lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20091015223019.GA3564@severus.strandboge.com>
Date: Thu, 15 Oct 2009 17:30:19 -0500
From: Jamie Strandboge <jamie@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk
Subject: [USN-849-1] libsndfile vulnerabilities

===========================================================
Ubuntu Security Notice USN-849-1           October 15, 2009
libsndfile vulnerabilities
CVE-2009-1788, CVE-2009-1791
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
  libsndfile1                     1.0.17-4ubuntu0.8.04.2

Ubuntu 8.10:
  libsndfile1                     1.0.17-4ubuntu0.8.10.2

Ubuntu 9.04:
  libsndfile1                     1.0.17-4ubuntu1.1

After a standard system upgrade you need to restart your session to effect
the necessary changes.

Details follow:

Tobias Klein discovered a heap-based buffer overflow in libsndfile. If a
user or automated system processed a crafted VOC file, an attacker could
cause a denial of service via application crash, or possibly execute
arbitrary code with the privileges of the user invoking the program.
(CVE-2009-1788)

Erik de Castro Lopo discovered a similar heap-based buffer overflow when
processing AIFF files. If a user or automated system processed a crafted
AIFF file, an attacker could cause a denial of service via application
crash, or possibly execute arbitrary code with the privileges of the user
invoking the program. (CVE-2009-1791)


Updated packages for Ubuntu 8.04 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile_1.0.17-4ubuntu0.8.04.2.diff.gz
      Size/MD5:    10982 155661fd8f753ba4f40339ce22653247
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile_1.0.17-4ubuntu0.8.04.2.dsc
      Size/MD5:      824 6a662dc8fc04a7155fa0d7618a1ad08a
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile_1.0.17.orig.tar.gz
      Size/MD5:   819456 2d126c35448503f6dbe33934d9581f6b

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu0.8.04.2_amd64.deb
      Size/MD5:   333080 b04139894513c7f772d43e9faa9d5067
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu0.8.04.2_amd64.deb
      Size/MD5:   191356 fd8af059d7a228a774dfd3faa618c95b
    http://security.ubuntu.com/ubuntu/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu0.8.04.2_amd64.deb
      Size/MD5:    73174 f67ac788caaf442a70be9873e4fab279

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu0.8.04.2_i386.deb
      Size/MD5:   324752 fb5068446e64c7ce2155e2f8876d0883
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu0.8.04.2_i386.deb
      Size/MD5:   198188 52fba9ba7cae8403dd1c89a22f959a46
    http://security.ubuntu.com/ubuntu/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu0.8.04.2_i386.deb
      Size/MD5:    73246 e0b79992b197d3f93dc8edde921a221d

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu0.8.04.2_lpia.deb
      Size/MD5:   324684 439609dc430fd09076b62ea35e4f4464
    http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu0.8.04.2_lpia.deb
      Size/MD5:   195676 7918d6d6246b28e79bc1b9a092b45f1b
    http://ports.ubuntu.com/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu0.8.04.2_lpia.deb
      Size/MD5:    73358 ddcde3a1cd6b548a67cb96744a47a403

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu0.8.04.2_powerpc.deb
      Size/MD5:   358530 e07d0e3e996daa11c87c2e47f7b16740
    http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu0.8.04.2_powerpc.deb
      Size/MD5:   211398 ef31fbb5159f8027f6aff3d3b631340a
    http://ports.ubuntu.com/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu0.8.04.2_powerpc.deb
      Size/MD5:    81430 79a0fe9fca817a1def72401f8d6fab27

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu0.8.04.2_sparc.deb
      Size/MD5:   344850 c863297579ed7c75bcc45c530395def7
    http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu0.8.04.2_sparc.deb
      Size/MD5:   207728 ef30bf99c77a71e4cc5a3844e0ec57bf
    http://ports.ubuntu.com/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu0.8.04.2_sparc.deb
      Size/MD5:    73910 5a7debb649fc2a2cc2461ea127b6a6de

Updated packages for Ubuntu 8.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile_1.0.17-4ubuntu0.8.10.2.diff.gz
      Size/MD5:    10907 575d2f2d12e8db8b2d975ad93af0ae7f
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile_1.0.17-4ubuntu0.8.10.2.dsc
      Size/MD5:     1246 1473cdcd71be22f356774c9b3af100ba
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile_1.0.17.orig.tar.gz
      Size/MD5:   819456 2d126c35448503f6dbe33934d9581f6b

