0/SRPMS/libsamplerate-0.1.4-1.1mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 742aed975be2108101d544e4af10051f  2009.0/x86_64/lib64samplerate0-0.1.4-1.1mdv2009.0.x86_64.rpm
 01273f68c2bd71058c17dc130e7995da  2009.0/x86_64/lib64samplerate-devel-0.1.4-1.1mdv2009.0.x86_64.rpm
 934924f0f55c61bd7328316994594132  2009.0/x86_64/libsamplerate-progs-0.1.4-1.1mdv2009.0.x86_64.rpm 
 440cca6113286912ad26389751846488  2009.0/SRPMS/libsamplerate-0.1.4-1.1mdv2009.0.src.rpm

 Corporate 3.0:
 90a843449a9077e3de0daa6bffd9a5d2  corporate/3.0/i586/libsamplerate0-0.0.15-2.2.C30mdk.i586.rpm
 575111d361dc0886f1788fab9a55bc2a  corporate/3.0/i586/libsamplerate0-devel-0.0.15-2.2.C30mdk.i586.rpm
 17c39e53f9c74b7f161008a8ea205630  corporate/3.0/i586/libsamplerate-progs-0.0.15-2.2.C30mdk.i586.rpm 
 f9b91945c60e160f9a44e3d6e8265930  corporate/3.0/SRPMS/libsamplerate-0.0.15-2.2.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 502ef117b448d385d61ba74676118bb1  corporate/3.0/x86_64/lib64samplerate0-0.0.15-2.2.C30mdk.x86_64.rpm
 bf8a35fbb19b14fb8a180e15263da664  corporate/3.0/x86_64/lib64samplerate0-devel-0.0.15-2.2.C30mdk.x86_64.rpm
 32e670174dbf0e76ce55b30af497d076  corporate/3.0/x86_64/libsamplerate-progs-0.0.15-2.2.C30mdk.x86_64.rpm 
 f9b91945c60e160f9a44e3d6e8265930  corporate/3.0/SRPMS/libsamplerate-0.0.15-2.2.C30mdk.src.rpm

 Corporate 4.0:
 5911901b6500278924e683527389dff7  corporate/4.0/i586/libsamplerate0-0.1.2-1.2.20060mlcs4.i586.rpm
 020f7a51ac2dfc9100519ac17f3ad9c1  corporate/4.0/i586/libsamplerate0-devel-0.1.2-1.2.20060mlcs4.i586.rpm
 3bcce103dbed501d68e83e1513de4fb7  corporate/4.0/i586/libsamplerate-progs-0.1.2-1.2.20060mlcs4.i586.rpm 
 9ed1ef514bb0ba8882604a438c3a2b6c  corporate/4.0/SRPMS/libsamplerate-0.1.2-1.2.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 ff73bdbc43ef5dab21be04dce86c96ec  corporate/4.0/x86_64/lib64samplerate0-0.1.2-1.2.20060mlcs4.x86_64.rpm
 81c6d68db92c9121fdc71a07738d49d1  corporate/4.0/x86_64/lib64samplerate0-devel-0.1.2-1.2.20060mlcs4.x86_64.rpm
 198206469146f0f5438c2a4d0fdbe651  corporate/4.0/x86_64/libsamplerate-progs-0.1.2-1.2.20060mlcs4.x86_64.rpm 
 9ed1ef514bb0ba8882604a438c3a2b6c  corporate/4.0/SRPMS/libsamplerate-0.1.2-1.2.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Hacker Halted 2014: Johnny Long Calls for Hackers for Charity Volunteers
RIPS – Static Source Code Analysis For PHP Vulnerabilities
Finding a Video Poker Bug Made These Guys Rich—Then Vegas Made Them Pay
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.