Stay Secure with the Latest Linux Advisories

security advisoryFedoracritical flaw

CentOS: CENTOS-2022-1855 Critical: libsndfile Buffer Overflow Vulnerability

A flaw in the alsa mixer code was discovered, which disabled stack execution protection for the libasound.so library distributed with Fedora Core 3. The effect of this flaw resulted in stack execution protection, through NX or Exec-Shield, which was disabled for any application linked to libasound.. ---------------------------------------------------------------------Fedora Update Notification FEDORA-2005-042 2005-01-20 ---------------------------------------------------------------------Product : Fedora Core 3 Name : alsa-lib Version : 1.0.6 Release : 7.FC3 Summary : The Advanced Linux Sound Architecture (ALSA) library. Description : The Advanced Linux Sound Architecture (ALSA) provides audio and MIDI functionality to the Linux operating system. This package includes the ALSA runtime libraries to simplify application programming and provide higher level functionality as well as support for the older OSS API, providing binary compatibility for most OSS programs. ---------------------------------------------------------------------Update Information: A flaw in the alsa mixer code was discovered, which disabled stack execution protection for the libasound.so library distributed with Fedora Core 3. The effect of this flaw resulted in stack execution protection, through NX or Exec-Shield, which was disabled for any application linked to libasound. Updated version of alsa-lib package sorts out this problem. ---------------------------------------------------------------------* Tue Jan 18 2005 Martin Stransky 1.0.6-7.FC3 - rebuilt * Mon Jan 10 2005 Martin Stransky 1.0.6-6.FC3 - fixed #144518 - alsa-lib disables stack protection for it's users ---------------------------------------------------------------------This update can be downloaded from: 131cdd571208adc5a9a7b88ced3bfa55 SRPMS/alsa-lib-1.0.6-7.FC3.src.rpm cccfefc8b2218dc10b58f4ba5af9a349 x86_64/alsa-lib-1.0.6-7.FC3.x86_64.rpm 6a7bcc6925d31d0b4668db3265def910 x86_64/alsa-lib-devel-1.0.6-7.FC3.x86_64.rpm f742758ca98220f169c5127b0c4a7caa x86_64/debug/alsa-lib-debuginfo-1.0.6-7.FC3.x86_64.rpm 1cec9e97fc7e5598a577f5d1c9faf8d5 x86_64/alsa-lib-1.0.6-7.FC3.i386.rpm 1cec9e97fc7e5598a577f5d1c9faf8d5 i386/alsa-lib-1.0.6-7.FC3.i386.rpm e9b8cd1ceed062fc08b7eaa62c686c0e i386/alsa-lib-devel-1.0.6-7.FC3.i386.rpm be4e68055d0a568efc48a580f2535c6e i386/debug/alsa-lib-debuginfo-1.0.6-7.FC3.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. -----------------------------------------------------------------------fedora-announce-list mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . An issue in alsa-lib's audio processing led to the deactivation of stack safeguards in Fedora Core 3. This patch corrects the problem and reinstates security measures.. Alsa-Lib Update, Fedora Security Advisory, Stack Protection Fix. . Severity: Critical. LinuxSecurity.com Team

Jan 20, 2005 •Critical Fedora