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu0.8.10.2_amd64.deb
      Size/MD5:   333584 4d05fd58323f63c0e1c90fbcf47e6461
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu0.8.10.2_amd64.deb
      Size/MD5:   191956 39c0e51aad0fdc21621b2fea5407e778
    http://security.ubuntu.com/ubuntu/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu0.8.10.2_amd64.deb
      Size/MD5:    73366 d6fc5435dc0e4ddc45bf36bd7dac711b

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu0.8.10.2_i386.deb
      Size/MD5:   326114 112da713fedd65c179e034ad239fb03d
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu0.8.10.2_i386.deb
      Size/MD5:   198058 7caaf04a95079d7356f30e1c6fcb7932
    http://security.ubuntu.com/ubuntu/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu0.8.10.2_i386.deb
      Size/MD5:    73030 06201e76a7ffc1c35ccaea4dac5c8973

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu0.8.10.2_lpia.deb
      Size/MD5:   326654 4f380598f5fcae42a281782145624e17
    http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu0.8.10.2_lpia.deb
      Size/MD5:   195562 a2463e000507c083fd5aca8045210fe0
    http://ports.ubuntu.com/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu0.8.10.2_lpia.deb
      Size/MD5:    73060 b20bd82c1445509d4e6ab3b0636afd0d

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu0.8.10.2_powerpc.deb
      Size/MD5:   362952 30dda722711cf6930d2f112ac3ef2d3c
    http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu0.8.10.2_powerpc.deb
      Size/MD5:   213986 69ad9ce28a9b8aa7b2a9b9fc2c61a240
    http://ports.ubuntu.com/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu0.8.10.2_powerpc.deb
      Size/MD5:    79728 7b046cf7c7312783e48034b48bdcaff4

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu0.8.10.2_sparc.deb
      Size/MD5:   343486 67a39e6143e1b33b3eecdb9aed2020ec
    http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu0.8.10.2_sparc.deb
      Size/MD5:   207084 77a3b68d322ee5857c6a0dcc57178773
    http://ports.ubuntu.com/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu0.8.10.2_sparc.deb
      Size/MD5:    74356 a3ecc688b185b368849bf284940a1111

Updated packages for Ubuntu 9.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile_1.0.17-4ubuntu1.1.diff.gz
      Size/MD5:    10906 4d67346d4b234a24f1702db8416b659b
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile_1.0.17-4ubuntu1.1.dsc
      Size/MD5:     1226 66033b4a297da65c1eac8c3d6bc52d4d
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile_1.0.17.orig.tar.gz
      Size/MD5:   819456 2d126c35448503f6dbe33934d9581f6b

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu1.1_amd64.deb
      Size/MD5:   333568 81effb867b06ff55d7f717b992bfa00a
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu1.1_amd64.deb
      Size/MD5:   191992 77e6b0cc7f4ec916aec7719804130db2
    http://security.ubuntu.com/ubuntu/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu1.1_amd64.deb
      Size/MD5:    73370 3ec22a3cdf1591946665c1845d1b23a4

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu1.1_i386.deb
      Size/MD5:   326024 f902489ec7c868980fa19aa5bf67036c
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu1.1_i386.deb
      Size/MD5:   198042 f79fab4035ccb7c3a6c6bed87aab0856
    http://security.ubuntu.com/ubuntu/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu1.1_i386.deb
      Size/MD5:    73006 e091f44791a81cb0006de499f9c8c6d8

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu1.1_lpia.deb
      Size/MD5:   326676 fada9260676efa608819f89056ecba4e
    http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu1.1_lpia.deb
      Size/MD5:   195524 09cab783834300ce75dd766ec66d65b2
    http://ports.ubuntu.com/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu1.1_lpia.deb
      Size/MD5:    73054 fb525e51642b7884b0b442e40978613e

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu1.1_powerpc.deb
      Size/MD5:   362950 920b7886bc0a847cfb6d3bcd0e7863a7
    http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu1.1_powerpc.deb
      Size/MD5:   214130 c6519b329e02e78b556220f49943892a
    http://ports.ubuntu.com/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu1.1_powerpc.deb
      Size/MD5:    79716 c1f778e7d070917ca90e444417faadf1

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu1.1_sparc.deb
      Size/MD5:   343614 ada56da81ff52d2e75d8a4c5da00e125
    http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu1.1_sparc.deb
      Size/MD5:   207166 f8486ee41baeb2d611eaf71d94b4aa35
    http://ports.ubuntu.com/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu1.1_sparc.deb
      Size/MD5:    74360 e88f167db87963c3121b26bbbbc99150



Download attachment "signature.asc" of type "application/pgp-signature" (198 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