Ubuntu 912-1: Audio File Library vulnerability

    Date16 Mar 2010
    CategoryUbuntu
    84
    Posted ByLinuxSecurity Advisories
    It was discovered that Audio File Library contained a heap-based buffer overflow. If a user or automated system processed a crafted WAV file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. The default compiler options for Ubuntu should reduce this [More...]
    ===========================================================
    Ubuntu Security Notice USN-912-1             March 16, 2010
    audiofile vulnerability
    CVE-2008-5824
    ===========================================================
    
    A security issue affects the following Ubuntu releases:
    
    Ubuntu 6.06 LTS
    Ubuntu 8.04 LTS
    Ubuntu 8.10
    Ubuntu 9.04
    Ubuntu 9.10
    
    This advisory also applies to the corresponding versions of
    Kubuntu, Edubuntu, and Xubuntu.
    
    The problem can be corrected by upgrading your system to the
    following package versions:
    
    Ubuntu 6.06 LTS:
      libaudiofile0                   0.2.6-6ubuntu1.1
    
    Ubuntu 8.04 LTS:
      libaudiofile0                   0.2.6-7ubuntu1.8.04.1
    
    Ubuntu 8.10:
      libaudiofile0                   0.2.6-7ubuntu1.8.10.1
    
    Ubuntu 9.04:
      libaudiofile0                   0.2.6-7ubuntu1.9.04.1
    
    Ubuntu 9.10:
      libaudiofile0                   0.2.6-7ubuntu2.1
    
    In general, a standard system upgrade is sufficient to effect the
    necessary changes.
    
    Details follow:
    
    It was discovered that Audio File Library contained a heap-based buffer
    overflow. If a user or automated system processed a crafted WAV file, an
    attacker could cause a denial of service via application crash, or possibly
    execute arbitrary code with the privileges of the user invoking the
    program. The default compiler options for Ubuntu should reduce this
    vulnerability to a denial of service.
    
    
    Updated packages for Ubuntu 6.06 LTS:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/a/audiofile/audiofile_0.2.6-6ubuntu1.1.diff.gz
          Size/MD5:   302901 219276d6c18f8b63ad638ed602bd2ad7
        http://security.ubuntu.com/ubuntu/pool/main/a/audiofile/audiofile_0.2.6-6ubuntu1.1.dsc
          Size/MD5:      643 80de09b443107b49ecd7931517c609d6
        http://security.ubuntu.com/ubuntu/pool/main/a/audiofile/audiofile_0.2.6.orig.tar.gz
          Size/MD5:   374688 9c1049876cd51c0f1b12c2886cce4d42
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon):
    
        http://security.ubuntu.com/ubuntu/pool/main/a/audiofile/libaudiofile-dev_0.2.6-6ubuntu1.1_amd64.deb
          Size/MD5:   129590 5cee2953ed55227471f317af22c2e2c2
        http://security.ubuntu.com/ubuntu/pool/main/a/audiofile/libaudiofile0_0.2.6-6ubuntu1.1_amd64.deb
          Size/MD5:    82702 f6f5dedd9add9821d6e8b6b49979f5d6
    
      i386 architecture (x86 compatible Intel/AMD):
    
        http://security.ubuntu.com/ubuntu/pool/main/a/audiofile/libaudiofile-dev_0.2.6-6ubuntu1.1_i386.deb
          Size/MD5:   112456 46bb53fa1deecee3eaa46aea87620d45
        http://security.ubuntu.com/ubuntu/pool/main/a/audiofile/libaudiofile0_0.2.6-6ubuntu1.1_i386.deb
          Size/MD5:    72982 ce9db1ce6a213d15e72c215940633153
    
      powerpc architecture (Apple Macintosh G3/G4/G5):
    
        http://security.ubuntu.com/ubuntu/pool/main/a/audiofile/libaudiofile-dev_0.2.6-6ubuntu1.1_powerpc.deb
          Size/MD5:   128538 8c215988dcd09545a4bf11d14e6b6265
        http://security.ubuntu.com/ubuntu/pool/main/a/audiofile/libaudiofile0_0.2.6-6ubuntu1.1_powerpc.deb
          Size/MD5:    80720 618e712682880ae0e2baeb4b1843cb8b
    
      sparc architecture (Sun SPARC/UltraSPARC):
    
        http://security.ubuntu.com/ubuntu/pool/main/a/audiofile/libaudiofile-dev_0.2.6-6ubuntu1.1_sparc.deb
          Size/MD5:   118488 ed8e93e43caae3da56f1557987d4556d
        http://security.ubuntu.com/ubuntu/pool/main/a/audiofile/libaudiofile0_0.2.6-6ubuntu1.1_sparc.deb
          Size/MD5:    75650 09d417d2f5522ec3339a0d739fa00fc3
    
    Updated packages for Ubuntu 8.04 LTS:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/a/audiofile/audiofile_0.2.6-7ubuntu1.8.04.1.diff.gz
          Size/MD5:   301570 b74f6bf26ad6e4e149b7f040dc83c02a
        http://security.ubuntu.com/ubuntu/pool/main/a/audiofile/audiofile_0.2.6-7ubuntu1.8.04.1.dsc
          Size/MD5:      752 3a23c9810f8c525dc537846d258d19bb
        http://security.ubuntu.com/ubuntu/pool/main/a/audiofile/audiofile_0.2.6.orig.tar.gz
          Size/MD5:   374688 9c1049876cd51c0f1b12c2886cce4d42
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon):
    
        http://security.ubuntu.com/ubuntu/pool/main/a/audiofile/libaudiofile-dev_0.2.6-7ubuntu1.8.04.1_amd64.deb
          Size/MD5:   130162 4edd68b979026eecd4cb8d9f12eeedb4
        http://security.ubuntu.com/ubuntu/pool/main/a/audiofile/libaudiofile0-dbg_0.2.6-7ubuntu1.8.04.1_amd64.deb
          Size/MD5:   170858 47101ef13ef8a6d280f66d7f770491d2
        http://security.ubuntu.com/ubuntu/pool/main/a/audiofile/libaudiofile0_0.2.6-7ubuntu1.8.04.1_amd64.deb
          Size/MD5:    83116 accfd8919bfa855cc44cb4ff640fe85f
    
      i386 architecture (x86 compatible Intel/AMD):
    
        http://security.ubuntu.com/ubuntu/pool/main/a/audiofile/libaudiofile-dev_0.2.6-7ubuntu1.8.04.1_i386.deb
          Size/MD5:   120208 ad2eac015641a8cf1f268eb8ecdfacfe
        http://security.ubuntu.com/ubuntu/pool/main/a/audiofile/libaudiofile0-dbg_0.2.6-7ubuntu1.8.04.1_i386.deb
          Size/MD5:   166104 65bcd8b0374985e83cd16f47b058affb
        http://security.ubuntu.com/ubuntu/pool/main/a/audiofile/libaudiofile0_0.2.6-7ubuntu1.8.04.1_i386.deb
          Size/MD5:    80666 5d6d3628c841a7dd03285853f70df63f
    
      lpia architecture (Low Power Intel Architecture):
    
        http://ports.ubuntu.com/pool/main/a/audiofile/libaudiofile-dev_0.2.6-7ubuntu1.8.04.1_lpia.deb
          Size/MD5:   119634 d1f65214afe96e0b466b65dc4e4a11e4
        http://ports.ubuntu.com/pool/main/a/audiofile/libaudiofile0-dbg_0.2.6-7ubuntu1.8.04.1_lpia.deb
          Size/MD5:   167400 68f11b3e08e9233e1c4082db6be0cf10
        http://ports.ubuntu.com/pool/main/a/audiofile/libaudiofile0_0.2.6-7ubuntu1.8.04.1_lpia.deb
          Size/MD5:    79786 84d52454612e31f8c8398058397fea73
    
      powerpc architecture (Apple Macintosh G3/G4/G5):
    
        http://ports.ubuntu.com/pool/main/a/audiofile/libaudiofile-dev_0.2.6-7ubuntu1.8.04.1_powerpc.deb
          Size/MD5:   132896 22e2869426403ef065cf2a53c2686e2d
        http://ports.ubuntu.com/pool/main/a/audiofile/libaudiofile0-dbg_0.2.6-7ubuntu1.8.04.1_powerpc.deb
          Size/MD5:   171180 cd1b02762e4d14e2b8f91ca3fbdd1b47
        http://ports.ubuntu.com/pool/main/a/audiofile/libaudiofile0_0.2.6-7ubuntu1.8.04.1_powerpc.deb
          Size/MD5:    84982 21f33a64e72092fb6903b32f1a3115a6
    
      sparc architecture (Sun SPARC/UltraSPARC):
    
        http://ports.ubuntu.com/pool/main/a/audiofile/libaudiofile-dev_0.2.6-7ubuntu1.8.04.1_sparc.deb
          Size/MD5:   120590 6e70a16cf99c72b2dbb04a738b50a375
        http://ports.ubuntu.com/pool/main/a/audiofile/libaudiofile0-dbg_0.2.6-7ubuntu1.8.04.1_sparc.deb
          Size/MD5:   158008 28f2fb88b6355381e216b339cb61dafa
        http://ports.ubuntu.com/pool/main/a/audiofile/libaudiofile0_0.2.6-7ubuntu1.8.04.1_sparc.deb
          Size/MD5:    78432 037e503ef41fec2769cc0da95a553c1c
    
