MGASA-2013-0017
Date: | January 24th, 2013 |
Affected releases: | 2 |
Description:
Updated snack packages fix security vulnerability:
Two vulnerabilities have been discovered in Snack Sound Toolkit, which
are caused due to missing boundary checks in the "GetWavHeader()"
function (generic/jkSoundFile.c) when parsing either format sub-chunks
or unknown sub-chunks. This can be exploited to cause a heap-based buffer
overflow via specially crafted WAV files with overly large chunk sizes
specified (CVE-2012-6303).
Updated Packages:
i586:
python-snack-2.2.10-10.1.mga2.i586.rpm
tcl-snack-2.2.10-10.1.mga2.i586.rpm
x86_64:
python-snack-2.2.10-10.1.mga2.x86_64.rpm
tcl-snack-2.2.10-10.1.mga2.x86_64.rpm
SRPMS:
snack-2.2.10-10.1.mga2.src.rpm
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6303
http://secunia.com/advisories/49889/
http://lists.fedoraproject.org/pipermail/package-announce/2013-January/096448.html
https://bugs.mageia.org/show_bug.cgi?id=8689