CentOS: CENTOS-2022-1855 Critical: libsndfile Buffer Overflow Vulnerability

The Advanced Linux Sound Architecture (ALSA) provides audio and MIDI

functionality to the Linux operating system.

This package includes the ALSA runtime libraries to simplify application

programming and provide higher level functionality as well as support for

the older OSS API, providing binary compatibility for most OSS programs.

A flaw in the alsa mixer code was discovered, which disabled stack

execution protection for the libasound.so library distributed with

Fedora Core 3. The effect of this flaw resulted in stack execution

protection, through NX or Exec-Shield, which was disabled for any

application linked to libasound.

Updated version of alsa-lib package sorts out this problem.

- rebuilt

* Mon Jan 10 2005 Martin Stransky 1.0.6-6.FC3

- fixed #144518 - alsa-lib disables stack protection for it's users

131cdd571208adc5a9a7b88ced3bfa55 SRPMS/alsa-lib-1.0.6-7.FC3.src.rpm

cccfefc8b2218dc10b58f4ba5af9a349 x86_64/alsa-lib-1.0.6-7.FC3.x86_64.rpm

6a7bcc6925d31d0b4668db3265def910 x86_64/alsa-lib-devel-1.0.6-7.FC3.x86_64.rpm

f742758ca98220f169c5127b0c4a7caa x86_64/debug/alsa-lib-debuginfo-1.0.6-7.FC3.x86_64.rpm

1cec9e97fc7e5598a577f5d1c9faf8d5 x86_64/alsa-lib-1.0.6-7.FC3.i386.rpm

1cec9e97fc7e5598a577f5d1c9faf8d5 i386/alsa-lib-1.0.6-7.FC3.i386.rpm

e9b8cd1ceed062fc08b7eaa62c686c0e i386/alsa-lib-devel-1.0.6-7.FC3.i386.rpm

be4e68055d0a568efc48a580f2535c6e i386/debug/alsa-lib-debuginfo-1.0.6-7.FC3.i386.rpm

This update can also be installed with the Update Agent; you can

launch the Update Agent with the 'up2date' command.

fedora-announce-list@redhat.com