From: [email protected]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------- Debian Security Advisory DSA-1742-1 [email protected] http://www.debian.org/security/ Nico Golde March 16th, 2009 http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package : libsndfile
Vulnerability : integer overflow
Problem type : local
Debian-specific: no
CVE ID : CVE-2009-0186
Debian Bug : none
BugTraq ID : 33963


Alan Rad Pop discovered that libsndfile, a library to read and write
sampled audio data, is prone to an integer overflow. This causes a
heap-based buffer overflow when processing crafted CAF description
chunks possibly leading to arbitrary code execution.


For the oldstable distribution (etch) this problem has been fixed in
version 1.0.16-2+etch1.

For the stable distribution (lenny) this problem has been fixed in
version 1.0.17-4+lenny1.

For the unstable distribution (sid) this problem has been fixed in
version 1.0.19-1.

We recommend that you upgrade your libsndfile packages.


Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------

Debian (oldstable)
- ------------------

Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile_1.0.16-2+etch1.dsc
Size/MD5 checksum: 659 2782d11c87eb6cdbcbb4757bdcba3582
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile_1.0.16.orig.tar.gz
Size/MD5 checksum: 857117 773b6639672d39b6342030c7fd1e9719
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile_1.0.16-2+etch1.diff.gz
Size/MD5 checksum: 5872 94c24295ef3f6461e417f7953e3df405

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.16-2+etch1_amd64.deb
Size/MD5 checksum: 322418 5590289019e10655b831451a93b10d43
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.16-2+etch1_amd64.deb
Size/MD5 checksum: 187326 a873f6260972d3f18bb5bfcefc355894
http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.16-2+etch1_amd64.deb
Size/MD5 checksum: 70686 3cbb5bbe4f0af88cd8f33e5296427cc3

arm architecture (ARM)

http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.16-2+etch1_arm.deb
Size/MD5 checksum: 342342 d2f15699c1f3d6d3a5460385ea9b99b6
http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.16-2+etch1_arm.deb
Size/MD5 checksum: 72166 e691a87d6803f4e877c12fdc7ba13e25
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.16-2+etch1_arm.deb
Size/MD5 checksum: 221378 b4843f23c1079a4a7ea0fc2324c680fc

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.16-2+etch1_hppa.deb
Size/MD5 checksum: 74914 1f96f0eee8d6a3eb34d24a433546fd57
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.16-2+etch1_hppa.deb
Size/MD5 checksum: 236094 ce6c840fbd31cd9d715c8525616ac54c
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.16-2+etch1_hppa.deb
Size/MD5 checksum: 373868 bef1859b9f1266093be1c95531351eff

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.16-2+etch1_i386.deb
Size/MD5 checksum: 320672 3ed0f57f391284d9d7cb0b3eb95d48fb
http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.16-2+etch1_i386.deb
Size/MD5 checksum: 70872 818ad0f2460d4cc6d902809bb0d9bf4a
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.16-2+etch1_i386.deb
Size/MD5 checksum: 197906 eba6df6a2658f8b95ed31c38c3a3ef40

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.16-2+etch1_ia64.deb
Size/MD5 checksum: 270732 de8da4d9acfe054e5e1e9a9367d50cac
http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.16-2+etch1_ia64.deb
Size/MD5 checksum: 75896 230edd89ad51fd4c4f064815f661b4c8
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.16-2+etch1_ia64.deb
Size/MD5 checksum: 416258 aecbfa75aae59f97ef88b98c805fe935

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.16-2+etch1_mips.deb
Size/MD5 checksum: 217258 a252e3e6dfa3a82429b1f0f614408f85
http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.16-2+etch1_mips.deb
Size/MD5 checksum: 72898 15032de6be2605a07ddcc8c1534f26c9
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.16-2+etch1_mips.deb
Size/MD5 checksum: 374318 27cb3879cb552c881f9c52127bbe5670

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.16-2+etch1_mipsel.deb
Size/MD5 checksum: 72948 02486480aa641705aca406a7f8dd0ed8
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.16-2+etch1_mipsel.deb
Size/MD5 checksum: 216892 9c13d9332ad74db6a6a84cb018f333b0

[continued in next message]

--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)