    Updated packages for Ubuntu 8.10:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/a/audiofile/audiofile_0.2.6-7ubuntu1.8.10.1.diff.gz
          Size/MD5:   301306 8dc04c2a7a72baa627e9187925d70a95
        http://security.ubuntu.com/ubuntu/pool/main/a/audiofile/audiofile_0.2.6-7ubuntu1.8.10.1.dsc
          Size/MD5:     1168 54e9403b23b0f24b6583a1f6900669fa
        http://security.ubuntu.com/ubuntu/pool/main/a/audiofile/audiofile_0.2.6.orig.tar.gz
          Size/MD5:   374688 9c1049876cd51c0f1b12c2886cce4d42
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon):
    
        http://security.ubuntu.com/ubuntu/pool/main/a/audiofile/libaudiofile-dev_0.2.6-7ubuntu1.8.10.1_amd64.deb
          Size/MD5:   131490 f5912b989f3feb6b1ef9268d8088c311
        http://security.ubuntu.com/ubuntu/pool/main/a/audiofile/libaudiofile0-dbg_0.2.6-7ubuntu1.8.10.1_amd64.deb
          Size/MD5:   175686 c376b5a33e568b077677baa6b79a7f03
        http://security.ubuntu.com/ubuntu/pool/main/a/audiofile/libaudiofile0_0.2.6-7ubuntu1.8.10.1_amd64.deb
          Size/MD5:    84166 e7a9dc74061e3976868564dee5b9d8f9
    
      i386 architecture (x86 compatible Intel/AMD):
    
        http://security.ubuntu.com/ubuntu/pool/main/a/audiofile/libaudiofile-dev_0.2.6-7ubuntu1.8.10.1_i386.deb
          Size/MD5:   121178 eaba11ebecd9b772c341e3bf570798ed
        http://security.ubuntu.com/ubuntu/pool/main/a/audiofile/libaudiofile0-dbg_0.2.6-7ubuntu1.8.10.1_i386.deb
          Size/MD5:   171668 244c8f70331d029ad4b5092316ae0fe8
        http://security.ubuntu.com/ubuntu/pool/main/a/audiofile/libaudiofile0_0.2.6-7ubuntu1.8.10.1_i386.deb
          Size/MD5:    81470 c1f39666416fe41d261bafbd86ecfbc1
    
      lpia architecture (Low Power Intel Architecture):
    
        http://ports.ubuntu.com/pool/main/a/audiofile/libaudiofile-dev_0.2.6-7ubuntu1.8.10.1_lpia.deb
          Size/MD5:   119476 7333bea4e17daf49289bea16ead861dd
        http://ports.ubuntu.com/pool/main/a/audiofile/libaudiofile0-dbg_0.2.6-7ubuntu1.8.10.1_lpia.deb
          Size/MD5:   173368 028de04a02dbc783dccb8bf1c9b72901
        http://ports.ubuntu.com/pool/main/a/audiofile/libaudiofile0_0.2.6-7ubuntu1.8.10.1_lpia.deb
          Size/MD5:    79646 26c89990c551c4ba56a88baa24b1768d
    
      powerpc architecture (Apple Macintosh G3/G4/G5):
    
        http://ports.ubuntu.com/pool/main/a/audiofile/libaudiofile-dev_0.2.6-7ubuntu1.8.10.1_powerpc.deb
          Size/MD5:   133738 006a2a1dfc02c48955b540d058537350
        http://ports.ubuntu.com/pool/main/a/audiofile/libaudiofile0-dbg_0.2.6-7ubuntu1.8.10.1_powerpc.deb
          Size/MD5:   177158 38d340c5a7f1e875aef71bc770cb6aba
        http://ports.ubuntu.com/pool/main/a/audiofile/libaudiofile0_0.2.6-7ubuntu1.8.10.1_powerpc.deb
          Size/MD5:    85894 b0914e1fe1e9a214fa9c6fd594b9a62e
    
      sparc architecture (Sun SPARC/UltraSPARC):
    
        http://ports.ubuntu.com/pool/main/a/audiofile/libaudiofile-dev_0.2.6-7ubuntu1.8.10.1_sparc.deb
          Size/MD5:   121138 a3bcc249b7bb3ac60e30efb3d53f73b6
        http://ports.ubuntu.com/pool/main/a/audiofile/libaudiofile0-dbg_0.2.6-7ubuntu1.8.10.1_sparc.deb
          Size/MD5:   162950 8f15e647b53969857bfc59a3acb095d8
        http://ports.ubuntu.com/pool/main/a/audiofile/libaudiofile0_0.2.6-7ubuntu1.8.10.1_sparc.deb
          Size/MD5:    78690 d23bc4d2f4c28abc4af7eaea91ac52e4
    
    Updated packages for Ubuntu 9.04:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/a/audiofile/audiofile_0.2.6-7ubuntu1.9.04.1.diff.gz
          Size/MD5:   301304 d77917f45620d8f6470519dcc4b41064
        http://security.ubuntu.com/ubuntu/pool/main/a/audiofile/audiofile_0.2.6-7ubuntu1.9.04.1.dsc
          Size/MD5:     1168 f91faf8480acf6c2e202f2af6e4bde06
        http://security.ubuntu.com/ubuntu/pool/main/a/audiofile/audiofile_0.2.6.orig.tar.gz
          Size/MD5:   374688 9c1049876cd51c0f1b12c2886cce4d42
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon):
    
        http://security.ubuntu.com/ubuntu/pool/main/a/audiofile/libaudiofile-dev_0.2.6-7ubuntu1.9.04.1_amd64.deb
          Size/MD5:   131450 c27949b4e25e9f6d6f42f28d4616cda3
        http://security.ubuntu.com/ubuntu/pool/main/a/audiofile/libaudiofile0-dbg_0.2.6-7ubuntu1.9.04.1_amd64.deb
          Size/MD5:   175640 8f86e1bafa6e486a6785d3f2bd9950b8
        http://security.ubuntu.com/ubuntu/pool/main/a/audiofile/libaudiofile0_0.2.6-7ubuntu1.9.04.1_amd64.deb
          Size/MD5:    84234 a83780d1f29cdbb88965d2e9e3922946
    
      i386 architecture (x86 compatible Intel/AMD):
    
        http://security.ubuntu.com/ubuntu/pool/main/a/audiofile/libaudiofile-dev_0.2.6-7ubuntu1.9.04.1_i386.deb
          Size/MD5:   121068 8c3634b5840f7ffc61953d4f4206ba6a
        http://security.ubuntu.com/ubuntu/pool/main/a/audiofile/libaudiofile0-dbg_0.2.6-7ubuntu1.9.04.1_i386.deb
          Size/MD5:   171650 1fb9b39a232d276eee3fe5af621a0d8a
        http://security.ubuntu.com/ubuntu/pool/main/a/audiofile/libaudiofile0_0.2.6-7ubuntu1.9.04.1_i386.deb
          Size/MD5:    81468 1b187db90c9744f9611e1b88c458c3ff
    
      lpia architecture (Low Power Intel Architecture):
    
        http://ports.ubuntu.com/pool/main/a/audiofile/libaudiofile-dev_0.2.6-7ubuntu1.9.04.1_lpia.deb
          Size/MD5:   119454 d5418aaa5e3c2daf69cd7ca220ee4f81
        http://ports.ubuntu.com/pool/main/a/audiofile/libaudiofile0-dbg_0.2.6-7ubuntu1.9.04.1_lpia.deb
          Size/MD5:   173380 61f10733cfb0faa5fcebf0674e4a4b50
        http://ports.ubuntu.com/pool/main/a/audiofile/libaudiofile0_0.2.6-7ubuntu1.9.04.1_lpia.deb
          Size/MD5:    79682 13aff197958454037cb1007264886de9
    
      powerpc architecture (Apple Macintosh G3/G4/G5):
    
        http://ports.ubuntu.com/pool/main/a/audiofile/libaudiofile-dev_0.2.6-7ubuntu1.9.04.1_powerpc.deb
          Size/MD5:   133740 52e5fb813e2d5ed9fc9b30dab779976a
        http://ports.ubuntu.com/pool/main/a/audiofile/libaudiofile0-dbg_0.2.6-7ubuntu1.9.04.1_powerpc.deb
          Size/MD5:   177090 c3d192f5b91ed36d42b92cdf7e9f976b
        http://ports.ubuntu.com/pool/main/a/audiofile/libaudiofile0_0.2.6-7ubuntu1.9.04.1_powerpc.deb
          Size/MD5:    85910 62631a54e0a4505437996414b80f4874
    
      sparc architecture (Sun SPARC/UltraSPARC):
    
        http://ports.ubuntu.com/pool/main/a/audiofile/libaudiofile-dev_0.2.6-7ubuntu1.9.04.1_sparc.deb
          Size/MD5:   121122 4a68df75d4aa82309553b4345f9872ef
        http://ports.ubuntu.com/pool/main/a/audiofile/libaudiofile0-dbg_0.2.6-7ubuntu1.9.04.1_sparc.deb
          Size/MD5:   162908 b39c0b25189c22724f905a0a9fd58674
        http://ports.ubuntu.com/pool/main/a/audiofile/libaudiofile0_0.2.6-7ubuntu1.9.04.1_sparc.deb
          Size/MD5:    78638 76ab2be753cabfed8ac6894124394113
    
    Updated packages for Ubuntu 9.10:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/a/audiofile/audiofile_0.2.6-7ubuntu2.1.diff.gz
          Size/MD5:   301475 5c2b94d6beb4df927925b200c62eec50
        http://security.ubuntu.com/ubuntu/pool/main/a/audiofile/audiofile_0.2.6-7ubuntu2.1.dsc
          Size/MD5:     1148 f849629d93804d02acc0e2ed2a271331
        http://security.ubuntu.com/ubuntu/pool/main/a/audiofile/audiofile_0.2.6.orig.tar.gz
          Size/MD5:   374688 9c1049876cd51c0f1b12c2886cce4d42
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon):
    
        http://security.ubuntu.com/ubuntu/pool/main/a/audiofile/libaudiofile-dev_0.2.6-7ubuntu2.1_amd64.deb
          Size/MD5:   131932 b5b104235ad949c1fe4ae93705924e5c
        http://security.ubuntu.com/ubuntu/pool/main/a/audiofile/libaudiofile0-dbg_0.2.6-7ubuntu2.1_amd64.deb
          Size/MD5:   169872 21b1d9905077fbbbbcd37f7455e3fc62
        http://security.ubuntu.com/ubuntu/pool/main/a/audiofile/libaudiofile0_0.2.6-7ubuntu2.1_amd64.deb
          Size/MD5:    84304 f84f46a17031e1a89972438cfb44d205
    
      i386 architecture (x86 compatible Intel/AMD):
    
        http://security.ubuntu.com/ubuntu/pool/main/a/audiofile/libaudiofile-dev_0.2.6-7ubuntu2.1_i386.deb
          Size/MD5:   121594 006b5629077ccebdb976aa85e432d20f
        http://security.ubuntu.com/ubuntu/pool/main/a/audiofile/libaudiofile0-dbg_0.2.6-7ubuntu2.1_i386.deb
          Size/MD5:   171896 60e3265c4cb2129ed721748a88da8fac
        http://security.ubuntu.com/ubuntu/pool/main/a/audiofile/libaudiofile0_0.2.6-7ubuntu2.1_i386.deb
          Size/MD5:    81902 0b90b04c1dc362201f6542b10d7769be
    
      powerpc architecture (Apple Macintosh G3/G4/G5):
    
        http://ports.ubuntu.com/pool/main/a/audiofile/libaudiofile-dev_0.2.6-7ubuntu2.1_powerpc.deb
          Size/MD5:   133930 5fed672f36bd47f2b3b53f59fdce0579
        http://ports.ubuntu.com/pool/main/a/audiofile/libaudiofile0-dbg_0.2.6-7ubuntu2.1_powerpc.deb
          Size/MD5:   175078 6861673b7fc121e2a3be508c2901aa31
        http://ports.ubuntu.com/pool/main/a/audiofile/libaudiofile0_0.2.6-7ubuntu2.1_powerpc.deb
          Size/MD5:    86254 2cffe3721670c0c548895f196393db55
    
      sparc architecture (Sun SPARC/UltraSPARC):
    
        http://ports.ubuntu.com/pool/main/a/audiofile/libaudiofile-dev_0.2.6-7ubuntu2.1_sparc.deb
          Size/MD5:   121156 084d89f2ba5d3922b769930667552e0c
        http://ports.ubuntu.com/pool/main/a/audiofile/libaudiofile0-dbg_0.2.6-7ubuntu2.1_sparc.deb
          Size/MD5:   160424 c1afca99cdda07635ad007e320557d75
        http://ports.ubuntu.com/pool/main/a/audiofile/libaudiofile0_0.2.6-7ubuntu2.1_sparc.deb
          Size/MD5:    78936 e22eb6a2fa56a06f42e49adc82fb8a02
    
    
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"38","type":"x","order":"1","pct":52.05,"resources":[]},{"id":"88","title":"Should be more technical","votes":"10","type":"x","order":"2","pct":13.7,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"25","type":"x","order":"3","pct":34.25,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.