20841 2009-07-21 15:51:24 +0400 Common Data Format CDF File Processing Vulnerabilities 2009-07-22 00:42:32 +0400 1 1 4 Development Sisyphus libcdf unstable all Linux NEW http://www.infigo.hr/en/in_focus/advisories/INFIGO-2009-07-09 security P3 blocker --- 1 crux lav lav qa-sisyphus oldest_to_newest 95006 0 crux 2009-07-21 15:51:24 +0400 Various memory corruption vulnerabilities have been identified during a security audit of the CDF library. The vulnerabilities exist in the code processing CDF files. The vendor has addressed vulnerabilities on 20.7.2009. with CDF library version 3.3. New CDF library 3.3 has 'cdfvalidate' module that will validate CDF files for potential malformed values. Vulnerability discovered by Leon Juranic <leon.juranic@infigo.hr> Other links: http://cdf.gsfc.nasa.gov/html/CDF_v330.html http://secunia.com/advisories/35940 95042 1 lav 2009-07-22 00:42:32 +0400 Версия 3.3 стала собирать только libcdf.so вместо прежнего soname, пока не решил, что делать.