Summary
The remote host is missing an update to libsndfile announced via advisory MDVSA-2009:132-1.
Solution
To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:132-1
Insight
Multiple vulnerabilities has been found and corrected in libsndfile:
Heap-based buffer overflow in voc_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a VOC file with an invalid header value (CVE-2009-1788).
Heap-based buffer overflow in aiff_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an AIFF file with an invalid header value (CVE-2009-1791).
This update provides fixes for these vulnerabilities.
Update:
Packages for 2008.0 are being provided due to extended support for Corporate products.
Affected: 2008.0
Severity
Classification
-
CVE CVE-2009-1788, CVE-2009-1791 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities