Ubuntu 849-1: libsndfile vulnerabilities

    Date15 Oct 2009
    CategoryUbuntu
    95
    Posted ByLinuxSecurity Advisories
    Tobias Klein discovered a heap-based buffer overflow in libsndfile. If auser or automated system processed a crafted VOC file, an attacker couldcause a denial of service via application crash, or possibly executearbitrary code with the privileges of the user invoking the program.(CVE-2009-1788) [More...]
    ===========================================================
    Ubuntu Security Notice USN-849-1           October 15, 2009
    libsndfile vulnerabilities
    CVE-2009-1788, CVE-2009-1791
    ===========================================================
    
    A security issue affects the following Ubuntu releases:
    
    Ubuntu 8.04 LTS
    Ubuntu 8.10
    Ubuntu 9.04
    
    This advisory also applies to the corresponding versions of
    Kubuntu, Edubuntu, and Xubuntu.
    
    The problem can be corrected by upgrading your system to the
    following package versions:
    
    Ubuntu 8.04 LTS:
      libsndfile1                     1.0.17-4ubuntu0.8.04.2
    
    Ubuntu 8.10:
      libsndfile1                     1.0.17-4ubuntu0.8.10.2
    
    Ubuntu 9.04:
      libsndfile1                     1.0.17-4ubuntu1.1
    
    After a standard system upgrade you need to restart your session to effect
    the necessary changes.
    
    Details follow:
    
    Tobias Klein discovered a heap-based buffer overflow in libsndfile. If a
    user or automated system processed a crafted VOC file, an attacker could
    cause a denial of service via application crash, or possibly execute
    arbitrary code with the privileges of the user invoking the program.
    (CVE-2009-1788)
    
    Erik de Castro Lopo discovered a similar heap-based buffer overflow when
    processing AIFF files. If a user or automated system processed a crafted
    AIFF file, an attacker could cause a denial of service via application
    crash, or possibly execute arbitrary code with the privileges of the user
    invoking the program. (CVE-2009-1791)
    
    
    Updated packages for Ubuntu 8.04 LTS:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile_1.0.17-4ubuntu0.8.04.2.diff.gz
          Size/MD5:    10982 155661fd8f753ba4f40339ce22653247
        http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile_1.0.17-4ubuntu0.8.04.2.dsc
          Size/MD5:      824 6a662dc8fc04a7155fa0d7618a1ad08a
        http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile_1.0.17.orig.tar.gz
          Size/MD5:   819456 2d126c35448503f6dbe33934d9581f6b
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon):
    
        http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu0.8.04.2_amd64.deb
          Size/MD5:   333080 b04139894513c7f772d43e9faa9d5067
        http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu0.8.04.2_amd64.deb
          Size/MD5:   191356 fd8af059d7a228a774dfd3faa618c95b
        http://security.ubuntu.com/ubuntu/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu0.8.04.2_amd64.deb
          Size/MD5:    73174 f67ac788caaf442a70be9873e4fab279
    
      i386 architecture (x86 compatible Intel/AMD):
    
        http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu0.8.04.2_i386.deb
          Size/MD5:   324752 fb5068446e64c7ce2155e2f8876d0883
        http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu0.8.04.2_i386.deb
          Size/MD5:   198188 52fba9ba7cae8403dd1c89a22f959a46
        http://security.ubuntu.com/ubuntu/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu0.8.04.2_i386.deb
          Size/MD5:    73246 e0b79992b197d3f93dc8edde921a221d
    
      lpia architecture (Low Power Intel Architecture):
    
        http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu0.8.04.2_lpia.deb
          Size/MD5:   324684 439609dc430fd09076b62ea35e4f4464
        http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu0.8.04.2_lpia.deb
          Size/MD5:   195676 7918d6d6246b28e79bc1b9a092b45f1b
        http://ports.ubuntu.com/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu0.8.04.2_lpia.deb
          Size/MD5:    73358 ddcde3a1cd6b548a67cb96744a47a403
    
      powerpc architecture (Apple Macintosh G3/G4/G5):
    
        http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu0.8.04.2_powerpc.deb
          Size/MD5:   358530 e07d0e3e996daa11c87c2e47f7b16740
        http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu0.8.04.2_powerpc.deb
          Size/MD5:   211398 ef31fbb5159f8027f6aff3d3b631340a
        http://ports.ubuntu.com/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu0.8.04.2_powerpc.deb
          Size/MD5:    81430 79a0fe9fca817a1def72401f8d6fab27
    
      sparc architecture (Sun SPARC/UltraSPARC):
    
        http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu0.8.04.2_sparc.deb
          Size/MD5:   344850 c863297579ed7c75bcc45c530395def7
        http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu0.8.04.2_sparc.deb
          Size/MD5:   207728 ef30bf99c77a71e4cc5a3844e0ec57bf
        http://ports.ubuntu.com/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu0.8.04.2_sparc.deb
          Size/MD5:    73910 5a7debb649fc2a2cc2461ea127b6a6de
    
