Skip to navigation

Security Advisory Moderate: libsndfile security update

Advisory: RHSA-2011:1084-1
Type: Security Advisory
Severity: Moderate
Issued on: 2011-07-20
Last updated on: 2011-07-20
Affected Products: Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux HPC Node (v. 6)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Server EUS (v. 6.1.z)
Red Hat Enterprise Linux Workstation (v. 6)
CVEs (cve.mitre.org): CVE-2011-2696

Details

Updated libsndfile packages that fix one security issue are now available
for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

The libsndfile packages provide a library for reading and writing sound
files.

An integer overflow flaw, leading to a heap-based buffer overflow, was
found in the way the libsndfile library processed certain Ensoniq PARIS
Audio Format (PAF) audio files. An attacker could create a
specially-crafted PAF file that, when opened, could cause an application
using libsndfile to crash or, potentially, execute arbitrary code with the
privileges of the user running the application. (CVE-2011-2696)

Users of libsndfile are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. All running applications
using libsndfile must be restarted for the update to take effect.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Updated packages

Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:
libsndfile-1.0.20-3.el6_1.1.src.rpm
File outdated by:  RHBA-2011:1226
    MD5: 3433420289300b0e09ba86f438704083
SHA-256: 99e44131e4b28e450b580dac291c34a3deaf969d096e5177ac545499ebf4d252
 
IA-32:
libsndfile-1.0.20-3.el6_1.1.i686.rpm
File outdated by:  RHBA-2011:1226
    MD5: 67b05a636f43d12afaf56084a840a456
SHA-256: 7daa771284d2d693124347f6a23b9f9b46c6e10efeb1eb22fec610b902b55c13
libsndfile-debuginfo-1.0.20-3.el6_1.1.i686.rpm
File outdated by:  RHBA-2011:1226
    MD5: 2cbe8f38009de24e02032fb8a1f8e97d
SHA-256: 127c0c86978f25aea1b9d06fe3ae09e03303c637bbbfd54adf1c7e5d6e7bec9c
libsndfile-devel-1.0.20-3.el6_1.1.i686.rpm
File outdated by:  RHBA-2011:1226
    MD5: 3eb6af3d5bf574472d2172634c4a5916
SHA-256: 3265a1c7a222feacdfbf0afd4e86dc42b45495836da58a2ca8dcf2f1f87dc6ca
 
x86_64:
libsndfile-1.0.20-3.el6_1.1.i686.rpm
File outdated by:  RHBA-2011:1226
    MD5: 67b05a636f43d12afaf56084a840a456
SHA-256: 7daa771284d2d693124347f6a23b9f9b46c6e10efeb1eb22fec610b902b55c13
libsndfile-1.0.20-3.el6_1.1.x86_64.rpm
File outdated by:  RHBA-2011:1226
    MD5: 75a43565e56866a4c3073d16b64ecbfd
SHA-256: 754e3ce2a6161e89999a230c4b3cd70c4beab0c451541152cd4dd886db03b0cd
libsndfile-debuginfo-1.0.20-3.el6_1.1.i686.rpm
File outdated by:  RHBA-2011:1226
    MD5: 2cbe8f38009de24e02032fb8a1f8e97d
SHA-256: 127c0c86978f25aea1b9d06fe3ae09e03303c637bbbfd54adf1c7e5d6e7bec9c
libsndfile-debuginfo-1.0.20-3.el6_1.1.x86_64.rpm
File outdated by:  RHBA-2011:1226
    MD5: 771c836630281c4f2d8b0268717789ac
SHA-256: c4cfd0ce195d27da230dd4efa448ee95716df90bfe2f43a212d4a2c007114682
libsndfile-devel-1.0.20-3.el6_1.1.i686.rpm
File outdated by:  RHBA-2011:1226
    MD5: 3eb6af3d5bf574472d2172634c4a5916
SHA-256: 3265a1c7a222feacdfbf0afd4e86dc42b45495836da58a2ca8dcf2f1f87dc6ca
libsndfile-devel-1.0.20-3.el6_1.1.x86_64.rpm
File outdated by:  RHBA-2011:1226
    MD5: 3bdc533c0f185bcdc9ba58511f83f244
SHA-256: 3f679034754bc23d777a8be08f3e4e1fe88c9a52e99639349a2f12e9157ca2f1
 
