MDVSA-2008:233-1 -- Mandriva libcdaudio
|ID: oval:org.secpod.oval:def:300467||Date: (C)2012-01-07 (M)2017-10-12|
|Class: PATCH||Family: unix|
A heap overflow was found in the CDDB retrieval code of libcdaudio, which could result in the execution of arbitrary code . In addition, the fixes for CVE-2005-0706 were not applied to newer libcdaudio packages as shipped with Mandriva Linux, so the patch to fix that issue has been applied to 2008.1 and 2009.0 . This issue is a buffer overflow flaw found by Joseph VanAndel. Corporate 3.0 has this fix already applied. The updated packages have been patched to prevent these issues. Update: Packages for 2008.0 are being provided due to extended support for Corporate products.
|Mandriva Linux 2008.0|