<<< Date Index >>>     <<< Thread Index >>>

[ MDVSA-2008:238 ] libsamplerate



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2008:238
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : libsamplerate
 Date    : December 4, 2008
 Affected: 2008.0, 2008.1, Corporate 3.0, Corporate 4.0
 _______________________________________________________________________

 Problem Description:

 A buffer overflow was found by Russell O'Conner in the libsamplerate
 library versions prior to 0.1.4 that could possibly lead to the
 execution of arbitrary code via a specially crafted audio file
 (CVE-2008-5008).
 
 The updated packages have been patched to prevent this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5008
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.0:
 9a9cc1fbac25741ad38e914c98d90826  
2008.0/i586/libsamplerate0-0.1.3-0.pre6.3.1mdv2008.0.i586.rpm
 294117b4e81f6d38553faf47b0d0b561  
2008.0/i586/libsamplerate-devel-0.1.3-0.pre6.3.1mdv2008.0.i586.rpm
 695ab47e44749f3f0a6df321992f6064  
2008.0/i586/libsamplerate-progs-0.1.3-0.pre6.3.1mdv2008.0.i586.rpm 
 4068b67bd67786501ddc388824763a19  
2008.0/SRPMS/libsamplerate-0.1.3-0.pre6.3.1mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 24a792941fa5fbff89764b724923a616  
2008.0/x86_64/lib64samplerate0-0.1.3-0.pre6.3.1mdv2008.0.x86_64.rpm
 c1ac9d056ca38c36658158fec3ee3f31  
2008.0/x86_64/lib64samplerate-devel-0.1.3-0.pre6.3.1mdv2008.0.x86_64.rpm
 dcdffc679e6af71864d8cdb78e335df8  
2008.0/x86_64/libsamplerate-progs-0.1.3-0.pre6.3.1mdv2008.0.x86_64.rpm 
 4068b67bd67786501ddc388824763a19  
2008.0/SRPMS/libsamplerate-0.1.3-0.pre6.3.1mdv2008.0.src.rpm

 Mandriva Linux 2008.1:
 f44c5b4f55bbe4ad946f46456dce4745  
2008.1/i586/libsamplerate0-0.1.3-0.pre6.3.1mdv2008.1.i586.rpm
 18a7016e5da1f0f37c3cde4222703f87  
2008.1/i586/libsamplerate-devel-0.1.3-0.pre6.3.1mdv2008.1.i586.rpm
 6064159a6a594c006d16c42d29cfd240  
2008.1/i586/libsamplerate-progs-0.1.3-0.pre6.3.1mdv2008.1.i586.rpm 
 32697b41d7fd390e91b4d4dbeacc0db2  
2008.1/SRPMS/libsamplerate-0.1.3-0.pre6.3.1mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 6497eadf29decebda33422f431a83d45  
2008.1/x86_64/lib64samplerate0-0.1.3-0.pre6.3.1mdv2008.1.x86_64.rpm
 2df7b9d3f1656f728667e68569cfc8af  
2008.1/x86_64/lib64samplerate-devel-0.1.3-0.pre6.3.1mdv2008.1.x86_64.rpm
 b9c0276018ac620bbcd68f998b4daeac  
2008.1/x86_64/libsamplerate-progs-0.1.3-0.pre6.3.1mdv2008.1.x86_64.rpm 
 32697b41d7fd390e91b4d4dbeacc0db2  
2008.1/SRPMS/libsamplerate-0.1.3-0.pre6.3.1mdv2008.1.src.rpm

 Corporate 3.0:
 91ef6d6952ac4d845f4ed16b74117d8d  
corporate/3.0/i586/libsamplerate0-0.0.15-2.1.C30mdk.i586.rpm
 7d1aef25a43863e4a7d89fd559312b29  
corporate/3.0/i586/libsamplerate0-devel-0.0.15-2.1.C30mdk.i586.rpm
 e3d9b6a0c2d32d36bd55b3d2b9ff8fa7  
corporate/3.0/i586/libsamplerate-progs-0.0.15-2.1.C30mdk.i586.rpm 
 67cdb6d349097d08925e2c4cb86d1fe6  
corporate/3.0/SRPMS/libsamplerate-0.0.15-2.1.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 3efec8fbd1ea1fd00f9eea336afd5798  
corporate/3.0/x86_64/lib64samplerate0-0.0.15-2.1.C30mdk.x86_64.rpm
 5783d23a1019bed054e713b94c5ad989  
corporate/3.0/x86_64/lib64samplerate0-devel-0.0.15-2.1.C30mdk.x86_64.rpm
 f970ddd128def98252bc4090f576f4ec  
corporate/3.0/x86_64/libsamplerate-progs-0.0.15-2.1.C30mdk.x86_64.rpm 
 67cdb6d349097d08925e2c4cb86d1fe6  
corporate/3.0/SRPMS/libsamplerate-0.0.15-2.1.C30mdk.src.rpm

 Corporate 4.0:
 0a2d27263f81d8304028bccadb5142af  
corporate/4.0/i586/libsamplerate0-0.1.2-1.1.20060mlcs4.i586.rpm
 7d3dddddbad29db356b97dc77f720c0a  
corporate/4.0/i586/libsamplerate0-devel-0.1.2-1.1.20060mlcs4.i586.rpm
 9b2bc33430ac70a2c24eab9f2afee0c2  
corporate/4.0/i586/libsamplerate-progs-0.1.2-1.1.20060mlcs4.i586.rpm 
 83cdd1d3349f1017c4c92cb6ee0fb636  
corporate/4.0/SRPMS/libsamplerate-0.1.2-1.1.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 ffbc6a9d6d3403a52ca5cbe3c4a3495d  
corporate/4.0/x86_64/lib64samplerate0-0.1.2-1.1.20060mlcs4.x86_64.rpm
 991dd38ed664577613f6a55da77eaa29  
corporate/4.0/x86_64/lib64samplerate0-devel-0.1.2-1.1.20060mlcs4.x86_64.rpm
 92d88adbf9d580a772b702f33cf8d027  
corporate/4.0/x86_64/libsamplerate-progs-0.1.2-1.1.20060mlcs4.x86_64.rpm 
 83cdd1d3349f1017c4c92cb6ee0fb636  
corporate/4.0/SRPMS/libsamplerate-0.1.2-1.1.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFJOFc0mqjQ0CJFipgRAjweAKDVUt2pCqRSgKnXlJI0gJoSgbuXBACeMk6+
SxoIyNyLtbDX6XnTUTazqts=
=Kbrk
-----END PGP SIGNATURE-----