Contact | Site en Français               

 


 

Vulnerabilities & Threats
 
  VUPEN Security Advisories
  Linux Security Advisories

  Malware Advisories
  Security Research
  Threat Watch Blog
  Zero-Day Monitor
  Search Engine
  Mailing List & RSS
 
   

>> Mandriva Security Update Fixes libcdaudio Buffer Overflow Vulnerabilities

Title : Mandriva Security Update Fixes libcdaudio Buffer Overflow Vulnerabilities
VUPEN ID : VUPEN/ADV-2008-3210
CVE ID : CVE-2005-0706 - CVE-2008-5030
Rated as : High Risk 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2008-11-21

Technical Description    Receive VUPEN Security alerts in a Text format  Receive VUPEN Security alerts in a PDF format  Receive VUPEN Security alerts in an XML format 

Multiple vulnerabilities have been identified in Mandriva, which could be exploited by attackers to compromise a vulnerable system. These issues are caused by errors in libcdaudio. For additional information, see : VUPEN/ADV-2008-3133 - VUPEN/ADV-2008-3200

Affected Products

Mandriva Linux 2008.1
Mandriva Linux 2009.0
Mandriva Linux 3.0

Solution

Upgrade the affected packages :

Mandriva Linux 2008.1:
6978cf6d84f22686062d62b45863f81f 2008.1/i586/libcdaudio1-0.99.12-5.1mdv2008.1.i586.rpm
126a243d197bf8d847597357546dfc58 2008.1/i586/libcdaudio1-devel-0.99.12-5.1mdv2008.1.i586.rpm
3dd42d183a63a921ec56b129b86f3f02 2008.1/SRPMS/libcdaudio-0.99.12-5.1mdv2008.1.src.rpm

Mandriva Linux 2008.1/X86_64:
76ca25627276138014833e61a8fe6c4e 2008.1/x86_64/lib64cdaudio1-0.99.12-5.1mdv2008.1.x86_64.rpm
87e8e0c3d0179573ca8c61295a228bed 2008.1/x86_64/lib64cdaudio1-devel-0.99.12-5.1mdv2008.1.x86_64.rpm
3dd42d183a63a921ec56b129b86f3f02 2008.1/SRPMS/libcdaudio-0.99.12-5.1mdv2008.1.src.rpm

Mandriva Linux 2009.0:
48351a32506f711f934042c5d6f123d7 2009.0/i586/libcdaudio1-0.99.12-6.1mdv2009.0.i586.rpm
f3df7e51ad855e834c0a37ef4113a6dd 2009.0/i586/libcdaudio1-devel-0.99.12-6.1mdv2009.0.i586.rpm
72653605f19d2365a7c440d21044969a 2009.0/SRPMS/libcdaudio-0.99.12-6.1mdv2009.0.src.rpm

Mandriva Linux 2009.0/X86_64:
b2d85ef8098faccc154309fba1a8214c 2009.0/x86_64/lib64cdaudio1-0.99.12-6.1mdv2009.0.x86_64.rpm
8c4d1001de404c10a4f11788955b2ab9 2009.0/x86_64/lib64cdaudio1-devel-0.99.12-6.1mdv2009.0.x86_64.rpm
72653605f19d2365a7c440d21044969a 2009.0/SRPMS/libcdaudio-0.99.12-6.1mdv2009.0.src.rpm

Corporate 3.0:
93eee111cae34c40cbf8c82477874919 corporate/3.0/i586/libcdaudio1-0.99.9-1.2.C30mdk.i586.rpm
d3ab78c3ae2d85be72b044918b6938b2 corporate/3.0/i586/libcdaudio1-devel-0.99.9-1.2.C30mdk.i586.rpm
ff91319a5e9298e220ca7ca356dbd4a4 corporate/3.0/SRPMS/libcdaudio1-0.99.9-1.2.C30mdk.src.rpm

Corporate 3.0/X86_64:
87a069d1a5c43fa936e431ad148b45a5 corporate/3.0/x86_64/libcdaudio1-0.99.9-1.2.C30mdk.x86_64.rpm
4e4bfc437a44bfad8837c8d2e1f8cfe5 corporate/3.0/x86_64/libcdaudio1-devel-0.99.9-1.2.C30mdk.x86_64.rpm
ff91319a5e9298e220ca7ca356dbd4a4 corporate/3.0/SRPMS/libcdaudio1-0.99.9-1.2.C30mdk.src.rpm

References

http://www.vupen.com/english/advisories/2008/3210
http://lists.mandriva.com/security-announce/2008-11/msg00023.php

ChangeLog

2008-11-21 : Initial release

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time alerts when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.
 

Vulnerability Alerting

Free 14-Day Trial
 
  Latest News

 

  >> 2009-07-06

     

  Microsoft Windows 0-Day
  Flaw Exploited in the Wild


  >> 2009-06-10

     

  VUPEN Security Research
  Discovered Critical Flaws
  in Adobe Acrobat and MS
  Office Word


  >> 2009-06-02

     

  VUPEN Security Research
  Discovered Critical Flaws
  in ACDSee Products


  >> 2009-05-22

     

  VUPEN Discovered Two
  Critical Vulnerabilities in
  Novell GroupWise 8 / 7

 

 

More Informations    
    








Copyright 2003-2009 © VUPEN.COM - Privacy Policy