lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <1238437693.5654.91.camel@mdlinux.technorage.com>
Date: Mon, 30 Mar 2009 14:28:13 -0400
From: Marc Deslauriers <marc.deslauriers@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-749-1] libsndfile vulnerability

===========================================================
Ubuntu Security Notice USN-749-1             March 30, 2009
libsndfile vulnerability
CVE-2009-0186
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 7.10
Ubuntu 8.04 LTS
Ubuntu 8.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  libsndfile1                     1.0.12-3ubuntu1.1

Ubuntu 7.10:
  libsndfile1                     1.0.17-4ubuntu0.7.10.1

Ubuntu 8.04 LTS:
  libsndfile1                     1.0.17-4ubuntu0.8.04.1

Ubuntu 8.10:
  libsndfile1                     1.0.17-4ubuntu0.8.10.1

After a standard system upgrade you need to restart your session to effect
the necessary changes.

Details follow:

It was discovered that libsndfile did not correctly handle description
chunks in CAF audio files. If a user or automated system were tricked into
opening a specially crafted CAF audio file, an attacker could execute
arbitrary code with the privileges of the user invoking the program.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile_1.0.12-3ubuntu1.1.diff.gz
      Size/MD5:     5749 89e5a304266bb6a29a47e1b9ebae31a8
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile_1.0.12-3ubuntu1.1.dsc
      Size/MD5:      651 2fbd2934afd83f1c3ab6b4258a269881
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile_1.0.12.orig.tar.gz
      Size/MD5:   798471 03718b7b225b298f41c19620b8906108

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1-dev_1.0.12-3ubuntu1.1_amd64.deb
      Size/MD5:   308302 74265d5248f39ad6d8c97576067c30ca
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1_1.0.12-3ubuntu1.1_amd64.deb
      Size/MD5:   179406 0014dc31d5b53d643c2ecbce36b4b5c3
    http://security.ubuntu.com/ubuntu/pool/universe/libs/libsndfile/sndfile-programs_1.0.12-3ubuntu1.1_amd64.deb
      Size/MD5:    63950 609ed2d20822109f2d6d0098d7618ddb

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1-dev_1.0.12-3ubuntu1.1_i386.deb
      Size/MD5:   300372 2874cf5301cb2e076337bd9e5f2f0302
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1_1.0.12-3ubuntu1.1_i386.deb
      Size/MD5:   182560 61b33c31ed3f4838ae43deb2285af54c
    http://security.ubuntu.com/ubuntu/pool/universe/libs/libsndfile/sndfile-programs_1.0.12-3ubuntu1.1_i386.deb
      Size/MD5:    63840 02c9da91983dd14f3e7112f1a454482d

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1-dev_1.0.12-3ubuntu1.1_powerpc.deb
      Size/MD5:   331956 fc4744c453f92382096fe1095637a0a9
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1_1.0.12-3ubuntu1.1_powerpc.deb
      Size/MD5:   196006 a7bfb57e3aa4e304607bd362e90d2654
    http://security.ubuntu.com/ubuntu/pool/universe/libs/libsndfile/sndfile-programs_1.0.12-3ubuntu1.1_powerpc.deb
      Size/MD5:    69426 8130044b011566cde96f8e1bd9885f26

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1-dev_1.0.12-3ubuntu1.1_sparc.deb
      Size/MD5:   323784 a28aa32c141e121b7df3640da3a458c5
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1_1.0.12-3ubuntu1.1_sparc.deb
      Size/MD5:   197884 565658beff769c2fdaa3c2da2b43cc68
    http://security.ubuntu.com/ubuntu/pool/universe/libs/libsndfile/sndfile-programs_1.0.12-3ubuntu1.1_sparc.deb
      Size/MD5:    64316 084607cd611593dd47a92d1dacc4e564

