Explore top 10 tips to secure your open-source projects now. Read More
×
An issues has been found in taglib, an audio meta-data library. The issue is related to a segmentation violation and a resulting application crash due to processing a crafted WAV file in which an id3 chunk is the only valid chunk. For Debian 11 bullseye, this problem has been fixed in version. Debian LTS Advisory DLA-4450-1
Several security issues were fixed in libsndfile.. ========================================================================== Ubuntu Security Notice USN-7273-1 February 18, 2025 libsndfile vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 14.04 LTS Summary: Several security issues were fixed in libsndfile. Software Description: - libsndfile: Library for reading/writing audio files Details: It was discovered that libsndfile incorrectly handled memory when executing its FLAC codec. If a user or automated system were tricked into processing a specially crafted sound file, an attacker could possibly use this issue to cause a denial of service or obtain sensitive information. (CVE-2021-4156) It was discovered that libsndfile incorrectly handled certain malformed OggVorbis files. An attacker could possibly use this issue to cause libsndfile to crash, resulting in a denial of service. (CVE-2024-50612) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS libsndfile1 1.0.31-2ubuntu0.2 sndfile-programs 1.0.31-2ubuntu0.2 Ubuntu 20.04 LTS libsndfile1 1.0.28-7ubuntu0.3 sndfile-programs 1.0.28-7ubuntu0.3 Ubuntu 18.04 LTS libsndfile1 1.0.28-4ubuntu0.18.04.2+esm2 Available with Ubuntu Pro sndfile-programs 1.0.28-4ubuntu0.18.04.2+esm2 Available with Ubuntu Pro Ubuntu 14.04 LTS libsndfile1 1.0.25-7ubuntu2.2+esm4 Available with Ubuntu Pro sndfile-programs 1.0.25-7ubuntu2.2+esm4 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7273-1 CVE-2021-4156, CVE-2024-50612 Package Information: https://launchpad.net/ubuntu/+source/libsndfile/1.0.31-2ubuntu0.2 https://launchpad.net/ubuntu/+source/libsndfile/1.0.28-7ubuntu0.3 . Multiple security vulnerabilities in libsndfile have been resolved in the Ubuntu operating system. Detailed guidelines for updating and specific releases that are impacted have been provided.. libsndfile updates, Ubuntu security notice, Linux audio library. . Severity: Critical. LinuxSecurity.com Team
Patch for CVE-2022-24599. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-47d4f575a3 2023-11-22 01:22:25.847530 -------------------------------------------------------------------------------- Name : audiofile Product : Fedora 39 Version : 0.3.6 Release : 36.fc39 URL : https://audiofile.68k.org/ Summary : Library for accessing various audio file formats Description : The Audio File library is an implementation of the Audio File Library from SGI, which provides an API for accessing audio file formats like AIFF/AIFF-C, WAVE, and NeXT/Sun .snd/.au files. This library is used by the EsounD daemon. Install audiofile if you are installing EsounD or you need an API for any of the sound file formats it can handle. -------------------------------------------------------------------------------- Update Information: Patch for CVE-2022-24599 -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 13 2023 Gwyn Ciesla - 1:0.3.6-36 Patch for CVE-2022-24599 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2058373 - CVE-2022-24599 audiofile: memory leak in printinfo.c [epel-8] https://bugzilla.redhat.com/show_bug.cgi?id=2058373 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-47d4f575a3' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
https://lib.openmpt.org/libopenmpt/2021/12/23/security-update-0.5.15-releases-0.4.27-0.3.36/. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-a5f824f99a 2021-12-25 01:04:03.133674 --------------------------------------------------------------------------------Name : libopenmpt Product : Fedora 35 Version : 0.5.15 Release : 1.fc35 URL : https://lib.openmpt.org/libopenmpt/ Summary : C/C++ library to decode tracker music module (MOD) files Description : libopenmpt is a cross-platform C++ and C library to decode tracked music files (modules) into a raw PCM audio stream. libopenmpt is based on the player code of the OpenMPT project (Open ModPlug Tracker). In order to avoid code base fragmentation, libopenmpt is developed in the same source code repository as OpenMPT. --------------------------------------------------------------------------------Update Information: https://lib.openmpt.org/libopenmpt/2021/12/23/security-update-0.5.15-releases-0.4.27-0.3.36/ --------------------------------------------------------------------------------ChangeLog: * Thu Dec 23 2021 Michael Schwendt - 0.5.15-1 - update to 0.5.15 (security release) --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-a5f824f99a' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
