French Security Incident Response Team

FrSIRT   

      

   français French  anglais English

 
Vulnerability Notification Service
 FrSIRT Partner Program
 14-Day Free Trial
Contact FrSIRT Sales Dept.
 

Security Advisories
Linux Security Advisories
Virus and Threats Advisories
Latest Security News
Latest Zero Day Threats
Advisories and vulnerabilities by Vendor
Advisories and vulnerabilities by Keyword
 

Report a security incident
Report a new vulnerability
Security Mailinglist
 

Our Company
FrSIRT in the News
Advertise on FrSIRT.COM
Security Researchers and Exploit Writers Jobs
Contact Us

Mandriva Security Update Fixes FLAC Integer Overflow Vulnerabilities

Title : Mandriva Security Update Fixes FLAC Integer Overflow Vulnerabilities
Advisory ID : FrSIRT/ADV-2007-3808
CVE ID : CVE-2007-4619
Rated as : Moderate Risk 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-11-09

Advisory Details
 
  Description
  Affected Products
  Solution
  References
Technical Description    Receive FrSIRT alerts in a Text format  Receive FrSIRT alerts in a PDF format  Receive FrSIRT alerts in an XML format  Receive FrSIRT notifications by SMS 

Multiple vulnerabilities have been identified in Mandriva, which could be exploited by remote attackers to cause a denial of service or execute arbitrary code [...]

Solution

Upgrade the affected packages :

Mandriva Linux 2007.0:
2a758b441105a8ddf2b0b37456ca6a1c 2007.0/i586/flac-1.1.2-7.1mdv2007.0.i586.rpm
178313c2b2470e3a2dc95ba5feb40e7e 2007.0/i586/libflac++5-1.1.2-7.1mdv2007.0.i586.rpm
287f22b3cad551f9b1aa04afcfb0de69 2007.0/i586/libflac++5-devel-1.1.2-7.1mdv2007.0.i586.rpm
65a37dffde2d130095576b4dc86bcdb2 2007.0/i586/libflac7-1.1.2-7.1mdv2007.0.i586.rpm
d62d9e801c158808824bd925a9cfe7be 2007.0/i586/libflac7-devel-1.1.2-7.1mdv2007.0.i586.rpm
0b5b72228e1ffcc74789a66f02f5d294 2007.0/i586/liboggflac++2-1.1.2-7.1mdv2007.0.i586.rpm
47fe7a0c3db92d75f82b5dcd14dc0226 2007.0/i586/liboggflac++2-devel-1.1.2-7.1mdv2007.0.i586.rpm
fc5001aac7fc4a3f29f42b247a556b57 2007.0/i586/liboggflac3-1.1.2-7.1mdv2007.0.i586.rpm
39a62634a615955721048762e030ee5c 2007.0/i586/liboggflac3-devel-1.1.2-7.1mdv2007.0.i586.rpm
dd0c2e16ec064eaf0896eb6e48669a0b 2007.0/SRPMS/flac-1.1.2-7.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
c0d9bb713fee112219aa41126a1c7378 2007.0/x86_64/flac-1.1.2-7.1mdv2007.0.x86_64.rpm
a54b539b257cd4835ed06ccea9fac8d8 2007.0/x86_64/lib64flac++5-1.1.2-7.1mdv2007.0.x86_64.rpm
4ac5e9e111ca455fac34405a2cb62d8b 2007.0/x86_64/lib64flac++5-devel-1.1.2-7.1mdv2007.0.x86_64.rpm
3f3e29c0a0e2d408f18592db6a00fd1d 2007.0/x86_64/lib64flac7-1.1.2-7.1mdv2007.0.x86_64.rpm
2e041c2c44408c4e1134b91e02082898 2007.0/x86_64/lib64flac7-devel-1.1.2-7.1mdv2007.0.x86_64.rpm
7f6848482fdbe933732961a43e306ba6 2007.0/x86_64/lib64oggflac++2-1.1.2-7.1mdv2007.0.x86_64.rpm
1791616d3a9891e77041e7e0f5d073a8 2007.0/x86_64/lib64oggflac++2-devel-1.1.2-7.1mdv2007.0.x86_64.rpm
60b21afb8ae750b2c30b7d91d74c5172 2007.0/x86_64/lib64oggflac3-1.1.2-7.1mdv2007.0.x86_64.rpm
685a834c0d57e26f2ec3cb4e0c18b068 2007.0/x86_64/lib64oggflac3-devel-1.1.2-7.1mdv2007.0.x86_64.rpm
dd0c2e16ec064eaf0896eb6e48669a0b 2007.0/SRPMS/flac-1.1.2-7.1mdv2007.0.src.rpm

