Summary
The remote host is missing an update to libsndfile announced via advisory FEDORA-2009-11499.
Solution
Apply the appropriate updates.
This update can be installed with the yum update program. Use su -c 'yum update libsndfile' at the command line.
For more information, refer to Managing Software with yum, available at http://docs.fedoraproject.org/yum/.
https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-11499
Insight
Update Information:
Version 1.0.20 (2009-03-14)
* Fix potential heap overflow in VOC file parser
(Tobias Klein, http://www.trapkit.de/).
Version 1.0.19 (2009-03-02)
* Fix for CVE-2009-0186 (Alin Rad Pop, Secunia Research).
* Huge number of minor bug fixes as a result of static analysis.
Version 1.0.18 (2009-02-07)
* Add Ogg/Vorbis support (thanks to John ffitch).
* Remove captive FLAC library.
* Many new features and bug fixes.
ChangeLog:
* Sat Nov 14 2009 Orcan Ogetbil - 1.0.20-3
- Add FLAC/Ogg/Vorbis support (BR: libvorbis-devel) - Make build verbose
- Remove rpath
- Fix ChangeLog encoding
- Move the big Changelog to the devel package
References
Severity
Classification
-
CVE CVE-2009-0186, CVE-2009-1788, CVE-2009-1791 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities