[LAD] Just released libsndfile-1.0.25

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
To: <linux-audio-dev@...>
Date: Wednesday, July 13, 2011 - 12:06 pm

Hi all,

I've just released version 1.0.25. Main thing is a fix for Secunia
Advisory SA45125, a heap overflow in the PAF file parser. Since the
heap was getting overwritten with zeroes, there is little that an
attacker can acheive other than causing a program that uses
libsndfile to segfault.

Secunia suggest remote system access is possible:

http://www.securelist.com/en/advisories/45125

but I call bullshit.

Secunia also join my shit list for going public with this a week
early that they originally stated, meaning I had to rush this
release out. The rush of the release means the windows builds
have not been tested as thoroughly as I would have liked.

As usual, its available from:

http://www.mega-nerd.com/libsndfile/#Download

Cheers,
Erik
--
----------------------------------------------------------------------
Erik de Castro Lopo
http://www.mega-nerd.com/
_______________________________________________
Linux-audio-dev mailing list
Linux-audio-dev@lists.linuxaudio.org
http://lists.linuxaudio.org/listinfo/linux-audio-dev

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

This is the only confirmed message in this thread.