Patch stops integer overflow in libsnd packages |
Written by Rebecca Mints |
Tuesday, 17 March 2009 00:44 |
Security specialist Debian has released today its bugtraq advisory on the libsndfile vulnerability that causes integer overflow. It reported that flaws in all versions of libsnd packages can be fixed through updatess now available on Debian website www.debian.org/pools/updates. It was Alan Rad Pop of Debian security organization who recently discovered that libsndfile is prone to integer overflow. The file is used to read and write sampled audio data. Debian noted that the vulnerability causes a heap-based buffer overflow when processing crafted CAF description chunks. “This could possibly lead to arbitrary code execution,” it added. Users who frequently call on the libsndfile to read audio data are advised to get the upgrade. Stable and oldstable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. |