Red Hat Enterprise Linux HPC Node (v. 6)

SRPMS:
libsndfile-1.0.20-3.el6_1.1.src.rpm
File outdated by:  RHBA-2011:1226
    MD5: 3433420289300b0e09ba86f438704083
SHA-256: 99e44131e4b28e450b580dac291c34a3deaf969d096e5177ac545499ebf4d252
 
x86_64:
libsndfile-1.0.20-3.el6_1.1.i686.rpm
File outdated by:  RHBA-2011:1226
    MD5: 67b05a636f43d12afaf56084a840a456
SHA-256: 7daa771284d2d693124347f6a23b9f9b46c6e10efeb1eb22fec610b902b55c13
libsndfile-1.0.20-3.el6_1.1.x86_64.rpm
File outdated by:  RHBA-2011:1226
    MD5: 75a43565e56866a4c3073d16b64ecbfd
SHA-256: 754e3ce2a6161e89999a230c4b3cd70c4beab0c451541152cd4dd886db03b0cd
libsndfile-debuginfo-1.0.20-3.el6_1.1.i686.rpm
File outdated by:  RHBA-2011:1226
    MD5: 2cbe8f38009de24e02032fb8a1f8e97d
SHA-256: 127c0c86978f25aea1b9d06fe3ae09e03303c637bbbfd54adf1c7e5d6e7bec9c
libsndfile-debuginfo-1.0.20-3.el6_1.1.x86_64.rpm
File outdated by:  RHBA-2011:1226
    MD5: 771c836630281c4f2d8b0268717789ac
SHA-256: c4cfd0ce195d27da230dd4efa448ee95716df90bfe2f43a212d4a2c007114682
libsndfile-devel-1.0.20-3.el6_1.1.i686.rpm
File outdated by:  RHBA-2011:1226
    MD5: 3eb6af3d5bf574472d2172634c4a5916
SHA-256: 3265a1c7a222feacdfbf0afd4e86dc42b45495836da58a2ca8dcf2f1f87dc6ca
libsndfile-devel-1.0.20-3.el6_1.1.x86_64.rpm
File outdated by:  RHBA-2011:1226
    MD5: 3bdc533c0f185bcdc9ba58511f83f244
SHA-256: 3f679034754bc23d777a8be08f3e4e1fe88c9a52e99639349a2f12e9157ca2f1
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
libsndfile-1.0.20-3.el6_1.1.src.rpm
File outdated by:  RHBA-2011:1226
    MD5: 3433420289300b0e09ba86f438704083
SHA-256: 99e44131e4b28e450b580dac291c34a3deaf969d096e5177ac545499ebf4d252
 
IA-32:
libsndfile-1.0.20-3.el6_1.1.i686.rpm
File outdated by:  RHBA-2011:1226
    MD5: 67b05a636f43d12afaf56084a840a456
SHA-256: 7daa771284d2d693124347f6a23b9f9b46c6e10efeb1eb22fec610b902b55c13
libsndfile-debuginfo-1.0.20-3.el6_1.1.i686.rpm
File outdated by:  RHBA-2011:1226
    MD5: 2cbe8f38009de24e02032fb8a1f8e97d
SHA-256: 127c0c86978f25aea1b9d06fe3ae09e03303c637bbbfd54adf1c7e5d6e7bec9c
libsndfile-devel-1.0.20-3.el6_1.1.i686.rpm
File outdated by:  RHBA-2011:1226
    MD5: 3eb6af3d5bf574472d2172634c4a5916
SHA-256: 3265a1c7a222feacdfbf0afd4e86dc42b45495836da58a2ca8dcf2f1f87dc6ca
 