Mandriva Linux 2007.1:
b0c52bdc7e0c2989c4a14949137dd26b 2007.1/i586/flac-1.1.4-1.1mdv2007.1.i586.rpm
f6f18644073d375d255da42206b8750f 2007.1/i586/libflac++6-1.1.4-1.1mdv2007.1.i586.rpm
5e217c24b9f16f4c5eb68d71cad8cc2e 2007.1/i586/libflac++6-devel-1.1.4-1.1mdv2007.1.i586.rpm
eaf51510c9f4408ac9558429be8c6579 2007.1/i586/libflac8-1.1.4-1.1mdv2007.1.i586.rpm
888f40a0b45ce7396fd9eeb8eabcdc43 2007.1/i586/libflac8-devel-1.1.4-1.1mdv2007.1.i586.rpm
8ea35cb7f128b509e3cf2fb085869d17 2007.1/SRPMS/flac-1.1.4-1.1mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64:
c4a8502d10704ed932223a87e7ba132b 2007.1/x86_64/flac-1.1.4-1.1mdv2007.1.x86_64.rpm
f5ade2e6d0a1848aa0fbe35bc643e122 2007.1/x86_64/lib64flac++6-1.1.4-1.1mdv2007.1.x86_64.rpm
1a20620c164f5713cd7afd78a9bc0eec 2007.1/x86_64/lib64flac++6-devel-1.1.4-1.1mdv2007.1.x86_64.rpm
b5feb6a6c3acac1363a5adb32c46d401 2007.1/x86_64/lib64flac8-1.1.4-1.1mdv2007.1.x86_64.rpm
547f58c24bfce6ebeb9b56deb0fff815 2007.1/x86_64/lib64flac8-devel-1.1.4-1.1mdv2007.1.x86_64.rpm
8ea35cb7f128b509e3cf2fb085869d17 2007.1/SRPMS/flac-1.1.4-1.1mdv2007.1.src.rpm

Mandriva Linux 2008.0:
9d60c84296f5813cf72727f162170bf4 2008.0/i586/flac-1.2.0-1.1mdv2008.0.i586.rpm
4a525a283585afabd8a3b04f0b4af014 2008.0/i586/libflac++-devel-1.2.0-1.1mdv2008.0.i586.rpm
3afb08a4e6d02d16e743f9116b9a21a9 2008.0/i586/libflac++6-1.2.0-1.1mdv2008.0.i586.rpm
5e5d14d3c2826fcacea9904aa13551b0 2008.0/i586/libflac-devel-1.2.0-1.1mdv2008.0.i586.rpm
6be87c66b0907ee4a84668ebe51eea45 2008.0/i586/libflac8-1.2.0-1.1mdv2008.0.i586.rpm
1725221f4f57e288a5cfca68d95b2955 2008.0/SRPMS/flac-1.2.0-1.1mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:
a5678faa589567d3acb1f54f11c2e50e 2008.0/x86_64/flac-1.2.0-1.1mdv2008.0.x86_64.rpm
bd62fd6885ed3ad610533f27f608ff07 2008.0/x86_64/lib64flac++-devel-1.2.0-1.1mdv2008.0.x86_64.rpm
50ed7fe956a92a90cc1be40fe9e64c57 2008.0/x86_64/lib64flac++6-1.2.0-1.1mdv2008.0.x86_64.rpm
dc08a101b615324dd7fa418f33b2253c 2008.0/x86_64/lib64flac-devel-1.2.0-1.1mdv2008.0.x86_64.rpm
a17c4c2f3444c62c81b3a3f5822aa791 2008.0/x86_64/lib64flac8-1.2.0-1.1mdv2008.0.x86_64.rpm
1725221f4f57e288a5cfca68d95b2955 2008.0/SRPMS/flac-1.2.0-1.1mdv2008.0.src.rpm

