Oval Definition:oval:com.redhat.rhsa:def:20111084
Revision Date:2011-07-20Version:640
Title:RHSA-2011:1084: libsndfile security update (Moderate)
Description:The libsndfile packages provide a library for reading and writing sound files.

  • An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the libsndfile library processed certain Ensoniq PARIS Audio Format (PAF) audio files. An attacker could create a specially-crafted PAF file that, when opened, could cause an application using libsndfile to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-2696)

    Users of libsndfile are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications using libsndfile must be restarted for the update to take effect.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2011-2696
    CVE-2011-2696
    RHSA-2011:1084
    RHSA-2011:1084-01
    RHSA-2011:1084-01
    Platform(s):Red Hat Enterprise Linux 6
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 6 is installed
  • AND
  • libsndfile is earlier than 0:1.0.20-3.el6_1.1
  • AND libsndfile is signed with Red Hat redhatrelease2 key
  • libsndfile-devel is earlier than 0:1.0.20-3.el6_1.1
  • AND libsndfile-devel is signed with Red Hat redhatrelease2 key
    • BACK