Spring navigering over

• Om Debian
• Nyheder
• Få fat i Debian
• Support
• Udviklerhjørnet
• Sideoversigt
• Søg

Debians sikkerhedsbulletin

DSA-1814-1 libsndfile -- heap-baseret bufferoverløb

Rapporteret den:

13. jun 2009

Berørte pakker:

libsndfile

Sårbar:

Ja

Referencer i sikkerhedsdatabaser:

I Debians fejlsporingssystem: Fejl 528650.
I Mitres CVE-ordbog: CVE-2009-1788, CVE-2009-1791.

Yderligere oplysninger:

To sårbarheder er opdaget i libsndfile, et bibliotek til læsning og skrivning af samplede lyddata. Projektet Common Vulnerabilities and Exposures har registreret følgende problemer:

• CVE-2009-1788

  Tobias Klein opdagede at VOC-fortolkningsrutinerne var ramt af et heap-baseret bufferoverløb, hvilket kunne udløses af en angriber gennem en fabrikeret VOC-header.

• CVE-2009-1791

  Forhandleren opdagede at AIFF-fortolkningsrutinerne var ramt af et heap-baseret bufferoverløb svarende til CVE-2009-1788, der kunne udløses af en angriber gennem en fabrikeret AIFF-header.

I begge tilfælde er de overløbende data ikke fuldstændigt kontrollerede af angriberen, men fører stadig til at applikationen går ned, eller under visse omstændigheder kan det måske stadig føre til udførelse af vilkårlig kode.

I den gamle stabile distribution (etch), er dette problem rettet i version 1.0.16-2+etch2.

I den stabile distribution (lenny), er dette problem rettet i version 1.0.17-4+lenny2.

I distributionen testing (squeeze), vil dette problem snart blive rettet.

I den ustabile distribution (sid), er dette problem rettet i version 1.0.20-1.

Vi anbefaler at du opgraderer dine libsndfile-pakker.

Rettet i:

Debian GNU/Linux 4.0 (etch)

Kildekode:

http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile_1.0.16-2+etch2.dsc

http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile_1.0.16-2+etch2.diff.gz

http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile_1.0.16.orig.tar.gz

Alpha:

http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.16-2+etch2_alpha.deb

http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.16-2+etch2_alpha.deb

http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.16-2+etch2_alpha.deb

AMD64:

http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.16-2+etch2_amd64.deb

http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.16-2+etch2_amd64.deb

http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.16-2+etch2_amd64.deb

HP Precision:

http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.16-2+etch2_hppa.deb

http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.16-2+etch2_hppa.deb

http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.16-2+etch2_hppa.deb

Intel IA-32:

http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.16-2+etch2_i386.deb

http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.16-2+etch2_i386.deb

http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.16-2+etch2_i386.deb

Intel IA-64:

http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.16-2+etch2_ia64.deb

http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.16-2+etch2_ia64.deb

http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.16-2+etch2_ia64.deb

Big-endian MIPS:

http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.16-2+etch2_mips.deb

http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.16-2+etch2_mips.deb

http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.16-2+etch2_mips.deb

Little-endian MIPS:

http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.16-2+etch2_mipsel.deb

http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.16-2+etch2_mipsel.deb

http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.16-2+etch2_mipsel.deb

PowerPC:

http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.16-2+etch2_powerpc.deb

http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.16-2+etch2_powerpc.deb

http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.16-2+etch2_powerpc.deb

IBM S/390:

http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.16-2+etch2_s390.deb

http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.16-2+etch2_s390.deb

http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.16-2+etch2_s390.deb

Sun Sparc:

http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.16-2+etch2_sparc.deb

http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.16-2+etch2_sparc.deb

http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.16-2+etch2_sparc.deb

Debian GNU/Linux 5.0 (lenny)

Kildekode:

http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile_1.0.17-4+lenny2.dsc

http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile_1.0.17-4+lenny2.diff.gz

http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile_1.0.17.orig.tar.gz

Alpha:

http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.17-4+lenny2_alpha.deb

http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.17-4+lenny2_alpha.deb

http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.17-4+lenny2_alpha.deb

AMD64:

http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.17-4+lenny2_amd64.deb

http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.17-4+lenny2_amd64.deb

http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.17-4+lenny2_amd64.deb

ARM:

http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.17-4+lenny2_arm.deb

http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.17-4+lenny2_arm.deb

http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.17-4+lenny2_arm.deb

ARM EABI:

http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.17-4+lenny2_armel.deb

http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.17-4+lenny2_armel.deb

http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.17-4+lenny2_armel.deb

HP Precision:

http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.17-4+lenny2_hppa.deb

http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.17-4+lenny2_hppa.deb

http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.17-4+lenny2_hppa.deb

Intel IA-32:

http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.17-4+lenny2_i386.deb

http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.17-4+lenny2_i386.deb

http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.17-4+lenny2_i386.deb

Intel IA-64:

http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.17-4+lenny2_ia64.deb

http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.17-4+lenny2_ia64.deb

http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.17-4+lenny2_ia64.deb

Big-endian MIPS:

http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.17-4+lenny2_mips.deb

http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.17-4+lenny2_mips.deb

http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.17-4+lenny2_mips.deb

Little-endian MIPS:

http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.17-4+lenny2_mipsel.deb

http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.17-4+lenny2_mipsel.deb

http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.17-4+lenny2_mipsel.deb

PowerPC:

http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.17-4+lenny2_powerpc.deb

http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.17-4+lenny2_powerpc.deb

http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.17-4+lenny2_powerpc.deb

IBM S/390:

http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.17-4+lenny2_s390.deb

http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.17-4+lenny2_s390.deb

http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.17-4+lenny2_s390.deb

Sun Sparc:

http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.17-4+lenny2_sparc.deb

http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.17-4+lenny2_sparc.deb

http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.17-4+lenny2_sparc.deb

MD5-kontrolsummer for de listede filer findes i den originale sikkerhedsbulletin.

Denne side findes også på følgende sprog:

English 日本語 (Nihongo) svenska

Sådan opsætter du standardsprogvalg for dokumenter