https://lib.openmpt.org/libopenmpt/2021/12/05/security-updates-0.5.14-0.4.26-0.3.35/ ---- https://lib.openmpt.org/libopenmpt/2021/11/14/releases-0.5.13-0.4.25-0.3.34/. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-a1be246e88 2021-12-15 01:32:56.667084 --------------------------------------------------------------------------------Name : libopenmpt Product : Fedora 34 Version : 0.5.14 Release : 1.fc34 URL : https://lib.openmpt.org/libopenmpt/ Summary : C/C++ library to decode tracker music module (MOD) files Description : libopenmpt is a cross-platform C++ and C library to decode tracked music files (modules) into a raw PCM audio stream. libopenmpt is based on the player code of the OpenMPT project (Open ModPlug Tracker). In order to avoid code base fragmentation, libopenmpt is developed in the same source code repository as OpenMPT. --------------------------------------------------------------------------------Update Information: https://lib.openmpt.org/libopenmpt/2021/12/05/security-updates-0.5.14-0.4.26-0.3.35/ ----https://lib.openmpt.org/libopenmpt/2021/11/14/releases-0.5.13-0.4.25-0.3.34/ --------------------------------------------------------------------------------ChangeLog: * Mon Dec 6 2021 Michael Schwendt - 0.5.14-1 - update to 0.5.14 (security release) * Mon Nov 29 2021 Michael Schwendt - 0.5.13-1 - update to 0.5.13 --------------------------------------------------------------------------------References: [ 1 ] Bug #2028684 - libopenmpt-0.5.13 is available https://bugzilla.redhat.com/show_bug.cgi?id=2028684 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-a1be246e88' at the command line. For more information, refer to the dnf documentation availableat https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
An issue has been found in libsamplerate, an audio sample rate conversion library. Using a crafted audio file a buffer over-read might happen in calc_output_single() in src_sinc.c. . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2845-1
Update to latest bug-fix release including security fixes: https://lib.openmpt.org/libopenmpt/2021/04/11/security-updates-0.5.8-0.4.20-0.3.29/. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-9d4ea81052 2021-05-06 01:00:14.653740 --------------------------------------------------------------------------------Name : libopenmpt Product : Fedora 34 Version : 0.5.8 Release : 1.fc34 URL : https://lib.openmpt.org/libopenmpt/ Summary : C/C++ library to decode tracker music module (MOD) files Description : libopenmpt is a cross-platform C++ and C library to decode tracked music files (modules) into a raw PCM audio stream. libopenmpt is based on the player code of the OpenMPT project (Open ModPlug Tracker). In order to avoid code base fragmentation, libopenmpt is developed in the same source code repository as OpenMPT. --------------------------------------------------------------------------------Update Information: Update to latest bug-fix release including security fixes: https://lib.openmpt.org/libopenmpt/2021/04/11/security-updates-0.5.8-0.4.20-0.3.29/ --------------------------------------------------------------------------------ChangeLog: * Fri Apr 30 2021 Michael Schwendt - 0.5.8-1 - update to 0.5.8 (security release for the 0.5 series) --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-9d4ea81052' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Some more bug-fixes for the stable 0.4.x branch. -- https://lib.openmpt.org/libopenmpt/2021/03/20/security-update-0.5.7-releases-0.4.19-0.3.28/. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-38bacf2af2 2021-04-10 23:05:43.632037 --------------------------------------------------------------------------------Name : libopenmpt Product : Fedora 33 Version : 0.4.19 Release : 1.fc33 URL : https://lib.openmpt.org/libopenmpt/ Summary : C/C++ library to decode tracker music module (MOD) files Description : libopenmpt is a cross-platform C++ and C library to decode tracked music files (modules) into a raw PCM audio stream. libopenmpt is based on the player code of the OpenMPT project (Open ModPlug Tracker). In order to avoid code base fragmentation, libopenmpt is developed in the same source code repository as OpenMPT. --------------------------------------------------------------------------------Update Information: Some more bug-fixes for the stable 0.4.x branch. --https://lib.openmpt.org/libopenmpt/2021/03/20/security-update-0.5.7-releases-0.4.19-0.3.28/ --------------------------------------------------------------------------------ChangeLog: * Fri Apr 2 2021 Michael Schwendt - 0.4.19-1 - update to 0.4.19 (security release for the 0.4 series) --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-38bacf2af2' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Get the latest Linux and open source security news straight to your inbox.