Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 438
Alerts This Week
Warning Icon 1 438

Ubuntu 16.04 LTS: USN-4704-1 Moderate: Libsndfile Denial Of Service

ubuntu
Calendar Grey January 26, 2021
Dist Ubuntu Esm H88
Ubuntu Security Notice USN-4705-1 involves vulnerabilities identified in libpng, leading to possible security breaches or remote code execution risks.
Several security issues were fixed in libsndfile.

Summary

Several security issues were fixed in libsndfile.

Software Description:

- libsndfile: Library for reading/writing audio files

Details:

It was discovered that libsndfile incorrectly handled certain malformed

files. A remote attacker could use this issue to cause libsndfile to

crash, resulting in a denial of service, or possibly execute arbitrary

code. (CVE-2017-12562)

It was discovered that libsndfile incorrectly handled certain malformed

files. A remote attacker could use this issue to cause libsndfile to

crash, resulting in a denial of service, or possibly execute arbitrary

code. This issue only affected Ubuntu 14.04 ESM. (CVE-2017-14245,

CVE-2017-14246, CVE-2017-14634, CVE-2017-16942, CVE-2017-6892,

CVE-2018-13139, CVE-2018-19432, CVE-2018-19661, CVE-2018-19662,

CVE-2018-19758, CVE-2019-3832)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
  libsndfile1                     1.0.25-10ubuntu0.16.04.3
  sndfile-programs                1.0.25-10ubuntu0.16.04.3

Ubuntu 14.04 ESM:
  libsndfile1                     1.0.25-7ubuntu2.2+esm1
  sndfile-programs                1.0.25-7ubuntu2.2+esm1

After a standard system update you need to restart your session to make all
the necessary changes.

References

https://ubuntu.com/security/notices/USN-4704-1

CVE-2017-12562, CVE-2017-14245, CVE-2017-14246, CVE-2017-14634,

CVE-2017-16942, CVE-2017-6892, CVE-2018-13139, CVE-2018-19432,

CVE-2018-19661, CVE-2018-19662, CVE-2018-19758, CVE-2019-3832

Severity
important
Lowest
Low
Medium
High
Critical

January 26, 2021

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.