Debian: DSA-1972-2: New audiofile packages fix buffer overflow
Summary
The packages for the stable distribution (lenny) have been released
in DSA-1972-1. For reference, the advisory text is provided below.
Max Kellermann discovered a heap-based buffer overflow in the handling
of ADPCM WAV files in libaudiofile. This flaw could result in a denial
of service (application crash) or possibly execution of arbitrary code
via a crafted WAV file.
The old stable distribution (etch), this problem has been fixed in
version 0.2.6-6+etch1.
For the stable distribution (lenny), this problem has been fixed in
version 0.2.6-7+lenny1.
For the testing distribution (squeeze) and the unstable distribution
(sid), this problem has been fixed in version 0.2.6-7.1.
We recommend that you upgrade your audiofile packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch (oldstable)
Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mipsel, powerpc, s390 and sparc.
Source archives:
Size/MD5 checksum: 300089 dbc542c9c87880f436083facfb3ccc28
Size/MD5 checksum: 629 f9f760bd11ccb13c85266ace4f87d25d
Size/MD5 checksum: 374688 9c1049876cd51c0f1b12c2886cce4d42
alpha architecture (DEC Alpha)
Size/MD5 checksum: 158070 1d27f78ba5efee6f348fdec83497f0cf
Size/MD5 checksum: 89404 0c40bf5eeab7afe6b81c0ca1bc8d4add
amd64 architecture (AMD x86_64 (AMD64))
Size/MD5 checksum: 128468 5307500dd56e86e86236a2e8af9258fe
Size/MD5 checksum: 81598 17ee5acae5158682302d9256688c272e
arm architecture (ARM)
Size/MD5 checksum: 114782 d6ca165e6c39f2475b23b07ea84258f3
Size/MD5 checksum: 73324 e5a3329799553494e43586faa08c5607
hppa architecture (HP PA RISC)
Size/MD5 checksum: 87046 504612c1d8b826a30d55ae7688b9a37c
Size/MD5 checksum: 135608 5f6809474bca61b181113fff73393c56
i386 architecture (Intel ia32)
Size/MD5 checksum: 118410 4e3e58094cfa7314a7160d7f936baafb
Size/MD5 checksum: 77204 e572289bc7e52fc49f256ed6d9ccbf80
ia64 architecture (Intel ia64)
Size/MD5 checksum: 112806 dd5f834b0b56d737f2601c63c776d658
Size/MD5 checksum: 170280 a25c0e6fa1024322810cb29f1204e6ff
mipsel architecture (MIPS (Little Endian))
Size/MD5 checksum: 77280 2c0c057fc9f5848406ec44d26bc369d8
Size/MD5 checksum: 136296 cf83ef8e66b2d8400d5e35ad52232a32
powerpc architecture (PowerPC)
Size/MD5 checksum: 79662 5e2ff6dbb8a86c1c452ef5343a2d4ac7
Size/MD5 checksum: 127768 413cd4a5f93ff94210ccc160643d18ab
s390 architecture (IBM S/390)
Size/MD5 checksum: 82434 933bfc65aff56acea69aa5e416b6a345
Size/MD5 checksum: 125394 c457ac81ef48d6743ff748b211f73283
sparc architecture (Sun SPARC/UltraSPARC)
Size/MD5 checksum: 73952 1b28318b172a18bb6aae3ddc225cf925
Size/MD5 checksum: 117070 9ea6282659991534beffdafe9dc4b985
These files will probably be moved into the stable distribution on
its next update.
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: dists/stable/updates/main
Package info: `apt-cache show