"-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
Debian Security Advisory DSA-1742-1 security@debian.org
http://www.debian.org/security/ Nico Golde
March 16th, 2009 http://www.debian.org/security/faq
- --------------------------------------------------------------------------
Package : libsndfile
Vulnerability : integer overflow
Problem type : local
Debian-specific: no
CVE ID : CVE-2009-0186
Debian Bug : none
BugTraq ID : 33963
Alan Rad Pop discovered that libsndfile, a library to read and write
sampled audio data, is prone to an integer overflow. This causes a
heap-based buffer overflow when processing crafted CAF description
chunks possibly leading to arbitrary code execution.
For the oldstable distribution (etch) this problem has been fixed in
version 1.0.16-2+etch1.
For the stable distribution (lenny) this problem has been fixed in
version 1.0.17-4+lenny1.
For the unstable distribution (sid) this problem has been fixed in
version 1.0.19-1.
We recommend that you upgrade your libsndfile packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Debian (oldstable)
- ------------------
Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile_1.0.16-2+etch1.dsc
Size/MD5 checksum: 659 2782d11c87eb6cdbcbb4757bdcba3582
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile_1.0.16.orig.tar.gz
Size/MD5 checksum: 857117 773b6639672d39b6342030c7fd1e9719
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile_1.0.16-2+etch1.diff.gz
Size/MD5 checksum: 5872 94c24295ef3f6461e417f7953e3df405
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.16-2+etch1_amd64.deb
Size/MD5 checksum: 322418 5590289019e10655b831451a93b10d43
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.16-2+etch1_amd64.deb
Size/MD5 checksum: 187326 a873f6260972d3f18bb5bfcefc355894
http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.16-2+etch1_amd64.deb
Size/MD5 checksum: 70686 3cbb5bbe4f0af88cd8f33e5296427cc3
arm architecture (ARM)
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.16-2+etch1_arm.deb
Size/MD5 checksum: 342342 d2f15699c1f3d6d3a5460385ea9b99b6
http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.16-2+etch1_arm.deb
Size/MD5 checksum: 72166 e691a87d6803f4e877c12fdc7ba13e25
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.16-2+etch1_arm.deb
Size/MD5 checksum: 221378 b4843f23c1079a4a7ea0fc2324c680fc
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.16-2+etch1_hppa.deb
Size/MD5 checksum: 74914 1f96f0eee8d6a3eb34d24a433546fd57
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.16-2+etch1_hppa.deb
Size/MD5 checksum: 236094 ce6c840fbd31cd9d715c8525616ac54c
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.16-2+etch1_hppa.deb
Size/MD5 checksum: 373868 bef1859b9f1266093be1c95531351eff
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.16-2+etch1_i386.deb
Size/MD5 checksum: 320672 3ed0f57f391284d9d7cb0b3eb95d48fb
http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.16-2+etch1_i386.deb
Size/MD5 checksum: 70872 818ad0f2460d4cc6d902809bb0d9bf4a
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.16-2+etch1_i386.deb
Size/MD5 checksum: 197906 eba6df6a2658f8b95ed31c38c3a3ef40
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.16-2+etch1_ia64.deb
Size/MD5 checksum: 270732 de8da4d9acfe054e5e1e9a9367d50cac
http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.16-2+etch1_ia64.deb
Size/MD5 checksum: 75896 230edd89ad51fd4c4f064815f661b4c8
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.16-2+etch1_ia64.deb
Size/MD5 checksum: 416258 aecbfa75aae59f97ef88b98c805fe935
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.16-2+etch1_mips.deb
Size/MD5 checksum: 217258 a252e3e6dfa3a82429b1f0f614408f85
http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.16-2+etch1_mips.deb
Size/MD5 checksum: 72898 15032de6be2605a07ddcc8c1534f26c9
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.16-2+etch1_mips.deb
Size/MD5 checksum: 374318 27cb3879cb552c881f9c52127bbe5670
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.16-2+etch1_mipsel.deb
Size/MD5 checksum: 72948 02486480aa641705aca406a7f8dd0ed8
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.16-2+etch1_mipsel.deb
Size/MD5 checksum: 216892 9c13d9332ad74db6a6a84cb018f333b0
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.16-2+etch1_mipsel.deb
