==========================================================================
Ubuntu Security Notice USN-4641-1
November 23, 2020

libextractor vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in libextractor.

Software Description:
– libextractor: library used to extract metadata from files

Details:

It was discovered that Libextractor incorrectly handled zero sample rate.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2017-15266)

It was discovered that Libextractor incorrectly handled certain FLAC
metadata. An attacker could possibly use this issue to cause a denial of
service. (CVE-2017-15267)

It was discovered that Libextractor incorrectly handled certain specially
crafted files. An attacker could possibly use this issue to cause a denial
of service. (CVE-2017-15600, CVE-2018-16430, CVE-2018-20430)

It was discovered that Libextractor incorrectly handled certain inputs. An
attacker could possibly use this issue to cause a denial of service.
(CVE-2017-15601)

It was discovered that Libextractor incorrectly handled integers. An
attacker could possibly use this issue to cause a denial of service.
(CVE-2017-15602)

It was discovered that Libextractore incorrectly handled certain crafted
files. An attacker could possibly use this issue to cause a denial of
service. (CVE-2017-15922)

It was discovered tha Libextractor incorrectly handled certain files. An
attacker could possibly use this issue to cause a denial of service.
(CVE-2017-17440)

It was discovered that Libextractor incorrectly handled certain malformed
files. An attacker could possibly use this issue to cause a denial of
service. (CVE-2018-14346)

It was discovered that Libextractor incorrectly handled malformed files. An
attacker could possibly use this issue to cause a denial of service.
(CVE-2018-14347)

It was discovered that Libextractor incorrectly handled metadata. An
attacker could possibly use this issue to cause a denial of service.
(CVE-2018-20431)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
extract 1:1.3-4+deb9u3build0.16.04.1
libextractor-dev 1:1.3-4+deb9u3build0.16.04.1
libextractor3 1:1.3-4+deb9u3build0.16.04.1

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4641-1
CVE-2017-15266, CVE-2017-15267, CVE-2017-15600, CVE-2017-15601,
CVE-2017-15602, CVE-2017-15922, CVE-2017-17440, CVE-2018-14346,
CVE-2018-14347, CVE-2018-16430, CVE-2018-20430, CVE-2018-20431

Package Information:
https://launchpad.net/ubuntu/+source/libextractor/1:1.3-4+deb9u3build0.16.04.1

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEwZbe96kJeWh2OITRdyg1Qz0oXX0FAl+7+kIACgkQdyg1Qz0o
XX1NEw//b0KHm/HlUDXJtpXHUJPlgOn4Dnu1LGOB6+jUO6MH9jiWVwu2BpfL1aKX
KLheSMcRd88rePGgWXu//AG4fRyeSW/gc/JDq1H80rB/FlfjyZd3omwckppQQXhY
zk0SuQyqaC5VH+2sab7JHIgGcsc3h4SWiDcC1UzNUmWLw6DgAXPWJRHZQ8dhFsAB
cVuxwHWT7RJ9BYcJFCrcJ5SJDCQ5E2anImE45j/bsRzGkK2esE+BlA+lqbNj9xWV
cAd5G1h4t7ug2Fi7TzZFW/uuRptNH3FY/XMF77f210nNBFjqpRzqh8UdfUc4EifW
CQ6Gjs2LC1CmhaaDoHxge/dTkplxLGxeDC+HJxVlArIprX///ZzjQuOQQhnyMhR7
rNxd3+9BBAygLSOIv+uW8OER+21pjriHCCD0+V2DeB9EtC1+y+wWMoa3ibKGKd3F
NoX47GmYAcb9Ub8B1c2kj0yzdOavHvpoHmm9aE6TyIzCkAErS1PtBiwmjQO32k/d
Ue4R9rpK8F5CzFl7X4QsGD/34HsojzR0q3+7mdjMQBUXmRKuXXuEy8f6KxUzju1j
ccNsx6g4b5vYdZM9JxEziUITyyVuCv0jl64B8/TtLeBmqwTT5MOzg7ivaXcr/oK7
L1KflO4nN6+oYRYgbZ7kejBj/XtGhAZfNKSqMS26yTUcbrv56Hg=
=V7YF
—–END PGP SIGNATURE—–
—