Mandrake Local Security Checks : Mandriva Security Advisory MDVSA-2011:119 (libsndfile)

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.70030

Categoría: Mandrake Local Security Checks

Título: Mandriva Security Advisory MDVSA-2011:119 (libsndfile)

Resumen: NOSUMMARY

Descripción: Description:
The remote host is missing an update to libsndfile
announced via advisory MDVSA-2011:119.

A vulnerability was discovered and corrected in libsndfile:

An integer overflow flaw, leading to a heap-based buffer overflow,
was found in the way the libsndfile library processed certain
Ensoniq PARIS Audio Format (PAF) audio files. An attacker could
create a specially-crafted PAF file that, when opened, could cause
an application using libsndfile to crash or, potentially, execute
arbitrary code with the privileges of the user running the application
(CVE-2011-2696).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been patched to correct this issue.

Affected: 2009.0, 2010.1, Corporate 4.0, Enterprise Server 5.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2011:119
http://secunia.com/advisories/45125/

Risk factor : High

CVSS Score:
6.8

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-2696
BugTraq ID: 48644
http://www.securityfocus.com/bid/48644
Debian Security Information: DSA-2288 (Google Search)
http://www.debian.org/security/2011/dsa-2288
http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062955.html
http://www.mandriva.com/security/advisories?name=MDVSA-2011:119
http://www.securelist.com/en/advisories/45125
http://www.openwall.com/lists/oss-security/2011/07/14/1
http://www.openwall.com/lists/oss-security/2011/07/14/2
http://www.openwall.com/lists/oss-security/2011/07/14/3
http://www.openwall.com/lists/oss-security/2011/07/14/4
http://www.openwall.com/lists/oss-security/2011/07/15/1
http://www.openwall.com/lists/oss-security/2011/07/15/3
http://www.openwall.com/lists/oss-security/2011/07/15/4
http://www.openwall.com/lists/oss-security/2011/07/18/1
http://www.redhat.com/support/errata/RHSA-2011-1084.html
http://secunia.com/advisories/45125
http://secunia.com/advisories/45351
http://secunia.com/advisories/45384
http://secunia.com/advisories/45388
http://secunia.com/advisories/45433
SuSE Security Announcement: openSUSE-SU-2011:0855 (Google Search)
https://hermes.opensuse.org/messages/10387521
http://www.ubuntu.com/usn/USN-1174-1

Copyright Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.70030
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Security Advisory MDVSA-2011:119 (libsndfile)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to libsndfile announced via advisory MDVSA-2011:119. A vulnerability was discovered and corrected in libsndfile: An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the libsndfile library processed certain Ensoniq PARIS Audio Format (PAF) audio files. An attacker could create a specially-crafted PAF file that, when opened, could cause an application using libsndfile to crash or, potentially, execute arbitrary code with the privileges of the user running the application (CVE-2011-2696). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct this issue. Affected: 2009.0, 2010.1, Corporate 4.0, Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2011:119 http://secunia.com/advisories/45125/ Risk factor : High CVSS Score: 6.8
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-2696 BugTraq ID: 48644 http://www.securityfocus.com/bid/48644 Debian Security Information: DSA-2288 (Google Search) http://www.debian.org/security/2011/dsa-2288 http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062955.html http://www.mandriva.com/security/advisories?name=MDVSA-2011:119 http://www.securelist.com/en/advisories/45125 http://www.openwall.com/lists/oss-security/2011/07/14/1 http://www.openwall.com/lists/oss-security/2011/07/14/2 http://www.openwall.com/lists/oss-security/2011/07/14/3 http://www.openwall.com/lists/oss-security/2011/07/14/4 http://www.openwall.com/lists/oss-security/2011/07/15/1 http://www.openwall.com/lists/oss-security/2011/07/15/3 http://www.openwall.com/lists/oss-security/2011/07/15/4 http://www.openwall.com/lists/oss-security/2011/07/18/1 http://www.redhat.com/support/errata/RHSA-2011-1084.html http://secunia.com/advisories/45125 http://secunia.com/advisories/45351 http://secunia.com/advisories/45384 http://secunia.com/advisories/45388 http://secunia.com/advisories/45433 SuSE Security Announcement: openSUSE-SU-2011:0855 (Google Search) https://hermes.opensuse.org/messages/10387521 http://www.ubuntu.com/usn/USN-1174-1
Copyright	Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com