Size/MD5 checksum: 373456 8cef61c9e296b2134c25245133a69884
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.16-2+etch1_powerpc.deb
Size/MD5 checksum: 207898 47b604aebf08ad004589587b6a977dbd
http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.16-2+etch1_powerpc.deb
Size/MD5 checksum: 75942 98415fef5f56e16713c23c96a2e15445
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.16-2+etch1_powerpc.deb
Size/MD5 checksum: 346488 eacb480134790f9e39b1332e6e84e4ee
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.16-2+etch1_s390.deb
Size/MD5 checksum: 72940 c92ba36d5ec4b092a0f07e6db712de30
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.16-2+etch1_s390.deb
Size/MD5 checksum: 220998 a1489d9687ad8b804244a741fdd7cb35
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.16-2+etch1_s390.deb
Size/MD5 checksum: 346540 8f2784ab3ba80709ef6f00b84194fa2a
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.16-2+etch1_sparc.deb
Size/MD5 checksum: 207890 7788155fa7338ac0c7ede3f3c8808e9e
http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.16-2+etch1_sparc.deb
Size/MD5 checksum: 70836 ce42b9f5eaf08d484c4b136833575491
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.16-2+etch1_sparc.deb
Size/MD5 checksum: 338816 17c6a3b095be526617571a9a2631e762
Debian GNU/Linux 5.0 alias lenny
- --------------------------------
Debian (stable)
- ---------------
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile_1.0.17-4+lenny1.diff.gz
Size/MD5 checksum: 9969 a06409102bd304eedb0bd6634bceefa1
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile_1.0.17.orig.tar.gz
Size/MD5 checksum: 819456 2d126c35448503f6dbe33934d9581f6b
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile_1.0.17-4+lenny1.dsc
Size/MD5 checksum: 1131 b44551174131c95a8cfae919907d3efa
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.17-4+lenny1_amd64.deb
Size/MD5 checksum: 332902 bb2e2e44a1a399bf089481a9facc4e19
http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.17-4+lenny1_amd64.deb
Size/MD5 checksum: 73016 93aef598d40745fc4531955441223ab5
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.17-4+lenny1_amd64.deb
Size/MD5 checksum: 191504 6b54a2e1a53d09464c4b65d258a5deb3
arm architecture (ARM)
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.17-4+lenny1_arm.deb
Size/MD5 checksum: 347414 6c52b00fc235e1ae0a47666f31c0b212
http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.17-4+lenny1_arm.deb
Size/MD5 checksum: 74216 708985007e2bb5a2426a268e6685950b
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.17-4+lenny1_arm.deb
Size/MD5 checksum: 217154 9b070d74cf8f2f0386f21bb7808bf080
armel architecture (ARM EABI)
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.17-4+lenny1_armel.deb
Size/MD5 checksum: 355992 e1c35063b71ec530cb04e78fd28cea0e
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.17-4+lenny1_armel.deb
Size/MD5 checksum: 220856 4da3e1b0575f958ad80d111a8e50f604
http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.17-4+lenny1_armel.deb
Size/MD5 checksum: 76350 aa51f771719ec6015035ebe98007c2d5
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.17-4+lenny1_hppa.deb
Size/MD5 checksum: 236450 094cc8743665a6514b4ff9bc24186d03
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.17-4+lenny1_hppa.deb
Size/MD5 checksum: 378900 cf6fa563b615042fc8d506043dd227ac
http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.17-4+lenny1_hppa.deb
Size/MD5 checksum: 76788 d175a6e5bd172eca340ac85a2d18c645
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.17-4+lenny1_i386.deb
Size/MD5 checksum: 72806 5860626d1af8814f8eee7162fb3d4ea0
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.17-4+lenny1_i386.deb
Size/MD5 checksum: 196406 69991bf3467c31d730472b29c368dfef
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.17-4+lenny1_i386.deb
Size/MD5 checksum: 326094 30572ad1df19e37d3d8cfc991f2835ca
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.17-4+lenny1_ia64.deb
Size/MD5 checksum: 274480 924a7ae71b9a33be513a2ae3fd8f6d5c
http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.17-4+lenny1_ia64.deb
Size/MD5 checksum: 77656 e61068d4526fa2a6fa11723d6dd54d11
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.17-4+lenny1_ia64.deb
Size/MD5 checksum: 430756 6674fe583f5bbe41eb796d4659ec8093
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.17-4+lenny1_mips.deb
Size/MD5 checksum: 378808 7deca929594ab128abcffc66eb4394d0
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.17-4+lenny1_mips.deb
Size/MD5 checksum: 215100 668818f04fe4ab74a43d6c8012b96912
http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.17-4+lenny1_mips.deb
Size/MD5 checksum: 74824 d06343d42dfd969c74ca9de2e805cc66
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.17-4+lenny1_mipsel.deb
Size/MD5 checksum: 74832 ded63b4fd471a3043512f57ff80247a5
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.17-4+lenny1_mipsel.deb
Size/MD5 checksum: 215256 777dc5b744908a615db38d6331184b17
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.17-4+lenny1_mipsel.deb
Size/MD5 checksum: 379332 b137cbe97da0ae209f667020a001d041
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.17-4+lenny1_s390.deb
Size/MD5 checksum: 219930 46c286135742fc81b8e912bc31152165
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.17-4+lenny1_s390.deb
Size/MD5 checksum: 355566 76dfe36e9fd16c88b3c57aa57a07fba5
http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.17-4+lenny1_s390.deb
Size/MD5 checksum: 75106 9a01e6255f4898e572e8239ae00da738
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.17-4+lenny1_sparc.deb
Size/MD5 checksum: 206230 e4e000f15013781e5c525ef86197ed27
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.17-4+lenny1_sparc.deb
Size/MD5 checksum: 342738 387686095f690170b6339d3945e0b57f
http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.17-4+lenny1_sparc.deb
Size/MD5 checksum: 73494 78e59cb96a9dc8747c4bc0578853faa9
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkm9oUgACgkQHYflSXNkfP/TcQCeJM5uqpejgBVL/091IAJiHk60
x2AAniu3noikDJRsrjXCtyFHvABP0Anb
=xRYd
-----END PGP SIGNATURE-----
"
‘American Idol’ selects 3 more finalists
(AP)
DSA 1739-1: New mldonkey packages fix information disclosure
Placido Domingo puts musical spin on pope’s poems
(AP)
This entry was posted
on 11:46 PM
.
Archives
-
▼
2009
(488)
-
▼
March
(44)
- DSA 1760-1: New openswan packages fix denial of se...
- USN-750-1: OpenSSL vulnerability
- USN-748-1: OpenJDK vulnerabilities
- DSA 1756-1: New xulrunner packages fix multiple vu...
- RHSA-2009:0373-01 Moderate: systemtap security update
- RHSA-2009:0397-01 Critical: firefox security update
- RHSA-2009:0295-01 Moderate: net-snmp security update
- DSA 1755-1: New systemtap packages fix local privi...
- GLSA 200903-39 pam_krb5: Privilege escalation
- RHSA-2009:0394-01 Critical: java-1.5.0-sun securit...
- RHSA-2009:0376-01 Critical: acroread security update
- GLSA 200903-38 Squid: Multiple Denial of Service ...
- DSA 1753-1: End-of-life announcement for Iceweasel...
- GLSA 200903-35 Muttprint: Insecure temporary file...
- DSA 1747-1: New glib2.0 packages fix arbitrary cod...
- DSA 1750-1: New libpng packages fix several vulner...
- DSA 1748-1: New libsoup packages fix arbitrary cod...
- GLSA 200903-34 Amarok: User-assisted execution of...
- RHSA-2009:0345-01 Moderate: ghostscript security u...
- USN-742-1: JasPer vulnerabilities
- DSA 1749-1: New Linux 2.6.26 packages fix several ...
- RHSA-2009:0341-01 Moderate: curl security update
- GLSA 200903-32 phpMyAdmin: Multiple vulnerabilities
- DSA 1744-1: New weechat packages fix denial of ser...
- GLSA 200903-29 BlueZ: Arbitrary code execution
- RHSA-2009:0355-01 Moderate: evolution and evolutio...
- USN-737-1: libsoup vulnerability
- DSA 1743-1: New libtk-img packages fix arbitrary c...
- DSA 1740-1: New yaws packages fix denial of service
- DSA 1741-1: New psi packages fix denial of service
- DSA 1742-1: New libsnd packages fix arbitrary code...
- GLSA 200903-25 Courier Authentication Library: SQ...
- USN-731-1: Apache vulnerabilities
- GLSA 200903-26 TMSNC: Execution of arbitrary code
- DSA 1738-1: New curl packages fix arbitrary file a...
- DSA 1739-1: New mldonkey packages fix information ...
- RHSA-2009:0331-01 Important: kernel security and b...
- GLSA 200903-21 cURL: Arbitrary file access
- GLSA 200903-23 Adobe Flash Player: Multiple vulne...
- DSA 1735-1: New znc packages fix privilege escalation
- USN-732-1: dash vulnerability
- DSA 1737-1: New wesnoth packages fix several vulne...
- Media player targets embedded Linux devices
- TI die-shrinks OMAP3
-
▼
March
(44)