Login
Newsletter
Werbung
Sicherheit: Ausführen beliebiger Kommandos in flac
Aktuelle Meldungen Distributionen
Name: Ausführen beliebiger Kommandos in flac
ID: MDKSA-2007:214
Distribution: Mandriva
Plattformen: Mandriva Corporate 3.0, Mandriva 2007.0, Mandriva 2007.1, Mandriva 2008.0
Datum: Fr, 9. November 2007, 01:18
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4619
Applikationen: FLAC

Originalnachricht

 
This is a multi-part message in MIME format...

------------=_1194567499-4794-3227


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2007:214
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : flac
 Date    : November 8, 2007
 Affected: 2007.0, 2007.1, 2008.0, Corporate 3.0
 _______________________________________________________________________
 
 Problem Description:
 
 A security vulnerability was discovered in how flac processed audio
 data.  An attacker could create a carefully crafted FLAC audio file
 that could cause an application linked against the flac libraries to
 crash or execute arbitrary code when opened.
 
 Updated packages have been patched to prevent this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4619
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 2a758b441105a8ddf2b0b37456ca6a1c  2007.0/i586/flac-1.1.2-7.1mdv2007.0.i586.rpm
 178313c2b2470e3a2dc95ba5feb40e7e 
 2007.0/i586/libflac++5-1.1.2-7.1mdv2007.0.i586.rpm
 287f22b3cad551f9b1aa04afcfb0de69 
 2007.0/i586/libflac++5-devel-1.1.2-7.1mdv2007.0.i586.rpm
 65a37dffde2d130095576b4dc86bcdb2 
 2007.0/i586/libflac7-1.1.2-7.1mdv2007.0.i586.rpm
 d62d9e801c158808824bd925a9cfe7be 
 2007.0/i586/libflac7-devel-1.1.2-7.1mdv2007.0.i586.rpm
 0b5b72228e1ffcc74789a66f02f5d294 
 2007.0/i586/liboggflac++2-1.1.2-7.1mdv2007.0.i586.rpm
 47fe7a0c3db92d75f82b5dcd14dc0226 
 2007.0/i586/liboggflac++2-devel-1.1.2-7.1mdv2007.0.i586.rpm
 fc5001aac7fc4a3f29f42b247a556b57 
 2007.0/i586/liboggflac3-1.1.2-7.1mdv2007.0.i586.rpm
 39a62634a615955721048762e030ee5c 
 2007.0/i586/liboggflac3-devel-1.1.2-7.1mdv2007.0.i586.rpm 
 dd0c2e16ec064eaf0896eb6e48669a0b  2007.0/SRPMS/flac-1.1.2-7.1mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 c0d9bb713fee112219aa41126a1c7378 
 2007.0/x86_64/flac-1.1.2-7.1mdv2007.0.x86_64.rpm
 a54b539b257cd4835ed06ccea9fac8d8 
 2007.0/x86_64/lib64flac++5-1.1.2-7.1mdv2007.0.x86_64.rpm
 4ac5e9e111ca455fac34405a2cb62d8b 
 2007.0/x86_64/lib64flac++5-devel-1.1.2-7.1mdv2007.0.x86_64.rpm
 3f3e29c0a0e2d408f18592db6a00fd1d 
 2007.0/x86_64/lib64flac7-1.1.2-7.1mdv2007.0.x86_64.rpm
 2e041c2c44408c4e1134b91e02082898 
 2007.0/x86_64/lib64flac7-devel-1.1.2-7.1mdv2007.0.x86_64.rpm
 7f6848482fdbe933732961a43e306ba6 
 2007.0/x86_64/lib64oggflac++2-1.1.2-7.1mdv2007.0.x86_64.rpm
 1791616d3a9891e77041e7e0f5d073a8 
 2007.0/x86_64/lib64oggflac++2-devel-1.1.2-7.1mdv2007.0.x86_64.rpm
 60b21afb8ae750b2c30b7d91d74c5172 
 2007.0/x86_64/lib64oggflac3-1.1.2-7.1mdv2007.0.x86_64.rpm
 685a834c0d57e26f2ec3cb4e0c18b068 
 2007.0/x86_64/lib64oggflac3-devel-1.1.2-7.1mdv2007.0.x86_64.rpm 
 dd0c2e16ec064eaf0896eb6e48669a0b  2007.0/SRPMS/flac-1.1.2-7.1mdv2007.0.src.rpm