Updated packages for Ubuntu 7.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile_1.0.17-4ubuntu0.7.10.1.diff.gz
      Size/MD5:    10204 26d89a562b90f5148023bacd3ce51e65
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile_1.0.17-4ubuntu0.7.10.1.dsc
      Size/MD5:      824 40af011aba04502d6c67851224a60d7b
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile_1.0.17.orig.tar.gz
      Size/MD5:   819456 2d126c35448503f6dbe33934d9581f6b

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu0.7.10.1_amd64.deb
      Size/MD5:   334950 4f76034f136dc4c5fcbb9e70bd4f6c14
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu0.7.10.1_amd64.deb
      Size/MD5:   190798 78f8525d14ea7d3029515ed3366b736b
    http://security.ubuntu.com/ubuntu/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu0.7.10.1_amd64.deb
      Size/MD5:    73042 5e32ad10957a80656227990cf62ba58c

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu0.7.10.1_i386.deb
      Size/MD5:   326206 773cd34c6c7aa9763077dc89234c3807
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu0.7.10.1_i386.deb
      Size/MD5:   198010 646b1a82e269a0b540cc21836299228d
    http://security.ubuntu.com/ubuntu/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu0.7.10.1_i386.deb
      Size/MD5:    73082 bfcacb225ef0a20eb0ba0552d43d4395

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu0.7.10.1_lpia.deb
      Size/MD5:   324588 198d74f38c0bfb834c530a949233b291
    http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu0.7.10.1_lpia.deb
      Size/MD5:   195562 08820d83bc9ab34c75d1af411a19ad8e
    http://ports.ubuntu.com/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu0.7.10.1_lpia.deb
      Size/MD5:    73190 47df865379c3e4c77c95f74d149cacc4

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu0.7.10.1_powerpc.deb
      Size/MD5:   359880 ab2f98bff652541c4779958fe6b8d888
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu0.7.10.1_powerpc.deb
      Size/MD5:   212254 693582ab87c124aafcfdc75a72d4900d
    http://security.ubuntu.com/ubuntu/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu0.7.10.1_powerpc.deb
      Size/MD5:    81016 fef73edefd3d195f91b6b773c5e98a98

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu0.7.10.1_sparc.deb
      Size/MD5:   347748 389eaee81f55ae9e4cbf57c824fad9f4
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu0.7.10.1_sparc.deb
      Size/MD5:   211030 c6bc38a625257f23c8d89d23d198c08a
    http://security.ubuntu.com/ubuntu/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu0.7.10.1_sparc.deb
      Size/MD5:    73704 4f97ea9fb3655bdfce7b9b612dc9845b

Updated packages for Ubuntu 8.04 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile_1.0.17-4ubuntu0.8.04.1.diff.gz
      Size/MD5:    10204 6bc4313cdd84ecfaab4e9bd6ef8a5512
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile_1.0.17-4ubuntu0.8.04.1.dsc
      Size/MD5:      824 15f0740faee7bcdcdcb5cc18b0baa3e4
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile_1.0.17.orig.tar.gz
      Size/MD5:   819456 2d126c35448503f6dbe33934d9581f6b

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu0.8.04.1_amd64.deb
      Size/MD5:   332910 ec4134faee04f9f0837aaf5f6e7328b7
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu0.8.04.1_amd64.deb
      Size/MD5:   191128 63640e6095d6795c24fb9d548d3a9233
    http://security.ubuntu.com/ubuntu/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu0.8.04.1_amd64.deb
      Size/MD5:    72998 e5154c7ff1d17d55c553cc91e72f53e3

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu0.8.04.1_i386.deb
      Size/MD5:   324578 4c4c3cf62645e7fbb62f932690f0e6b1
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu0.8.04.1_i386.deb
      Size/MD5:   198012 fa6255c0e74d83fb002a20a6cea1e745
    http://security.ubuntu.com/ubuntu/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu0.8.04.1_i386.deb
      Size/MD5:    73060 a596fb7e520ce178c9cc57a44350a5d2