    Updated packages for Ubuntu 8.10:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile_1.0.17-4ubuntu0.8.10.2.diff.gz
          Size/MD5:    10907 575d2f2d12e8db8b2d975ad93af0ae7f
        http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile_1.0.17-4ubuntu0.8.10.2.dsc
          Size/MD5:     1246 1473cdcd71be22f356774c9b3af100ba
        http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile_1.0.17.orig.tar.gz
          Size/MD5:   819456 2d126c35448503f6dbe33934d9581f6b
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon):
    
        http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu0.8.10.2_amd64.deb
          Size/MD5:   333584 4d05fd58323f63c0e1c90fbcf47e6461
        http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu0.8.10.2_amd64.deb
          Size/MD5:   191956 39c0e51aad0fdc21621b2fea5407e778
        http://security.ubuntu.com/ubuntu/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu0.8.10.2_amd64.deb
          Size/MD5:    73366 d6fc5435dc0e4ddc45bf36bd7dac711b
    
      i386 architecture (x86 compatible Intel/AMD):
    
        http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu0.8.10.2_i386.deb
          Size/MD5:   326114 112da713fedd65c179e034ad239fb03d
        http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu0.8.10.2_i386.deb
          Size/MD5:   198058 7caaf04a95079d7356f30e1c6fcb7932
        http://security.ubuntu.com/ubuntu/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu0.8.10.2_i386.deb
          Size/MD5:    73030 06201e76a7ffc1c35ccaea4dac5c8973
    
      lpia architecture (Low Power Intel Architecture):
    
        http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu0.8.10.2_lpia.deb
          Size/MD5:   326654 4f380598f5fcae42a281782145624e17
        http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu0.8.10.2_lpia.deb
          Size/MD5:   195562 a2463e000507c083fd5aca8045210fe0
        http://ports.ubuntu.com/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu0.8.10.2_lpia.deb
          Size/MD5:    73060 b20bd82c1445509d4e6ab3b0636afd0d
    
      powerpc architecture (Apple Macintosh G3/G4/G5):
    
        http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu0.8.10.2_powerpc.deb
          Size/MD5:   362952 30dda722711cf6930d2f112ac3ef2d3c
        http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu0.8.10.2_powerpc.deb
          Size/MD5:   213986 69ad9ce28a9b8aa7b2a9b9fc2c61a240
        http://ports.ubuntu.com/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu0.8.10.2_powerpc.deb
          Size/MD5:    79728 7b046cf7c7312783e48034b48bdcaff4
    
      sparc architecture (Sun SPARC/UltraSPARC):
    
        http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu0.8.10.2_sparc.deb
          Size/MD5:   343486 67a39e6143e1b33b3eecdb9aed2020ec
        http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu0.8.10.2_sparc.deb
          Size/MD5:   207084 77a3b68d322ee5857c6a0dcc57178773
        http://ports.ubuntu.com/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu0.8.10.2_sparc.deb
          Size/MD5:    74356 a3ecc688b185b368849bf284940a1111
    
    Updated packages for Ubuntu 9.04:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile_1.0.17-4ubuntu1.1.diff.gz
          Size/MD5:    10906 4d67346d4b234a24f1702db8416b659b
        http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile_1.0.17-4ubuntu1.1.dsc
          Size/MD5:     1226 66033b4a297da65c1eac8c3d6bc52d4d
        http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile_1.0.17.orig.tar.gz
          Size/MD5:   819456 2d126c35448503f6dbe33934d9581f6b
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon):
    
        http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu1.1_amd64.deb
          Size/MD5:   333568 81effb867b06ff55d7f717b992bfa00a
        http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu1.1_amd64.deb
          Size/MD5:   191992 77e6b0cc7f4ec916aec7719804130db2
        http://security.ubuntu.com/ubuntu/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu1.1_amd64.deb
          Size/MD5:    73370 3ec22a3cdf1591946665c1845d1b23a4
    
      i386 architecture (x86 compatible Intel/AMD):
    
        http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu1.1_i386.deb
          Size/MD5:   326024 f902489ec7c868980fa19aa5bf67036c
        http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu1.1_i386.deb
          Size/MD5:   198042 f79fab4035ccb7c3a6c6bed87aab0856
        http://security.ubuntu.com/ubuntu/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu1.1_i386.deb
          Size/MD5:    73006 e091f44791a81cb0006de499f9c8c6d8
    
      lpia architecture (Low Power Intel Architecture):
    
        http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu1.1_lpia.deb
          Size/MD5:   326676 fada9260676efa608819f89056ecba4e
        http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu1.1_lpia.deb
          Size/MD5:   195524 09cab783834300ce75dd766ec66d65b2
        http://ports.ubuntu.com/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu1.1_lpia.deb
          Size/MD5:    73054 fb525e51642b7884b0b442e40978613e
    
      powerpc architecture (Apple Macintosh G3/G4/G5):
    
        http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu1.1_powerpc.deb
          Size/MD5:   362950 920b7886bc0a847cfb6d3bcd0e7863a7
        http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu1.1_powerpc.deb
          Size/MD5:   214130 c6519b329e02e78b556220f49943892a
        http://ports.ubuntu.com/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu1.1_powerpc.deb
          Size/MD5:    79716 c1f778e7d070917ca90e444417faadf1
    
      sparc architecture (Sun SPARC/UltraSPARC):
    
        http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu1.1_sparc.deb
          Size/MD5:   343614 ada56da81ff52d2e75d8a4c5da00e125
        http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu1.1_sparc.deb
          Size/MD5:   207166 f8486ee41baeb2d611eaf71d94b4aa35
        http://ports.ubuntu.com/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu1.1_sparc.deb
          Size/MD5:    74360 e88f167db87963c3121b26bbbbc99150
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"25","type":"x","order":"1","pct":55.56,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":11.11,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"15","type":"x","order":"3","pct":33.33,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.