Pardus: 2011-103: libsndfile: Arbitrary Code
Posted by Benjamin D. Thomas   
A vulnerability has been fixed in libsndfile.
------------------------------------------------------------------------
Pardus Linux Security Advisory 2011-103           security@pardus.org.tr
------------------------------------------------------------------------
      Date: 2011-08-04
      Type: Remote
------------------------------------------------------------------------

Summary
======
A vulnerability has been fixed in libsndfile.


Description
==========
CVE-2011-2696:

Integer overflow in libsndfile before 1.0.25 allows remote attackers to
cause a denial of  service  (application  crash)  or  possibly  execute
arbitrary code via a crafted PARIS Audio Format (PAF) file that triggers
a heap-based buffer overflow.


Affected packages:

  Pardus 2009:
    libsndfile, all before 1.0.25-12-9


Resolution
=========
There are update(s) for libsndfile. You can  update  them  via  Package
Manager or with a single command from console:

    pisi up libsndfile

References
=========
  * http://bugs.pardus.org.tr/show_bug.cgi?id724

------------------------------------------------------------------------