Corporate 3.0:
3f262ab6ff54f853a1abf810af9f1545 corporate/3.0/i586/flac-1.1.0-5.1.C30mdk.i586.rpm
7612ff7138931efbed0cb3ae2004d942 corporate/3.0/i586/flac-xmms-1.1.0-5.1.C30mdk.i586.rpm
cf42c1f565a9e191fc177c7deb394fd6 corporate/3.0/i586/libflac++2-1.1.0-5.1.C30mdk.i586.rpm
693207d9f5aa6a22a799bb6a95508d6d corporate/3.0/i586/libflac++2-devel-1.1.0-5.1.C30mdk.i586.rpm
c58bd87b1ad20bd6420c0dbfcb3b94f8 corporate/3.0/i586/libflac4-1.1.0-5.1.C30mdk.i586.rpm
c61afdf60705f224c7ed491083b96d83 corporate/3.0/i586/libflac4-devel-1.1.0-5.1.C30mdk.i586.rpm
3c4b7f8f6164e1209ef0759347681e39 corporate/3.0/i586/liboggflac++0-1.1.0-5.1.C30mdk.i586.rpm
605d178e86c240b567d0d55e689f2dd3 corporate/3.0/i586/liboggflac++0-devel-1.1.0-5.1.C30mdk.i586.rpm
776db78c58629e3863c02c71e8297e80 corporate/3.0/i586/liboggflac1-1.1.0-5.1.C30mdk.i586.rpm
922dba04b3fa956b70803c8a1397e349 corporate/3.0/i586/liboggflac1-devel-1.1.0-5.1.C30mdk.i586.rpm
f233deb6297c74691663b6c213d71466 corporate/3.0/SRPMS/flac-1.1.0-5.1.C30mdk.src.rpm

Corporate 3.0/X86_64:
af2169ec1f5dd0843381e8b85d335559 corporate/3.0/x86_64/flac-1.1.0-5.1.C30mdk.x86_64.rpm
dbff4ce3a24b6fd4bd9782ca1fe47c8f corporate/3.0/x86_64/flac-xmms-1.1.0-5.1.C30mdk.x86_64.rpm
f27dab4394a3bc9bc1eb33f0e5b5a185 corporate/3.0/x86_64/lib64flac++2-1.1.0-5.1.C30mdk.x86_64.rpm
158304ab169eda1c002e529b5b67102d corporate/3.0/x86_64/lib64flac++2-devel-1.1.0-5.1.C30mdk.x86_64.rpm
21edadac20b068ff1b34b9ccbfe20156 corporate/3.0/x86_64/lib64flac4-1.1.0-5.1.C30mdk.x86_64.rpm
5e20a68c32d63f9580b5dec4dd1b0ee4 corporate/3.0/x86_64/lib64flac4-devel-1.1.0-5.1.C30mdk.x86_64.rpm
a8e613736157b05d330de041c3aca073 corporate/3.0/x86_64/lib64oggflac++0-1.1.0-5.1.C30mdk.x86_64.rpm
6bba7e13b0d02ed843b1e90988fdb409 corporate/3.0/x86_64/lib64oggflac++0-devel-1.1.0-5.1.C30mdk.x86_64.rpm
10621fc47e5fd515f84ebafbe1fb40fb corporate/3.0/x86_64/lib64oggflac1-1.1.0-5.1.C30mdk.x86_64.rpm
4da91de77971fe026c693a9e29cd0bab corporate/3.0/x86_64/lib64oggflac1-devel-1.1.0-5.1.C30mdk.x86_64.rpm
f233deb6297c74691663b6c213d71466 corporate/3.0/SRPMS/flac-1.1.0-5.1.C30mdk.src.rpm

ChangeLog

2007-11-09 : Initial release

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.
 
 

Search
      

Mailinglist
    
 

Microsoft Office Word Document Handling Code Execution Vulnerability

Microsoft SQL Server Privilege Escalation Vulnerabilities (MS08-040)

Microsoft Exchange Server Cross Site Scripting Issues (MS08-039)

Microsoft Windows Explorer Remote Code Execution (MS08-038)

Microsoft Windows Multiple DNS Spoofing Vulnerabilities (MS08-037)

Microsoft Access Snapshot Viewer ActiveX Control Vulnerability

Microsoft Internet Explorer Frame Cross-Domain Scripting Vulnerability

Oracle Products Multiple Code Execution and Security Bypass Issues

Oracle Products Command Execution and SQL Injection Vulnerabilities

Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities

Oracle Database "PITRIG_DROPMETADATA" Buffer Overflow Vulnerability

Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities

Oracle JInitiator ActiveX Control Multiple Remote Buffer Overflow Vulnerabilities

Oracle Products Multiple Remote Command Execution and SQL Injection Vulnerabilities

Mozilla Firefox for Mac OS X GIF Rendering Code Execution Vulnerability

Mozilla Products Remote Code Execution and Security Bypass Issues

Mozilla Products Code Execution and Injection Vulnerabilities

Mozilla JavaScript Garbage Collector Code Execution Vulnerability

Mozilla Thunderbird Code Execution and Cross Site Scripting Issues

Mozilla Firefox and SeaMonkey Multiple Remote Code Execution Issues

Mozilla Thunderbird Multiple Security Bypass and Code Execution Issues

Copyright 2003-2008 © FrSIRT.COM - Privacy Policy