Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 543
Alerts This Week
Warning Icon 1 543

Ubuntu 19.04 and 18.04 LTS: Addressing DoS Vulnerability in SoX USN-4079-2

ubuntu
Calendar Grey August 1, 2019
Dist Ubuntu Esm H88
SoX security flaws in Ubuntu may lead to Denial of Service attacks due to maliciously designed files. Ensure you update your system immediately.
SoX could be made to crash if it received a specially crafted MP3 file.

Summary

SoX could be made to crash if it received a specially crafted MP3 file.

Software Description:

- sox: Swiss army knife of sound processing

Details:

USN-4079-1 fixed vulnerabilities in SoX. This update provides the corresponding

update for Ubuntu 18.04 LTS and Ubuntu 19.04.

Original advisory details:

It was discovered that SoX incorrectly handled certain MP3 files. An attacker

could possibly use this issue to cause a denial of service. (CVE-2019-8354,

CVE-2019-8355, CVE-2019-8356, CVE-2019-8357)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.04:
  libsox3                         14.4.2-3ubuntu0.19.04.1
  sox                             14.4.2-3ubuntu0.19.04.1

Ubuntu 18.04 LTS:
  libsox3                         14.4.2-3ubuntu0.18.04.1
  sox                             14.4.2-3ubuntu0.18.04.1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4079-2

https://ubuntu.com/security/notices/USN-4079-1

CVE-2019-8354, CVE-2019-8355, CVE-2019-8356, CVE-2019-8357

Severity
important
Lowest
Low
Medium
High
Critical

August 01, 2019

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.