Mandriva Linux Security Advisory 2009-232 - A security vulnerability has been identified and fixed in libsamplerate. Lev Givon discovered a buffer overflow in libsamplerate that could lead to a segfault with specially crafted python code. This problem has been fixed with libsamplerate-0.1.7 but older versions are affected. This update provides a solution to this vulnerability.
1c0b306e55ccbf49d474cf47f1400104caf0be94c944b7ccb3fb6c9738b7e3a9
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2009:232
http://www.mandriva.com/security/
_______________________________________________________________________
Package : libsamplerate
Date : September 11, 2009
Affected: 2008.1, 2009.0, Corporate 3.0, Corporate 4.0
_______________________________________________________________________
Problem Description:
A security vulnerability has been identified and fixed in
libsamplerate:
Lev Givon discovered a buffer overflow in libsamplerate that could
lead to a segfault with specially crafted python code. This problem has
been fixed with libsamplerate-0.1.7 but older versions are affected.
This update provides a solution to this vulnerability.
_______________________________________________________________________
References:
https://qa.mandriva.com/47888
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.1:
68b6b761ad6f8c5144380adf7e670a20 2008.1/i586/libsamplerate0-0.1.3-0.pre6.3.2mdv2008.1.i586.rpm
c4048627b6cd47ecc36798e3b95291f8 2008.1/i586/libsamplerate-devel-0.1.3-0.pre6.3.2mdv2008.1.i586.rpm
8b021bc53c012b993a55b702ca5d4ef3 2008.1/i586/libsamplerate-progs-0.1.3-0.pre6.3.2mdv2008.1.i586.rpm
6fc83bb69d28e02bb4676ac8c822bf4c 2008.1/SRPMS/libsamplerate-0.1.3-0.pre6.3.2mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64:
c912e011f54a3f43adf7592e3f79159c 2008.1/x86_64/lib64samplerate0-0.1.3-0.pre6.3.2mdv2008.1.x86_64.rpm
52245d2684de49d0c42b127ed25770d3 2008.1/x86_64/lib64samplerate-devel-0.1.3-0.pre6.3.2mdv2008.1.x86_64.rpm
e009822b488278ce524c98ccd0f4d9e3 2008.1/x86_64/libsamplerate-progs-0.1.3-0.pre6.3.2mdv2008.1.x86_64.rpm
6fc83bb69d28e02bb4676ac8c822bf4c 2008.1/SRPMS/libsamplerate-0.1.3-0.pre6.3.2mdv2008.1.src.rpm
Mandriva Linux 2009.0:
00c1eddd0f7027881d61c9810c8a7b9e 2009.0/i586/libsamplerate0-0.1.4-1.1mdv2009.0.i586.rpm
aaa8cb9975747da1fdfde6232ccf59a4 2009.0/i586/libsamplerate-devel-0.1.4-1.1mdv2009.0.i586.rpm
1ac80dd7e709814263e5b9aeaa398b90 2009.0/i586/libsamplerate-progs-0.1.4-1.1mdv2009.0.i586.rpm
440cca6113286912ad26389751846488 2009.0/SRPMS/libsamplerate-0.1.4-1.1mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
742aed975be2108101d544e4af10051f 2009.0/x86_64/lib64samplerate0-0.1.4-1.1mdv2009.0.x86_64.rpm
01273f68c2bd71058c17dc130e7995da 2009.0/x86_64/lib64samplerate-devel-0.1.4-1.1mdv2009.0.x86_64.rpm
934924f0f55c61bd7328316994594132 2009.0/x86_64/libsamplerate-progs-0.1.4-1.1mdv2009.0.x86_64.rpm
440cca6113286912ad26389751846488 2009.0/SRPMS/libsamplerate-0.1.4-1.1mdv2009.0.src.rpm
Corporate 3.0:
90a843449a9077e3de0daa6bffd9a5d2 corporate/3.0/i586/libsamplerate0-0.0.15-2.2.C30mdk.i586.rpm
575111d361dc0886f1788fab9a55bc2a corporate/3.0/i586/libsamplerate0-devel-0.0.15-2.2.C30mdk.i586.rpm
17c39e53f9c74b7f161008a8ea205630 corporate/3.0/i586/libsamplerate-progs-0.0.15-2.2.C30mdk.i586.rpm
f9b91945c60e160f9a44e3d6e8265930 corporate/3.0/SRPMS/libsamplerate-0.0.15-2.2.C30mdk.src.rpm
Corporate 3.0/X86_64:
502ef117b448d385d61ba74676118bb1 corporate/3.0/x86_64/lib64samplerate0-0.0.15-2.2.C30mdk.x86_64.rpm
bf8a35fbb19b14fb8a180e15263da664 corporate/3.0/x86_64/lib64samplerate0-devel-0.0.15-2.2.C30mdk.x86_64.rpm
32e670174dbf0e76ce55b30af497d076 corporate/3.0/x86_64/libsamplerate-progs-0.0.15-2.2.C30mdk.x86_64.rpm
f9b91945c60e160f9a44e3d6e8265930 corporate/3.0/SRPMS/libsamplerate-0.0.15-2.2.C30mdk.src.rpm
Corporate 4.0:
5911901b6500278924e683527389dff7 corporate/4.0/i586/libsamplerate0-0.1.2-1.2.20060mlcs4.i586.rpm
020f7a51ac2dfc9100519ac17f3ad9c1 corporate/4.0/i586/libsamplerate0-devel-0.1.2-1.2.20060mlcs4.i586.rpm
3bcce103dbed501d68e83e1513de4fb7 corporate/4.0/i586/libsamplerate-progs-0.1.2-1.2.20060mlcs4.i586.rpm
9ed1ef514bb0ba8882604a438c3a2b6c corporate/4.0/SRPMS/libsamplerate-0.1.2-1.2.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
ff73bdbc43ef5dab21be04dce86c96ec corporate/4.0/x86_64/lib64samplerate0-0.1.2-1.2.20060mlcs4.x86_64.rpm
81c6d68db92c9121fdc71a07738d49d1 corporate/4.0/x86_64/lib64samplerate0-devel-0.1.2-1.2.20060mlcs4.x86_64.rpm
198206469146f0f5438c2a4d0fdbe651 corporate/4.0/x86_64/libsamplerate-progs-0.1.2-1.2.20060mlcs4.x86_64.rpm
9ed1ef514bb0ba8882604a438c3a2b6c corporate/4.0/SRPMS/libsamplerate-0.1.2-1.2.20060mlcs4.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFKqoLwmqjQ0CJFipgRApxoAJ9MLgPhPp4Wgm4vqZMNVZZggJlWOACgp6DH
Sp5KoJri+ssPAeLg354oFyc=
=6ODM
-----END PGP SIGNATURE-----