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu0.8.04.1_lpia.deb
      Size/MD5:   324316 c508aee72883b91502473eb449a17ebe
    http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu0.8.04.1_lpia.deb
      Size/MD5:   195434 4ba5a1a36a0b0165c6d371e4b4d7f16b
    http://ports.ubuntu.com/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu0.8.04.1_lpia.deb
      Size/MD5:    73174 ac440be0fce23a2c4bbdc65da2594cc3

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu0.8.04.1_powerpc.deb
      Size/MD5:   358328 ccaef905c034bc0180cd6f788e3e51fe
    http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu0.8.04.1_powerpc.deb
      Size/MD5:   211176 d956eabc911e7a762820b5425f93b778
    http://ports.ubuntu.com/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu0.8.04.1_powerpc.deb
      Size/MD5:    81256 27d20c9322c5a173fa6e081bd25fdfbd

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu0.8.04.1_sparc.deb
      Size/MD5:   344700 0db66235d1da30b20d6b8442e9dda4d0
    http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu0.8.04.1_sparc.deb
      Size/MD5:   207526 bdd10965df1be4733c0836a0ebe0f2d7
    http://ports.ubuntu.com/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu0.8.04.1_sparc.deb
      Size/MD5:    73724 66075286b40045b01d12bbfd8ff1d159

Updated packages for Ubuntu 8.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile_1.0.17-4ubuntu0.8.10.1.diff.gz
      Size/MD5:    10163 7a97269e0d3539e3ba97a0d2180d548f
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile_1.0.17-4ubuntu0.8.10.1.dsc
      Size/MD5:     1246 0a4610351cb26ef8a6fe9928f79a47fe
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile_1.0.17.orig.tar.gz
      Size/MD5:   819456 2d126c35448503f6dbe33934d9581f6b

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu0.8.10.1_amd64.deb
      Size/MD5:   333414 f2c8be1a441fc05417d7565f9263f7f8
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu0.8.10.1_amd64.deb
      Size/MD5:   191790 5f07d746d33ddc7b6c54e624bafb9b20
    http://security.ubuntu.com/ubuntu/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu0.8.10.1_amd64.deb
      Size/MD5:    73206 bfff044c1433b601043dfaa4dbd32a2e

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu0.8.10.1_i386.deb
      Size/MD5:   325804 44a34d93aa28c3e81549dc9405e6997f
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu0.8.10.1_i386.deb
      Size/MD5:   197810 bd5ad51ab6b31d917b016a6097857b95
    http://security.ubuntu.com/ubuntu/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu0.8.10.1_i386.deb
      Size/MD5:    72856 1001a6456c39d93805f9fb2eebb7f728

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu0.8.10.1_lpia.deb
      Size/MD5:   326384 00fa39d8d58a742ee4a79afdb7f843b7
    http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu0.8.10.1_lpia.deb
      Size/MD5:   195390 46c9f63cc2f1b251e53cd070a8cc6947
    http://ports.ubuntu.com/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu0.8.10.1_lpia.deb
      Size/MD5:    72898 8a17cd0af180290cfd476b39f262c822

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu0.8.10.1_powerpc.deb
      Size/MD5:   362670 bd7517006ec2c4707b1bf42ccc47a9ba
    http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu0.8.10.1_powerpc.deb
      Size/MD5:   213816 bc209aacd8644b4259569f9ae1d15720
    http://ports.ubuntu.com/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu0.8.10.1_powerpc.deb
      Size/MD5:    79556 9f2fbdebf0f4c9920c425d65982b09cc

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu0.8.10.1_sparc.deb
      Size/MD5:   343436 da15fe706c292c838f772c52ff8273ed
    http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu0.8.10.1_sparc.deb
      Size/MD5:   207042 8eb0c549c8d02a9ab0c699b385422237
    http://ports.ubuntu.com/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu0.8.10.1_sparc.deb
      Size/MD5:    74180 87379dae900f75991d796ea8d6fcd841



Download attachment "signature.asc" of type "application/pgp-signature" (198 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