Debian: sox buffer overflow fix

    Date13 Oct 2004
    CategoryDebian
    2231
    Posted ByLinuxSecurity Advisories
    Ulf Harnhammar has reported two vulnerabilities in SoX, a universal sound sample translator, which may be exploited by malicious people to compromise a user's system with a specially crafted .wav file.
    
    --------------------------------------------------------------------------
    Debian Security Advisory DSA 565-1                     This email address is being protected from spambots. You need JavaScript enabled to view it. 
    http://www.debian.org/security/                             Martin Schulze
    October 13th, 2004                       http://www.debian.org/security/faq
    --------------------------------------------------------------------------
    
    Package        : sox
    Vulnerability  : buffer overflow
    Problem-Type   : remote
    Debian-specific: no
    CVE ID         : CAN-2004-0557
    Debian Bug     : 262083
    
    Ulf Harnhammar has reported two vulnerabilities in SoX, a universal
    sound sample translator, which may be exploited by malicious people to
    compromise a user's system with a specially crafted .wav file.
    
    For the stable distribution (woody) these problems have been fixed in
    version 12.17.3-4woody2.
    
    For the unstable distribution (sid) these problems have been fixed in
    version 12.17.4-9.
    
    We recommend that you upgrade your sox package.
    
    
    Upgrade Instructions
    --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 3.0 alias woody
    --------------------------------
    
      Source archives:
    
         http://security.debian.org/pool/updates/main/s/sox/sox_12.17.3-4woody2.dsc
          Size/MD5 checksum:      591 cb5fec82f02cd32b80faebe304ce520b
         http://security.debian.org/pool/updates/main/s/sox/sox_12.17.3-4woody2.diff.gz
          Size/MD5 checksum:     7416 c3cc69a3e01c562f19ae87e1db396698
         http://security.debian.org/pool/updates/main/s/sox/sox_12.17.3.orig.tar.gz
          Size/MD5 checksum:   402599 23b6a2f9f225eebc30d85ec9e1af54a4
    
      Alpha architecture:
    
         http://security.debian.org/pool/updates/main/s/sox/sox_12.17.3-4woody2_alpha.deb
          Size/MD5 checksum:   336076 678c3efb9398209c0eaa81837c399476
         http://security.debian.org/pool/updates/main/s/sox/sox-dev_12.17.3-4woody2_alpha.deb
          Size/MD5 checksum:   193074 f79000b7567eb00ed31500e0aae44d72
    
      ARM architecture:
    
         http://security.debian.org/pool/updates/main/s/sox/sox_12.17.3-4woody2_arm.deb
          Size/MD5 checksum:   260592 43e3adc88d20838848bf259eef1e5663
         http://security.debian.org/pool/updates/main/s/sox/sox-dev_12.17.3-4woody2_arm.deb
          Size/MD5 checksum:   151582 eec28d453add90289b07c85114077131
    
      Intel IA-32 architecture:
    
         http://security.debian.org/pool/updates/main/s/sox/sox_12.17.3-4woody2_i386.deb
          Size/MD5 checksum:   241232 0cbd8714254f8e3383addbf3d1f21cfa
         http://security.debian.org/pool/updates/main/s/sox/sox-dev_12.17.3-4woody2_i386.deb
          Size/MD5 checksum:   136726 369d2b13579121a95fbe30a32aee7b05
    
      Intel IA-64 architecture:
    
         http://security.debian.org/pool/updates/main/s/sox/sox_12.17.3-4woody2_ia64.deb
          Size/MD5 checksum:   400464 4e7c9d20cd13130e042724943f77671a
         http://security.debian.org/pool/updates/main/s/sox/sox-dev_12.17.3-4woody2_ia64.deb
          Size/MD5 checksum:   218374 332c9f352a2e338a23fb10d29844b3f0
    
      HP Precision architecture:
    
         http://security.debian.org/pool/updates/main/s/sox/sox_12.17.3-4woody2_hppa.deb
          Size/MD5 checksum:   305896 d4b2682a2394366c1c483442c81841d9
         http://security.debian.org/pool/updates/main/s/sox/sox-dev_12.17.3-4woody2_hppa.deb
          Size/MD5 checksum:   180884 bc5af7ce55b676059bba44321cfaf0e1
    
      Motorola 680x0 architecture:
    
         http://security.debian.org/pool/updates/main/s/sox/sox_12.17.3-4woody2_m68k.deb
          Size/MD5 checksum:   220024 46f468987f21d4a6c68f52e7c84c86ff
         http://security.debian.org/pool/updates/main/s/sox/sox-dev_12.17.3-4woody2_m68k.deb
          Size/MD5 checksum:   127202 be81e1633da5ee7820446c07e2ee614e
    
      Big endian MIPS architecture:
    
         http://security.debian.org/pool/updates/main/s/sox/sox_12.17.3-4woody2_mips.deb
          Size/MD5 checksum:   291090 6a7727dc32a9b26e13a887e88ff09394
         http://security.debian.org/pool/updates/main/s/sox/sox-dev_12.17.3-4woody2_mips.deb
          Size/MD5 checksum:   167998 af42bc50dc7bc7bc5fbdbc00e03fd630
    
      Little endian MIPS architecture:
    
         http://security.debian.org/pool/updates/main/s/sox/sox_12.17.3-4woody2_mipsel.deb
          Size/MD5 checksum:   290876 0e0a0cbf78f40bd6dd97593bdf4b1871
         http://security.debian.org/pool/updates/main/s/sox/sox-dev_12.17.3-4woody2_mipsel.deb
          Size/MD5 checksum:   168254 79ff397a577a8e1c5eb51d88f51d00d3
    
      PowerPC architecture:
    
         http://security.debian.org/pool/updates/main/s/sox/sox_12.17.3-4woody2_powerpc.deb
          Size/MD5 checksum:   269022 fc13fb341a3dcf15492d07be291dcb38
         http://security.debian.org/pool/updates/main/s/sox/sox-dev_12.17.3-4woody2_powerpc.deb
          Size/MD5 checksum:   166164 46508fb11779d0fa9467b1c70687c054
    
      IBM S/390 architecture:
    
         http://security.debian.org/pool/updates/main/s/sox/sox_12.17.3-4woody2_s390.deb
          Size/MD5 checksum:   254254 c549fb32a18e22aba4361f22c645a66c
         http://security.debian.org/pool/updates/main/s/sox/sox-dev_12.17.3-4woody2_s390.deb
          Size/MD5 checksum:   140188 4f632838362fdbdb5762e311c37edfc5
    
      Sun Sparc architecture:
    
         http://security.debian.org/pool/updates/main/s/sox/sox_12.17.3-4woody2_sparc.deb
          Size/MD5 checksum:   261678 dfe2049b353134fd6f817fe5dba6670d
         http://security.debian.org/pool/updates/main/s/sox/sox-dev_12.17.3-4woody2_sparc.deb
          Size/MD5 checksum:   153940 6eb8611b2ef1e7f70d5992af4f3ab687
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    ---------------------------------------------------------------------------------
    For apt-get: deb  http://security.debian.org/ stable/updates main
    For dpkg-ftp:  ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and  http://packages.debian.org/
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"4","type":"x","order":"1","pct":57.14,"resources":[]},{"id":"88","title":"Should be more technical","votes":"2","type":"x","order":"2","pct":28.57,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"1","type":"x","order":"3","pct":14.29,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.