 Mandriva Linux 2007.1:
 b0c52bdc7e0c2989c4a14949137dd26b  2007.1/i586/flac-1.1.4-1.1mdv2007.1.i586.rpm
 f6f18644073d375d255da42206b8750f 
 2007.1/i586/libflac++6-1.1.4-1.1mdv2007.1.i586.rpm
 5e217c24b9f16f4c5eb68d71cad8cc2e 
 2007.1/i586/libflac++6-devel-1.1.4-1.1mdv2007.1.i586.rpm
 eaf51510c9f4408ac9558429be8c6579 
 2007.1/i586/libflac8-1.1.4-1.1mdv2007.1.i586.rpm
 888f40a0b45ce7396fd9eeb8eabcdc43 
 2007.1/i586/libflac8-devel-1.1.4-1.1mdv2007.1.i586.rpm 
 8ea35cb7f128b509e3cf2fb085869d17  2007.1/SRPMS/flac-1.1.4-1.1mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 c4a8502d10704ed932223a87e7ba132b 
 2007.1/x86_64/flac-1.1.4-1.1mdv2007.1.x86_64.rpm
 f5ade2e6d0a1848aa0fbe35bc643e122 
 2007.1/x86_64/lib64flac++6-1.1.4-1.1mdv2007.1.x86_64.rpm
 1a20620c164f5713cd7afd78a9bc0eec 
 2007.1/x86_64/lib64flac++6-devel-1.1.4-1.1mdv2007.1.x86_64.rpm
 b5feb6a6c3acac1363a5adb32c46d401 
 2007.1/x86_64/lib64flac8-1.1.4-1.1mdv2007.1.x86_64.rpm
 547f58c24bfce6ebeb9b56deb0fff815 
 2007.1/x86_64/lib64flac8-devel-1.1.4-1.1mdv2007.1.x86_64.rpm 
 8ea35cb7f128b509e3cf2fb085869d17  2007.1/SRPMS/flac-1.1.4-1.1mdv2007.1.src.rpm

 Mandriva Linux 2008.0:
 9d60c84296f5813cf72727f162170bf4  2008.0/i586/flac-1.2.0-1.1mdv2008.0.i586.rpm
 4a525a283585afabd8a3b04f0b4af014 
 2008.0/i586/libflac++-devel-1.2.0-1.1mdv2008.0.i586.rpm
 3afb08a4e6d02d16e743f9116b9a21a9 
 2008.0/i586/libflac++6-1.2.0-1.1mdv2008.0.i586.rpm
 5e5d14d3c2826fcacea9904aa13551b0 
 2008.0/i586/libflac-devel-1.2.0-1.1mdv2008.0.i586.rpm
 6be87c66b0907ee4a84668ebe51eea45 
 2008.0/i586/libflac8-1.2.0-1.1mdv2008.0.i586.rpm 
 1725221f4f57e288a5cfca68d95b2955  2008.0/SRPMS/flac-1.2.0-1.1mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 a5678faa589567d3acb1f54f11c2e50e 
 2008.0/x86_64/flac-1.2.0-1.1mdv2008.0.x86_64.rpm
 bd62fd6885ed3ad610533f27f608ff07 
 2008.0/x86_64/lib64flac++-devel-1.2.0-1.1mdv2008.0.x86_64.rpm
 50ed7fe956a92a90cc1be40fe9e64c57 
 2008.0/x86_64/lib64flac++6-1.2.0-1.1mdv2008.0.x86_64.rpm
 dc08a101b615324dd7fa418f33b2253c 
 2008.0/x86_64/lib64flac-devel-1.2.0-1.1mdv2008.0.x86_64.rpm
 a17c4c2f3444c62c81b3a3f5822aa791 
 2008.0/x86_64/lib64flac8-1.2.0-1.1mdv2008.0.x86_64.rpm 
 1725221f4f57e288a5cfca68d95b2955  2008.0/SRPMS/flac-1.2.0-1.1mdv2008.0.src.rpm

