==========================================================================
Ubuntu Security Notice USN-4079-1
July 30, 2019

sox vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 16.04 LTS

Summary:

SoX could be made to crash if it received a specially crafted MP3 file.

Software Description:
– sox: Swiss army knife of sound processing

Details:

It was discovered that SoX incorrectly handled certain MP3 files. An attacker
could possibly use this issue to cause a denial of service. (CVE-2019-8354,
CVE-2019-8355, CVE-2019-8356, CVE-2019-8357)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
libsox2 14.4.1-5+deb8u4ubuntu0.1
sox 14.4.1-5+deb8u4ubuntu0.1

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4079-1
CVE-2019-8354, CVE-2019-8355, CVE-2019-8356, CVE-2019-8357

Package Information:
https://launchpad.net/ubuntu/+source/sox/14.4.1-5+deb8u4ubuntu0.1
—–BEGIN PGP SIGNATURE—–

iQIzBAABCgAdFiEECtyyz6azUy6AZBzSkGeI6zGnN/8FAl1Ar78ACgkQkGeI6zGn
N/9pBQ/8CQ0UTf4A77W0BObfxT4kJlTYEr+wcnQVs41qhcObeFhQ3h2eJ66tIIyp
9PQp+a4xqVeqEfhmiYi5L9mvINuIwLNcHrHRYFROiDaGzYOZrTU+Aq5KbsmbYyUP
Vu7vwzubun/hq8n3Rzlbnk1j4CG/T54CTk6RzcsMwmC0TbX/lPkMIGMsTybKvgdL
DJ6QeASR0AmhHy+3xfXLiLJO/Z3M0ZYaJmIUAV0jcQdz4TARO++HcU1gS99BOpFd
myXwe+QLWGNGMFki8yLudNpeeVFQuQdBnRSBtiaJLrQ0tiSu8VB5as60rFGFpbek
Ob1guNsoFoCdUXgX/B+E3fBun2fQSOC+q/dwxa7c1SC2IloE92M6FuwOYkLsZiTY
UArC7kMeh9izLobP21346eImjbIJOWkmrPZ4uGwtyZE6pLJYz+XyiwkxHIc8z176
vCIJIzphuJ0+YztKBnIlSXf24Y1V30WNxPZ7dxHIkbs5CImMEu1X00Qk+yWCGWGg
bwKfl8ciTM5CYnwj8ks03XUddHNLCGlzjfVpwjC3WpZzIo6nDbQbdD2v6YaAGV/x
Op+1dv7uIwhn7uUmoIln3T3UsXe2oCNB9dGbi/JtuJ9PZcSfc8HR+G/cp70HVrgN
aLZ6Zwb6bufnhApfvPozgFYBLTUjbkfQJlVJ3Rfajy13R9Wcrlk=
=JuEn
—–END PGP SIGNATURE—–
—