[原文]The alsa-lib package in Red Hat Linux 4 disables stack protection for the libasound.so library, which makes it easier for attackers to execute arbitrary code if there are other vulnerabilities in the library.
Alsa contains a flaw that may allow a malicious user to bypass stack execution protection for the 'libasound.so' library. The issue is triggered when any application is linked to libasound. It is possible that the flaw may allow a local attacker to disable stack execution protection for the linked applications resulting in a loss of integrity.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue. Some Unix vendors have released patches for their own distributions.
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux Desktop version 4
Red Hat Enterprise Linux AS 4
ALSA alsa-lib 1.0.6
Red Hat Fedora Core3
A security weakness is reported to affect the Advanced Linux Sound Architecture (ALSA) 'libasound.so' module; specifically the issue is reported to be present in the ALSA mixer code. It is reported that the weakness can be leveraged to disable stack-based memory code execution protection on binaries that are linked to the library.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: firstname.lastname@example.org <mailto:email@example.com>.
Red Hat has released advisory RHSA-2005:033-01 and fixes to address this issue on Red Hat Linux Enterprise platforms. Customers who are affected by this issue are advised to apply the appropriate updates. Customers subscribed to the Red Hat Network may apply the appropriate fixes using the Red Hat Update Agent (up2date). Please see referenced advisory for additional information.