[ MDVSA-2015:149 ] libsndfile

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:149
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : libsndfile
 Date    : March 29, 2015
 Affected: Business Server 2.0
 _______________________________________________________________________

 Problem Description:

 Updated libsndfile packages fix security vulnerabilities:
 
 libsndfile contains multiple buffer-overflow vulnerabilities in
 src/sd2.c because it fails to properly bounds-check user supplied
 input, which may allow an attacker to execute arbitrary code or cause
 a denial of service (CVE-2014-9496).
 
 libsndfile contains a divide-by-zero error in src/file_io.c which
 may allow an attacker to cause a denial of service.
 _______________________________________________________________________

 References:

 http://cve.mitre.org

Leave a Reply