=========================================================== 
Ubuntu Security Notice USN-525-1           October 04, 2007
libsndfile vulnerability
CVE-2007-4974
==========================================================
A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  libsndfile1                     1.0.12-3ubuntu1

Ubuntu 6.10:
  libsndfile1                     1.0.16-1ubuntu0.6.10.1

Ubuntu 7.04:
  libsndfile1                     1.0.16-1ubuntu0.7.04.1

After a standard system upgrade you need to restart your session to affect
the necessary changes.

Details follow:

Robert Buchholz discovered that libsndfile did not correctly validate the
size of its memory buffers.  If a user were tricked into playing a specially
crafted FLAC file, a remote attacker could execute arbitrary code with user
privileges.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

          Size/MD5:     5335 a232e010747ae75f87432f426aaac11f
          Size/MD5:      639 921596b90ab0e2afb1836c7e3c292f73
          Size/MD5:   798471 03718b7b225b298f41c19620b8906108

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:   308020 d1274d3dbeae2e96f3a64b4395051bb6
          Size/MD5:   179202 42f4102ac6cef2c1d4905383f646c2bf
          Size/MD5:    63764 9b35c766d93f8e00590faa6b7d5351e8

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:   300158 e801ce100a759b4481bd9b81501d4321
          Size/MD5:   182324 3ff53ef6c00e306f05e367d316fc303a
          Size/MD5:    63674 ea1f9f762ffbd80df2337fb9dc08e5d1

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:   331752 99e5090a989a123445f2d6f194c36a25
          Size/MD5:   195800 316b04008ac17a3e13be591cf102a659
          Size/MD5:    69338 72f0b032595ce60b82b9f8924cfd9cc5

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:   323540 9d082dcc95f2c43378314df01d301f1f
          Size/MD5:   197678 028e918bd6fb91e953090709974dee3a
          Size/MD5:    64136 e1b0c464a3176e39a03c9645d6c4a6b9

Updated packages for Ubuntu 6.10:

  Source archives:

          Size/MD5:     5525 4a42e83ea97c510607085d6d393addf8
          Size/MD5:      667 9f622edbc2aad7470161a288dcaf8ffa
          Size/MD5:   857117 773b6639672d39b6342030c7fd1e9719

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:   321862 bcf08d7a023e522640f547f8b4519951
          Size/MD5:   188260 eacc338dbf6c34d9cd4fac61b946c4bd
          Size/MD5:    70778 2d616afb614861f00a6fafcc2eab2fb3

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:   314374 91362ac43fb0937b564d1b5fa3242050
          Size/MD5:   196146 33714e82c14ce17e628a0f2a50b7c0bc
          Size/MD5:    70834 fa2eb1049320c90728ada95e5277803b

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:   347156 3301ea8ab145c62df52723d5da21d4aa
          Size/MD5:   208348 d274b82183319d13474a12a367bd3bfd
          Size/MD5:    76186 a4ef0848989d954b40c06f0acd17c59c

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:   335470 1ba9545348975046ebd333d8f33dcbe2
          Size/MD5:   208484 867aaf6cf98f6be0cfdf4b4d17ab5f01
          Size/MD5:    70904 55425663359b4aa24fcd913b2573f2e2

Updated packages for Ubuntu 7.04:

  Source archives:

          Size/MD5:     5658 06937165d9e19c82085e1ade9847b243
          Size/MD5:      751 5f87e71d5f7101fb7e399dc43c3d60cf
          Size/MD5:   857117 773b6639672d39b6342030c7fd1e9719

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:   322110 c271f688da6781c0fd298262f9f7f915
          Size/MD5:   188558 e92db334b4d9c1fd72b2fe00e54612e6
          Size/MD5:    71060 2b363b833ea55410ee2732a413137b5f

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:   314416 41c5020153269c90802136f7129e7bdd
          Size/MD5:   196452 724a2058aaa745a01ecd11b970d84a45
          Size/MD5:    71008 49f10761a1cccaf4ce08508ff22601f4

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:   347362 3be7ff70688b3da0b99fa779f1321a19
          Size/MD5:   210224 3bcc466c8cb926a5595846581b0d6f49
          Size/MD5:    79066 51fbd324f3e3fa3281677408414c6251

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:   335432 00f8abc6db36fcf84b74d85f5163fbd5
          Size/MD5:   208866 b24b1a613ae28805071e6ab3d1912732
          Size/MD5:    71638 85be6e0c7d7e141982053f5d680a76c8

Ubuntu: libsndfile vulnerability

October 4, 2007
Robert Buchholz discovered that libsndfile did not correctly validate the size of its memory buffers

Summary

Update Instructions

References

Severity
Ubuntu Security Notice USN-525-1 October 04, 2007

Package Information

Related News

4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved