=========================================================== Ubuntu Security Notice USN-849-1 October 15, 2009 libsndfile vulnerabilities CVE-2009-1788, CVE-2009-1791 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: libsndfile1 1.0.17-4ubuntu0.8.04.2 Ubuntu 8.10: libsndfile1 1.0.17-4ubuntu0.8.10.2 Ubuntu 9.04: libsndfile1 1.0.17-4ubuntu1.1 After a standard system upgrade you need to restart your session to effect the necessary changes. Details follow: Tobias Klein discovered a heap-based buffer overflow in libsndfile. If a user or automated system processed a crafted VOC file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-1788) Erik de Castro Lopo discovered a similar heap-based buffer overflow when processing AIFF files. If a user or automated system processed a crafted AIFF file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-1791) Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile_1.0.17-4ubuntu0.8.04.2.diff.gz Size/MD5: 10982 155661fd8f753ba4f40339ce22653247 http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile_1.0.17-4ubuntu0.8.04.2.dsc Size/MD5: 824 6a662dc8fc04a7155fa0d7618a1ad08a http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile_1.0.17.orig.tar.gz Size/MD5: 819456 2d126c35448503f6dbe33934d9581f6b amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu0.8.04.2_amd64.deb Size/MD5: 333080 b04139894513c7f772d43e9faa9d5067 http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu0.8.04.2_amd64.deb Size/MD5: 191356 fd8af059d7a228a774dfd3faa618c95b http://security.ubuntu.com/ubuntu/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu0.8.04.2_amd64.deb Size/MD5: 73174 f67ac788caaf442a70be9873e4fab279 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu0.8.04.2_i386.deb Size/MD5: 324752 fb5068446e64c7ce2155e2f8876d0883 http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu0.8.04.2_i386.deb Size/MD5: 198188 52fba9ba7cae8403dd1c89a22f959a46 http://security.ubuntu.com/ubuntu/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu0.8.04.2_i386.deb Size/MD5: 73246 e0b79992b197d3f93dc8edde921a221d lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu0.8.04.2_lpia.deb Size/MD5: 324684 439609dc430fd09076b62ea35e4f4464 http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu0.8.04.2_lpia.deb Size/MD5: 195676 7918d6d6246b28e79bc1b9a092b45f1b http://ports.ubuntu.com/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu0.8.04.2_lpia.deb Size/MD5: 73358 ddcde3a1cd6b548a67cb96744a47a403 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu0.8.04.2_powerpc.deb Size/MD5: 358530 e07d0e3e996daa11c87c2e47f7b16740 http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu0.8.04.2_powerpc.deb Size/MD5: 211398 ef31fbb5159f8027f6aff3d3b631340a http://ports.ubuntu.com/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu0.8.04.2_powerpc.deb Size/MD5: 81430 79a0fe9fca817a1def72401f8d6fab27 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu0.8.04.2_sparc.deb Size/MD5: 344850 c863297579ed7c75bcc45c530395def7 http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu0.8.04.2_sparc.deb Size/MD5: 207728 ef30bf99c77a71e4cc5a3844e0ec57bf http://ports.ubuntu.com/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu0.8.04.2_sparc.deb Size/MD5: 73910 5a7debb649fc2a2cc2461ea127b6a6de Updated packages for Ubuntu 8.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile_1.0.17-4ubuntu0.8.10.2.diff.gz Size/MD5: 10907 575d2f2d12e8db8b2d975ad93af0ae7f http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile_1.0.17-4ubuntu0.8.10.2.dsc Size/MD5: 1246 1473cdcd71be22f356774c9b3af100ba http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile_1.0.17.orig.tar.gz Size/MD5: 819456 2d126c35448503f6dbe33934d9581f6b amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu0.8.10.2_amd64.deb Size/MD5: 333584 4d05fd58323f63c0e1c90fbcf47e6461 http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu0.8.10.2_amd64.deb Size/MD5: 191956 39c0e51aad0fdc21621b2fea5407e778 http://security.ubuntu.com/ubuntu/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu0.8.10.2_amd64.deb Size/MD5: 73366 d6fc5435dc0e4ddc45bf36bd7dac711b i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu0.8.10.2_i386.deb Size/MD5: 326114 112da713fedd65c179e034ad239fb03d http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu0.8.10.2_i386.deb Size/MD5: 198058 7caaf04a95079d7356f30e1c6fcb7932 http://security.ubuntu.com/ubuntu/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu0.8.10.2_i386.deb Size/MD5: 73030 06201e76a7ffc1c35ccaea4dac5c8973 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu0.8.10.2_lpia.deb Size/MD5: 326654 4f380598f5fcae42a281782145624e17 http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu0.8.10.2_lpia.deb Size/MD5: 195562 a2463e000507c083fd5aca8045210fe0 http://ports.ubuntu.com/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu0.8.10.2_lpia.deb Size/MD5: 73060 b20bd82c1445509d4e6ab3b0636afd0d powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu0.8.10.2_powerpc.deb Size/MD5: 362952 30dda722711cf6930d2f112ac3ef2d3c http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu0.8.10.2_powerpc.deb Size/MD5: 213986 69ad9ce28a9b8aa7b2a9b9fc2c61a240 http://ports.ubuntu.com/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu0.8.10.2_powerpc.deb Size/MD5: 79728 7b046cf7c7312783e48034b48bdcaff4 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu0.8.10.2_sparc.deb Size/MD5: 343486 67a39e6143e1b33b3eecdb9aed2020ec http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu0.8.10.2_sparc.deb Size/MD5: 207084 77a3b68d322ee5857c6a0dcc57178773 http://ports.ubuntu.com/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu0.8.10.2_sparc.deb Size/MD5: 74356 a3ecc688b185b368849bf284940a1111 Updated packages for Ubuntu 9.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile_1.0.17-4ubuntu1.1.diff.gz Size/MD5: 10906 4d67346d4b234a24f1702db8416b659b http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile_1.0.17-4ubuntu1.1.dsc Size/MD5: 1226 66033b4a297da65c1eac8c3d6bc52d4d http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile_1.0.17.orig.tar.gz Size/MD5: 819456 2d126c35448503f6dbe33934d9581f6b amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu1.1_amd64.deb Size/MD5: 333568 81effb867b06ff55d7f717b992bfa00a http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu1.1_amd64.deb Size/MD5: 191992 77e6b0cc7f4ec916aec7719804130db2 http://security.ubuntu.com/ubuntu/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu1.1_amd64.deb Size/MD5: 73370 3ec22a3cdf1591946665c1845d1b23a4 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu1.1_i386.deb Size/MD5: 326024 f902489ec7c868980fa19aa5bf67036c http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu1.1_i386.deb Size/MD5: 198042 f79fab4035ccb7c3a6c6bed87aab0856 http://security.ubuntu.com/ubuntu/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu1.1_i386.deb Size/MD5: 73006 e091f44791a81cb0006de499f9c8c6d8 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu1.1_lpia.deb Size/MD5: 326676 fada9260676efa608819f89056ecba4e http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu1.1_lpia.deb Size/MD5: 195524 09cab783834300ce75dd766ec66d65b2 http://ports.ubuntu.com/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu1.1_lpia.deb Size/MD5: 73054 fb525e51642b7884b0b442e40978613e powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu1.1_powerpc.deb Size/MD5: 362950 920b7886bc0a847cfb6d3bcd0e7863a7 http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu1.1_powerpc.deb Size/MD5: 214130 c6519b329e02e78b556220f49943892a http://ports.ubuntu.com/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu1.1_powerpc.deb Size/MD5: 79716 c1f778e7d070917ca90e444417faadf1 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu1.1_sparc.deb Size/MD5: 343614 ada56da81ff52d2e75d8a4c5da00e125 http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu1.1_sparc.deb Size/MD5: 207166 f8486ee41baeb2d611eaf71d94b4aa35 http://ports.ubuntu.com/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu1.1_sparc.deb Size/MD5: 74360 e88f167db87963c3121b26bbbbc99150
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/