-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2009:232 http://www.mandriva.com/security/ _______________________________________________________________________ Package : libsamplerate Date : September 11, 2009 Affected: 2008.1, 2009.0, Corporate 3.0, Corporate 4.0 _______________________________________________________________________ Problem Description: A security vulnerability has been identified and fixed in libsamplerate: Lev Givon discovered a buffer overflow in libsamplerate that could lead to a segfault with specially crafted python code. This problem has been fixed with libsamplerate-0.1.7 but older versions are affected. This update provides a solution to this vulnerability. _______________________________________________________________________ References: https://qa.mandriva.com/47888 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.1: 68b6b761ad6f8c5144380adf7e670a20 2008.1/i586/libsamplerate0-0.1.3-0.pre6.3.2mdv2008.1.i586.rpm c4048627b6cd47ecc36798e3b95291f8 2008.1/i586/libsamplerate-devel-0.1.3-0.pre6.3.2mdv2008.1.i586.rpm 8b021bc53c012b993a55b702ca5d4ef3 2008.1/i586/libsamplerate-progs-0.1.3-0.pre6.3.2mdv2008.1.i586.rpm 6fc83bb69d28e02bb4676ac8c822bf4c 2008.1/SRPMS/libsamplerate-0.1.3-0.pre6.3.2mdv2008.1.src.rpm Mandriva Linux 2008.1/X86_64: c912e011f54a3f43adf7592e3f79159c 2008.1/x86_64/lib64samplerate0-0.1.3-0.pre6.3.2mdv2008.1.x86_64.rpm 52245d2684de49d0c42b127ed25770d3 2008.1/x86_64/lib64samplerate-devel-0.1.3-0.pre6.3.2mdv2008.1.x86_64.rpm e009822b488278ce524c98ccd0f4d9e3 2008.1/x86_64/libsamplerate-progs-0.1.3-0.pre6.3.2mdv2008.1.x86_64.rpm 6fc83bb69d28e02bb4676ac8c822bf4c 2008.1/SRPMS/libsamplerate-0.1.3-0.pre6.3.2mdv2008.1.src.rpm Mandriva Linux 2009.0: 00c1eddd0f7027881d61c9810c8a7b9e 2009.0/i586/libsamplerate0-0.1.4-1.1mdv2009.0.i586.rpm aaa8cb9975747da1fdfde6232ccf59a4 2009.0/i586/libsamplerate-devel-0.1.4-1.1mdv2009.0.i586.rpm 1ac80dd7e709814263e5b9aeaa398b90 2009.0/i586/libsamplerate-progs-0.1.4-1.1mdv2009.0.i586.rpm 440cca6113286912ad26389751846488 2009.0/SRPMS/libsamplerate-0.1.4-1.1mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 742aed975be2108101d544e4af10051f 2009.0/x86_64/lib64samplerate0-0.1.4-1.1mdv2009.0.x86_64.rpm 01273f68c2bd71058c17dc130e7995da 2009.0/x86_64/lib64samplerate-devel-0.1.4-1.1mdv2009.0.x86_64.rpm 934924f0f55c61bd7328316994594132 2009.0/x86_64/libsamplerate-progs-0.1.4-1.1mdv2009.0.x86_64.rpm 440cca6113286912ad26389751846488 2009.0/SRPMS/libsamplerate-0.1.4-1.1mdv2009.0.src.rpm Corporate 3.0: 90a843449a9077e3de0daa6bffd9a5d2 corporate/3.0/i586/libsamplerate0-0.0.15-2.2.C30mdk.i586.rpm 575111d361dc0886f1788fab9a55bc2a corporate/3.0/i586/libsamplerate0-devel-0.0.15-2.2.C30mdk.i586.rpm 17c39e53f9c74b7f161008a8ea205630 corporate/3.0/i586/libsamplerate-progs-0.0.15-2.2.C30mdk.i586.rpm f9b91945c60e160f9a44e3d6e8265930 corporate/3.0/SRPMS/libsamplerate-0.0.15-2.2.C30mdk.src.rpm Corporate 3.0/X86_64: 502ef117b448d385d61ba74676118bb1 corporate/3.0/x86_64/lib64samplerate0-0.0.15-2.2.C30mdk.x86_64.rpm bf8a35fbb19b14fb8a180e15263da664 corporate/3.0/x86_64/lib64samplerate0-devel-0.0.15-2.2.C30mdk.x86_64.rpm 32e670174dbf0e76ce55b30af497d076 corporate/3.0/x86_64/libsamplerate-progs-0.0.15-2.2.C30mdk.x86_64.rpm f9b91945c60e160f9a44e3d6e8265930 corporate/3.0/SRPMS/libsamplerate-0.0.15-2.2.C30mdk.src.rpm Corporate 4.0: 5911901b6500278924e683527389dff7 corporate/4.0/i586/libsamplerate0-0.1.2-1.2.20060mlcs4.i586.rpm 020f7a51ac2dfc9100519ac17f3ad9c1 corporate/4.0/i586/libsamplerate0-devel-0.1.2-1.2.20060mlcs4.i586.rpm 3bcce103dbed501d68e83e1513de4fb7 corporate/4.0/i586/libsamplerate-progs-0.1.2-1.2.20060mlcs4.i586.rpm 9ed1ef514bb0ba8882604a438c3a2b6c corporate/4.0/SRPMS/libsamplerate-0.1.2-1.2.20060mlcs4.src.rpm Corporate 4.0/X86_64: ff73bdbc43ef5dab21be04dce86c96ec corporate/4.0/x86_64/lib64samplerate0-0.1.2-1.2.20060mlcs4.x86_64.rpm 81c6d68db92c9121fdc71a07738d49d1 corporate/4.0/x86_64/lib64samplerate0-devel-0.1.2-1.2.20060mlcs4.x86_64.rpm 198206469146f0f5438c2a4d0fdbe651 corporate/4.0/x86_64/libsamplerate-progs-0.1.2-1.2.20060mlcs4.x86_64.rpm 9ed1ef514bb0ba8882604a438c3a2b6c corporate/4.0/SRPMS/libsamplerate-0.1.2-1.2.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFKqoLwmqjQ0CJFipgRApxoAJ9MLgPhPp4Wgm4vqZMNVZZggJlWOACgp6DH Sp5KoJri+ssPAeLg354oFyc= =6ODM -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
