Mandriva Linux Security Advisory : libsndfile (MDVSA-2015:024)
Critical Nessus Plugin ID 80561
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionUpdated libsndfile packages fix security vulnerabilities :
libsndfile contains multiple buffer-overflow vulnerabilities in src/sd2.c because it fails to properly bounds-check user-supplied input, which may allow an attacker to execute arbitrary code or cause a denial of service (CVE-2014-9496).
libsndfile contains a divide-by-zero error in src/file_io.c which may allow an attacker to cause a denial of service.
SolutionUpdate the affected packages.