PPC:
libsndfile-1.0.20-3.el6_1.1.ppc.rpm
File outdated by:  RHBA-2011:1226
    MD5: 6e5eb2498414ebde0f46afae0abfe454
SHA-256: 1087d284988c83fdb62c932debac199feb55d2e14d6b623797cbcd5b63b5cbe4
libsndfile-1.0.20-3.el6_1.1.ppc64.rpm
File outdated by:  RHBA-2011:1226
    MD5: 79d99f0e6998f7553f5f27f5f90e1072
SHA-256: a867f7ae61fbe36967be18c3e4db39f3a8032c157ceb329b618977fd8c2d4568
libsndfile-debuginfo-1.0.20-3.el6_1.1.ppc.rpm
File outdated by:  RHBA-2011:1226
    MD5: 3bcf115d43a23aad7c3c1ad9545bfd3c
SHA-256: 702c1218f43b6260416cc294eba6f62a19915740a379d795974d58d97de5e8f5
libsndfile-debuginfo-1.0.20-3.el6_1.1.ppc64.rpm
File outdated by:  RHBA-2011:1226
    MD5: 31a7bd7dd04daf67886226587ed95629
SHA-256: 4f31f1491d3e7e0b4ddd1abdc2c69f91755ff43812b3f5f6da80ae439313a387
libsndfile-devel-1.0.20-3.el6_1.1.ppc.rpm
File outdated by:  RHBA-2011:1226
    MD5: 0213e4e2111fa4934eeef31ccc0ebfb8
SHA-256: 5505dd788bc48a6c27241c12a9a6fe9930a21f7bce9c847e767efbf728687f5a
libsndfile-devel-1.0.20-3.el6_1.1.ppc64.rpm
File outdated by:  RHBA-2011:1226
    MD5: b0288be3b1ddbef44107f676ee1625c0
SHA-256: 93bf301c71e8d4bfffb8cc113d7e56a5f221a86661a0a4d2fd4ae51e05607806
 
s390x:
libsndfile-1.0.20-3.el6_1.1.s390.rpm
File outdated by:  RHBA-2011:1226
    MD5: ee7485e399a53bfbf4ae40531ac4ea6e
SHA-256: 0158c83eb233759394074583978763bc54a2562df0e755588d6ed5fabe5f077b
libsndfile-1.0.20-3.el6_1.1.s390x.rpm
File outdated by:  RHBA-2011:1226
    MD5: 43589cafb48cd10f0d81a06d09586487
SHA-256: 30159a6a7aa9f89e5f66243a46272da7698e86183c76ad34a3260f7c64f18830
libsndfile-debuginfo-1.0.20-3.el6_1.1.s390.rpm
File outdated by:  RHBA-2011:1226
    MD5: 37e8d7650d5bd9a35a0423e576324351
SHA-256: 490a14e72e050d2bbeca2265dd2d09d21c5e8352213d1a355056a47a6b303b9c
libsndfile-debuginfo-1.0.20-3.el6_1.1.s390x.rpm
File outdated by:  RHBA-2011:1226
    MD5: 7d8248b249536be53a1304393ed6b6cb
SHA-256: cc1671a43f55db88b2138d98488773d038e9f515c5bdc5f04df2e67e925550b9
libsndfile-devel-1.0.20-3.el6_1.1.s390.rpm
File outdated by:  RHBA-2011:1226
    MD5: 4414c58c8de5884d23dc84e59c64a471
SHA-256: 5bf093463e40b7b71977616c28af1fa397147f308356a0c5734b957ed1ceb81a
libsndfile-devel-1.0.20-3.el6_1.1.s390x.rpm
File outdated by:  RHBA-2011:1226
    MD5: 10828f2671e47498cf218730e3d2debd
SHA-256: 8be63f436da5a780bb53cf1d45d4ddd1238a3445d250951a68d03fa072b1bbea
 
