LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Little things that matter in language design

LWN.net Weekly Edition for June 6, 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Pardus alert 2011-103 (libsndfile)



From:
    	      Meltem Parmaksız <meltem@pardus.org.tr> 


To:
    	      pardus-security@pardus.org.tr 


Subject:
    	      [Pardus-security] [PLSA 2011-103] libsndfile: Arbitrary Code
	Execution 


Date:
    	      Thu, 4 Aug 2011 14:29:03 +0300


Message-ID:
    	      <201108041429.03476.meltem@pardus.org.tr>


Archive-link:
    	      Article, Thread
              


------------------------------------------------------------------------
Pardus Linux Security Advisory 2011-103           security@pardus.org.tr
------------------------------------------------------------------------
      Date: 2011-08-04
      Type: Remote
------------------------------------------------------------------------

Summary
=======

A vulnerability has been fixed in libsndfile. 


Description
===========

CVE-2011-2696: 

Integer overflow in libsndfile before 1.0.25 allows remote attackers to 
cause a denial of  service  (application  crash)  or  possibly  execute 
arbitrary code via a crafted PARIS Audio Format (PAF) file that triggers
a heap-based buffer overflow. 


Affected packages:

  Pardus 2009:
    libsndfile, all before 1.0.25-12-9


Resolution
==========

There are update(s) for libsndfile. You can  update  them  via  Package 
Manager or with a single command from console: 

    pisi up libsndfile

References
==========

  * http://bugs.pardus.org.tr/show_bug.cgi?id=18724

------------------------------------------------------------------------
_______________________________________________
Pardus-Security mailing list
Pardus-Security@pardus.org.tr
http://liste.pardus.org.tr/mailman/listinfo/pardus-security
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds