Debian: DSA-1972-2: New audiofile packages fix buffer overflow

    Date21 Jan 2010
    CategoryDebian
    45
    Posted ByLinuxSecurity Advisories
    This advisory adds the packages for the old stable distribution (etch), with the exception of the mips packages. The updates for the mips architecture will be released when they become available.
    
    - -------------------------------------------------------------------------
    Debian Security Advisory DSA-1972-2                  This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                           Stefan Fritsch
    January 21, 2010                      http://www.debian.org/security/faq
    - -------------------------------------------------------------------------
    
    Package        : audiofile
    Vulnerability  : buffer overflow
    Problem type   : local (remote)
    Debian-specific: no
    CVE Id         : CVE-2008-5824
    Debian bug     : 510205
    
    This advisory adds the packages for the old stable distribution (etch),
    with the exception of the mips packages. The updates for the mips
    architecture will be released when they become available.
    
    The packages for the stable distribution (lenny) have been released
    in DSA-1972-1. For reference, the advisory text is provided below.
    
    Max Kellermann discovered a heap-based buffer overflow in the handling
    of ADPCM WAV files in libaudiofile. This flaw could result in a denial
    of service (application crash) or possibly execution of arbitrary code
    via a crafted WAV file.
    
    The old stable distribution (etch), this problem has been fixed in
    version 0.2.6-6+etch1.
    
    For the stable distribution (lenny), this problem has been fixed in
    version 0.2.6-7+lenny1.
    
    For the testing distribution (squeeze) and the unstable distribution
    (sid), this problem has been fixed in version 0.2.6-7.1.
    
    We recommend that you upgrade your audiofile packages.
    
    Upgrade instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 4.0 alias etch (oldstable)
    - -------------------------------------------
    
    Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mipsel, powerpc, s390 and sparc.
    
    Source archives:
    
      http://security.debian.org/pool/updates/main/a/audiofile/audiofile_0.2.6-6+etch1.diff.gz
        Size/MD5 checksum:   300089 dbc542c9c87880f436083facfb3ccc28
      http://security.debian.org/pool/updates/main/a/audiofile/audiofile_0.2.6-6+etch1.dsc
        Size/MD5 checksum:      629 f9f760bd11ccb13c85266ace4f87d25d
      http://security.debian.org/pool/updates/main/a/audiofile/audiofile_0.2.6.orig.tar.gz
        Size/MD5 checksum:   374688 9c1049876cd51c0f1b12c2886cce4d42
    
    alpha architecture (DEC Alpha)
    
      http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile-dev_0.2.6-6+etch1_alpha.deb
        Size/MD5 checksum:   158070 1d27f78ba5efee6f348fdec83497f0cf
      http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile0_0.2.6-6+etch1_alpha.deb
        Size/MD5 checksum:    89404 0c40bf5eeab7afe6b81c0ca1bc8d4add
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile-dev_0.2.6-6+etch1_amd64.deb
        Size/MD5 checksum:   128468 5307500dd56e86e86236a2e8af9258fe
      http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile0_0.2.6-6+etch1_amd64.deb
        Size/MD5 checksum:    81598 17ee5acae5158682302d9256688c272e
    
    arm architecture (ARM)
    
      http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile-dev_0.2.6-6+etch1_arm.deb
        Size/MD5 checksum:   114782 d6ca165e6c39f2475b23b07ea84258f3
      http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile0_0.2.6-6+etch1_arm.deb
        Size/MD5 checksum:    73324 e5a3329799553494e43586faa08c5607
    
    hppa architecture (HP PA RISC)
    
      http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile0_0.2.6-6+etch1_hppa.deb
        Size/MD5 checksum:    87046 504612c1d8b826a30d55ae7688b9a37c
      http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile-dev_0.2.6-6+etch1_hppa.deb
        Size/MD5 checksum:   135608 5f6809474bca61b181113fff73393c56
    
    i386 architecture (Intel ia32)
    
      http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile-dev_0.2.6-6+etch1_i386.deb
        Size/MD5 checksum:   118410 4e3e58094cfa7314a7160d7f936baafb
      http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile0_0.2.6-6+etch1_i386.deb
        Size/MD5 checksum:    77204 e572289bc7e52fc49f256ed6d9ccbf80
    
    ia64 architecture (Intel ia64)
    
      http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile0_0.2.6-6+etch1_ia64.deb
        Size/MD5 checksum:   112806 dd5f834b0b56d737f2601c63c776d658
      http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile-dev_0.2.6-6+etch1_ia64.deb
        Size/MD5 checksum:   170280 a25c0e6fa1024322810cb29f1204e6ff
    
    mipsel architecture (MIPS (Little Endian))
    
      http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile0_0.2.6-6+etch1_mipsel.deb
        Size/MD5 checksum:    77280 2c0c057fc9f5848406ec44d26bc369d8
      http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile-dev_0.2.6-6+etch1_mipsel.deb
        Size/MD5 checksum:   136296 cf83ef8e66b2d8400d5e35ad52232a32
    
    powerpc architecture (PowerPC)
    
      http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile0_0.2.6-6+etch1_powerpc.deb
        Size/MD5 checksum:    79662 5e2ff6dbb8a86c1c452ef5343a2d4ac7
      http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile-dev_0.2.6-6+etch1_powerpc.deb
        Size/MD5 checksum:   127768 413cd4a5f93ff94210ccc160643d18ab
    
    s390 architecture (IBM S/390)
    
      http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile0_0.2.6-6+etch1_s390.deb
        Size/MD5 checksum:    82434 933bfc65aff56acea69aa5e416b6a345
      http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile-dev_0.2.6-6+etch1_s390.deb
        Size/MD5 checksum:   125394 c457ac81ef48d6743ff748b211f73283
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile0_0.2.6-6+etch1_sparc.deb
        Size/MD5 checksum:    73952 1b28318b172a18bb6aae3ddc225cf925
      http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile-dev_0.2.6-6+etch1_sparc.deb
        Size/MD5 checksum:   117070 9ea6282659991534beffdafe9dc4b985
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and http://packages.debian.org/
    
    You are not authorised to post comments.

    Comments powered by CComment

    Advisories

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"64","type":"x","order":"1","pct":57.14,"resources":[]},{"id":"88","title":"Should be more technical","votes":"15","type":"x","order":"2","pct":13.39,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"33","type":"x","order":"3","pct":29.46,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.