Advisories » MGASA-2015-0015

Updated libsndfile packages fix CVE-2014-9496

Publication date: 08 Jan 2015
Modification date: 08 Jan 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2014-9496

Description

Updated libsndfile packages fix security vulnerabilities:

libsndfile contains multiple buffer-overflow vulnerabilities in src/sd2.c
because it fails to properly bounds-check user supplied input, which may
allow an attacker to execute arbitrary code or cause a denial of service
(CVE-2014-9496).

libsndfile contains a divide-by-zero error in src/file_io.c which may allow
an attacker to cause a denial of service.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=14961
• http://openwall.com/lists/oss-security/2014/12/24/3
• http://openwall.com/lists/oss-security/2015/01/04/4
• http://www.securityfocus.com/bid/71796
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9496

SRPMS

4/core

• libsndfile-1.0.25-3.1.mga4