x86_64:
libsndfile-1.0.20-3.el6_1.1.i686.rpm
File outdated by:  RHBA-2011:1226
    MD5: 67b05a636f43d12afaf56084a840a456
SHA-256: 7daa771284d2d693124347f6a23b9f9b46c6e10efeb1eb22fec610b902b55c13
libsndfile-1.0.20-3.el6_1.1.x86_64.rpm
File outdated by:  RHBA-2011:1226
    MD5: 75a43565e56866a4c3073d16b64ecbfd
SHA-256: 754e3ce2a6161e89999a230c4b3cd70c4beab0c451541152cd4dd886db03b0cd
libsndfile-debuginfo-1.0.20-3.el6_1.1.i686.rpm
File outdated by:  RHBA-2011:1226
    MD5: 2cbe8f38009de24e02032fb8a1f8e97d
SHA-256: 127c0c86978f25aea1b9d06fe3ae09e03303c637bbbfd54adf1c7e5d6e7bec9c
libsndfile-debuginfo-1.0.20-3.el6_1.1.x86_64.rpm
File outdated by:  RHBA-2011:1226
    MD5: 771c836630281c4f2d8b0268717789ac
SHA-256: c4cfd0ce195d27da230dd4efa448ee95716df90bfe2f43a212d4a2c007114682
libsndfile-devel-1.0.20-3.el6_1.1.i686.rpm
File outdated by:  RHBA-2011:1226
    MD5: 3eb6af3d5bf574472d2172634c4a5916
SHA-256: 3265a1c7a222feacdfbf0afd4e86dc42b45495836da58a2ca8dcf2f1f87dc6ca
libsndfile-devel-1.0.20-3.el6_1.1.x86_64.rpm
File outdated by:  RHBA-2011:1226
    MD5: 3bdc533c0f185bcdc9ba58511f83f244
SHA-256: 3f679034754bc23d777a8be08f3e4e1fe88c9a52e99639349a2f12e9157ca2f1
 
Red Hat Enterprise Linux Server EUS (v. 6.1.z)

SRPMS:
libsndfile-1.0.20-3.el6_1.1.src.rpm
File outdated by:  RHBA-2011:1226
    MD5: 3433420289300b0e09ba86f438704083
SHA-256: 99e44131e4b28e450b580dac291c34a3deaf969d096e5177ac545499ebf4d252
 
IA-32:
libsndfile-1.0.20-3.el6_1.1.i686.rpm     MD5: 67b05a636f43d12afaf56084a840a456
SHA-256: 7daa771284d2d693124347f6a23b9f9b46c6e10efeb1eb22fec610b902b55c13
libsndfile-debuginfo-1.0.20-3.el6_1.1.i686.rpm     MD5: 2cbe8f38009de24e02032fb8a1f8e97d
SHA-256: 127c0c86978f25aea1b9d06fe3ae09e03303c637bbbfd54adf1c7e5d6e7bec9c
libsndfile-devel-1.0.20-3.el6_1.1.i686.rpm     MD5: 3eb6af3d5bf574472d2172634c4a5916
SHA-256: 3265a1c7a222feacdfbf0afd4e86dc42b45495836da58a2ca8dcf2f1f87dc6ca
 