 Corporate 3.0:
 3f262ab6ff54f853a1abf810af9f1545 
 corporate/3.0/i586/flac-1.1.0-5.1.C30mdk.i586.rpm
 7612ff7138931efbed0cb3ae2004d942 
 corporate/3.0/i586/flac-xmms-1.1.0-5.1.C30mdk.i586.rpm
 cf42c1f565a9e191fc177c7deb394fd6 
 corporate/3.0/i586/libflac++2-1.1.0-5.1.C30mdk.i586.rpm
 693207d9f5aa6a22a799bb6a95508d6d 
 corporate/3.0/i586/libflac++2-devel-1.1.0-5.1.C30mdk.i586.rpm
 c58bd87b1ad20bd6420c0dbfcb3b94f8 
 corporate/3.0/i586/libflac4-1.1.0-5.1.C30mdk.i586.rpm
 c61afdf60705f224c7ed491083b96d83 
 corporate/3.0/i586/libflac4-devel-1.1.0-5.1.C30mdk.i586.rpm
 3c4b7f8f6164e1209ef0759347681e39 
 corporate/3.0/i586/liboggflac++0-1.1.0-5.1.C30mdk.i586.rpm
 605d178e86c240b567d0d55e689f2dd3 
 corporate/3.0/i586/liboggflac++0-devel-1.1.0-5.1.C30mdk.i586.rpm
 776db78c58629e3863c02c71e8297e80 
 corporate/3.0/i586/liboggflac1-1.1.0-5.1.C30mdk.i586.rpm
 922dba04b3fa956b70803c8a1397e349 
 corporate/3.0/i586/liboggflac1-devel-1.1.0-5.1.C30mdk.i586.rpm 
 f233deb6297c74691663b6c213d71466 
 corporate/3.0/SRPMS/flac-1.1.0-5.1.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 af2169ec1f5dd0843381e8b85d335559 
 corporate/3.0/x86_64/flac-1.1.0-5.1.C30mdk.x86_64.rpm
 dbff4ce3a24b6fd4bd9782ca1fe47c8f 
 corporate/3.0/x86_64/flac-xmms-1.1.0-5.1.C30mdk.x86_64.rpm
 f27dab4394a3bc9bc1eb33f0e5b5a185 
 corporate/3.0/x86_64/lib64flac++2-1.1.0-5.1.C30mdk.x86_64.rpm
 158304ab169eda1c002e529b5b67102d 
 corporate/3.0/x86_64/lib64flac++2-devel-1.1.0-5.1.C30mdk.x86_64.rpm
 21edadac20b068ff1b34b9ccbfe20156 
 corporate/3.0/x86_64/lib64flac4-1.1.0-5.1.C30mdk.x86_64.rpm
 5e20a68c32d63f9580b5dec4dd1b0ee4 
 corporate/3.0/x86_64/lib64flac4-devel-1.1.0-5.1.C30mdk.x86_64.rpm
 a8e613736157b05d330de041c3aca073 
 corporate/3.0/x86_64/lib64oggflac++0-1.1.0-5.1.C30mdk.x86_64.rpm
 6bba7e13b0d02ed843b1e90988fdb409 
 corporate/3.0/x86_64/lib64oggflac++0-devel-1.1.0-5.1.C30mdk.x86_64.rpm
 10621fc47e5fd515f84ebafbe1fb40fb 
 corporate/3.0/x86_64/lib64oggflac1-1.1.0-5.1.C30mdk.x86_64.rpm
 4da91de77971fe026c693a9e29cd0bab 
 corporate/3.0/x86_64/lib64oggflac1-devel-1.1.0-5.1.C30mdk.x86_64.rpm 
 f233deb6297c74691663b6c213d71466 
 corporate/3.0/SRPMS/flac-1.1.0-5.1.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFHM3rPmqjQ0CJFipgRAm79AKDIXnvZHpnZnLXpKLOlQ/CGFH7JKACZAbp8
Nsiac9HNqXNuaLmm3XuGhNA=
=FCKV
-----END PGP SIGNATURE-----


------------=_1194567499-4794-3227
Content-Type: text/plain; name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva? 
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1194567499-4794-3227--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung