Bug 502657 (CVE-2009-1788)
Summary: | CVE-2009-1788 libsndfile VOC file heap based buffer overflow | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Josh Bressers <bressers> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | andreas, jlieskov, mhlavink, vdanen |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1788 | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2010-12-23 15:38:35 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 502659, 502660, 502661, 664600 | ||
Bug Blocks: |
Description
Josh Bressers
2009-05-26 19:23:05 UTC
*** Bug 501053 has been marked as a duplicate of this bug. *** Link to original Tobias Klein's advisory: http://trapkit.de/advisories/TKADV2009-006.txt Issue was fixed upstream in 1.0.20: http://www.mega-nerd.com/erikd/Blog/CodeHacking/libsndfile/rel_20.html Upstream also created patches for few recent versions (1.0.15 - 1.0.19). libsndfile-1.0.20-3.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report. libsndfile-1.0.20-3.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report. This is already fixed in all releases, what is it NEW then ? EPEL-5 has libsndfile-1.0.17-2.el5. This is still not fixed in EPEL5 (1.0.17-3.el5), yet it was updated recently: * Thu Jul 08 2010 Michel Salim <salimma> - 1.0.17-3 - Fix for channel per frame overflow (CVE-2009-0186, #488364) Will this be fixed in EPEL5? Bui(In reply to comment #8) > Will this be fixed in EPEL5? Building right now. Thanks for asking, without it I won't know about this bug (this bug was filled before I became co-maintainer and is not filled directly against libsndfile, so I did not know this bug existed). Thanks much for taking care of it! I see that libsndfile-1.0.17-4.el5 was submitted for EPEL5. Closing, with many thanks! |