PPC:
libsndfile-1.0.20-3.el6_1.1.ppc.rpm     MD5: 6e5eb2498414ebde0f46afae0abfe454
SHA-256: 1087d284988c83fdb62c932debac199feb55d2e14d6b623797cbcd5b63b5cbe4
libsndfile-1.0.20-3.el6_1.1.ppc64.rpm     MD5: 79d99f0e6998f7553f5f27f5f90e1072
SHA-256: a867f7ae61fbe36967be18c3e4db39f3a8032c157ceb329b618977fd8c2d4568
libsndfile-debuginfo-1.0.20-3.el6_1.1.ppc.rpm     MD5: 3bcf115d43a23aad7c3c1ad9545bfd3c
SHA-256: 702c1218f43b6260416cc294eba6f62a19915740a379d795974d58d97de5e8f5
libsndfile-debuginfo-1.0.20-3.el6_1.1.ppc64.rpm     MD5: 31a7bd7dd04daf67886226587ed95629
SHA-256: 4f31f1491d3e7e0b4ddd1abdc2c69f91755ff43812b3f5f6da80ae439313a387
libsndfile-devel-1.0.20-3.el6_1.1.ppc.rpm     MD5: 0213e4e2111fa4934eeef31ccc0ebfb8
SHA-256: 5505dd788bc48a6c27241c12a9a6fe9930a21f7bce9c847e767efbf728687f5a
libsndfile-devel-1.0.20-3.el6_1.1.ppc64.rpm     MD5: b0288be3b1ddbef44107f676ee1625c0
SHA-256: 93bf301c71e8d4bfffb8cc113d7e56a5f221a86661a0a4d2fd4ae51e05607806
 
s390x:
libsndfile-1.0.20-3.el6_1.1.s390.rpm     MD5: ee7485e399a53bfbf4ae40531ac4ea6e
SHA-256: 0158c83eb233759394074583978763bc54a2562df0e755588d6ed5fabe5f077b
libsndfile-1.0.20-3.el6_1.1.s390x.rpm     MD5: 43589cafb48cd10f0d81a06d09586487
SHA-256: 30159a6a7aa9f89e5f66243a46272da7698e86183c76ad34a3260f7c64f18830
libsndfile-debuginfo-1.0.20-3.el6_1.1.s390.rpm     MD5: 37e8d7650d5bd9a35a0423e576324351
SHA-256: 490a14e72e050d2bbeca2265dd2d09d21c5e8352213d1a355056a47a6b303b9c
libsndfile-debuginfo-1.0.20-3.el6_1.1.s390x.rpm     MD5: 7d8248b249536be53a1304393ed6b6cb
SHA-256: cc1671a43f55db88b2138d98488773d038e9f515c5bdc5f04df2e67e925550b9
libsndfile-devel-1.0.20-3.el6_1.1.s390.rpm     MD5: 4414c58c8de5884d23dc84e59c64a471
SHA-256: 5bf093463e40b7b71977616c28af1fa397147f308356a0c5734b957ed1ceb81a
libsndfile-devel-1.0.20-3.el6_1.1.s390x.rpm     MD5: 10828f2671e47498cf218730e3d2debd
SHA-256: 8be63f436da5a780bb53cf1d45d4ddd1238a3445d250951a68d03fa072b1bbea
 
x86_64:
libsndfile-1.0.20-3.el6_1.1.i686.rpm     MD5: 67b05a636f43d12afaf56084a840a456
SHA-256: 7daa771284d2d693124347f6a23b9f9b46c6e10efeb1eb22fec610b902b55c13
libsndfile-1.0.20-3.el6_1.1.x86_64.rpm     MD5: 75a43565e56866a4c3073d16b64ecbfd
SHA-256: 754e3ce2a6161e89999a230c4b3cd70c4beab0c451541152cd4dd886db03b0cd
libsndfile-debuginfo-1.0.20-3.el6_1.1.i686.rpm     MD5: 2cbe8f38009de24e02032fb8a1f8e97d
SHA-256: 127c0c86978f25aea1b9d06fe3ae09e03303c637bbbfd54adf1c7e5d6e7bec9c
libsndfile-debuginfo-1.0.20-3.el6_1.1.x86_64.rpm     MD5: 771c836630281c4f2d8b0268717789ac
SHA-256: c4cfd0ce195d27da230dd4efa448ee95716df90bfe2f43a212d4a2c007114682
libsndfile-devel-1.0.20-3.el6_1.1.i686.rpm     MD5: 3eb6af3d5bf574472d2172634c4a5916
SHA-256: 3265a1c7a222feacdfbf0afd4e86dc42b45495836da58a2ca8dcf2f1f87dc6ca
libsndfile-devel-1.0.20-3.el6_1.1.x86_64.rpm     MD5: 3bdc533c0f185bcdc9ba58511f83f244
SHA-256: 3f679034754bc23d777a8be08f3e4e1fe88c9a52e99639349a2f12e9157ca2f1
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
libsndfile-1.0.20-3.el6_1.1.src.rpm
File outdated by:  RHBA-2011:1226
    MD5: 3433420289300b0e09ba86f438704083
SHA-256: 99e44131e4b28e450b580dac291c34a3deaf969d096e5177ac545499ebf4d252
 
IA-32:
libsndfile-1.0.20-3.el6_1.1.i686.rpm
File outdated by:  RHBA-2011:1226
    MD5: 67b05a636f43d12afaf56084a840a456
SHA-256: 7daa771284d2d693124347f6a23b9f9b46c6e10efeb1eb22fec610b902b55c13
libsndfile-debuginfo-1.0.20-3.el6_1.1.i686.rpm
File outdated by:  RHBA-2011:1226
    MD5: 2cbe8f38009de24e02032fb8a1f8e97d
SHA-256: 127c0c86978f25aea1b9d06fe3ae09e03303c637bbbfd54adf1c7e5d6e7bec9c
libsndfile-devel-1.0.20-3.el6_1.1.i686.rpm
File outdated by:  RHBA-2011:1226
    MD5: 3eb6af3d5bf574472d2172634c4a5916
SHA-256: 3265a1c7a222feacdfbf0afd4e86dc42b45495836da58a2ca8dcf2f1f87dc6ca
 
x86_64:
libsndfile-1.0.20-3.el6_1.1.i686.rpm
File outdated by:  RHBA-2011:1226
    MD5: 67b05a636f43d12afaf56084a840a456
SHA-256: 7daa771284d2d693124347f6a23b9f9b46c6e10efeb1eb22fec610b902b55c13
libsndfile-1.0.20-3.el6_1.1.x86_64.rpm
File outdated by:  RHBA-2011:1226
    MD5: 75a43565e56866a4c3073d16b64ecbfd
SHA-256: 754e3ce2a6161e89999a230c4b3cd70c4beab0c451541152cd4dd886db03b0cd
libsndfile-debuginfo-1.0.20-3.el6_1.1.i686.rpm
File outdated by:  RHBA-2011:1226
    MD5: 2cbe8f38009de24e02032fb8a1f8e97d
SHA-256: 127c0c86978f25aea1b9d06fe3ae09e03303c637bbbfd54adf1c7e5d6e7bec9c
libsndfile-debuginfo-1.0.20-3.el6_1.1.x86_64.rpm
File outdated by:  RHBA-2011:1226
    MD5: 771c836630281c4f2d8b0268717789ac
SHA-256: c4cfd0ce195d27da230dd4efa448ee95716df90bfe2f43a212d4a2c007114682
libsndfile-devel-1.0.20-3.el6_1.1.i686.rpm
File outdated by:  RHBA-2011:1226
    MD5: 3eb6af3d5bf574472d2172634c4a5916
SHA-256: 3265a1c7a222feacdfbf0afd4e86dc42b45495836da58a2ca8dcf2f1f87dc6ca
libsndfile-devel-1.0.20-3.el6_1.1.x86_64.rpm
File outdated by:  RHBA-2011:1226
    MD5: 3bdc533c0f185bcdc9ba58511f83f244
SHA-256: 3f679034754bc23d777a8be08f3e4e1fe88c9a52e99639349a2f12e9157ca2f1
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

721234 - CVE-2011-2696 libsndfile: Application crash due integer overflow by processing certain PAF audio files


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/