==========================================================================
Ubuntu Security Notice USN-2832-1
December 07, 2015
libsndfile vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 15.10
– Ubuntu 15.04
– Ubuntu 14.04 LTS
– Ubuntu 12.04 LTS
Summary:
libsndfile could be made to crash or run programs as your login if it
opened a specially crafted file.
Software Description:
– libsndfile: Library for reading/writing audio files
Details:
It was discovered that libsndfile incorrectly handled memory when parsing
malformed files. A remote attacker could use this issue to cause
libsndfile to crash, resulting in a denial of service. This issue only
applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-9496)
Joshua Rogers discovered that libsndfile incorrectly handled division when
parsing malformed files. A remote attacker could use this issue to cause
libsndfile to crash, resulting in a denial of service. (CVE-2014-9756)
Marco Romano discovered that libsndfile incorrectly handled certain
malformed AIFF files. A remote attacker could use this issue to cause
libsndfile to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2015-7805)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 15.10:
libsndfile1 1.0.25-9.1ubuntu0.15.10.1
Ubuntu 15.04:
libsndfile1 1.0.25-9.1ubuntu0.15.04.1
Ubuntu 14.04 LTS:
libsndfile1 1.0.25-7ubuntu2.1
Ubuntu 12.04 LTS:
libsndfile1 1.0.25-4ubuntu0.1
After a standard system update you need to restart your session to make
all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2832-1
CVE-2014-9496, CVE-2014-9756, CVE-2015-7805
Package Information:
https://launchpad.net/ubuntu/+source/libsndfile/1.0.25-9.1ubuntu0.15.10.1
https://launchpad.net/ubuntu/+source/libsndfile/1.0.25-9.1ubuntu0.15.04.1
https://launchpad.net/ubuntu/+source/libsndfile/1.0.25-7ubuntu2.1
https://launchpad.net/ubuntu/+source/libsndfile/1.0.25-4ubuntu0.1
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2
iQIcBAEBCgAGBQJWZc7+AAoJEGVp2FWnRL6TgCcP/33GZv+GZbEeiteQLH5ebN+i
gbSEyJVPphEBiLVCDe4FRYqMn67kh0jKvbabzcHhjkCE+YB6TjphJ8uvyMUIa1CU
r+sZApG0jefrCWoUGW33aNwLsv4WViUrsSwf3/wwa+L/HTDXazKGwNWqtxy1keno
qTKtAl1kTtJweJ6Th9+vrOHLwxfNmBHymrB/7URFyGcxa6cKzRcyqofKHhyMuJGm
oZ3t2uyKe2cYXkqtXlaHO0iA7B5q/xMMXy96EEfZKK+ZvfMEIIfXB5O5S3w9LM4u
L0jJTmyNI/Icchh80HtIx9GOJHdgqnuOO9kzL2DMHQCkJ4/gNRG4m64SD0yfLT2x
5fN95bBE77NznVUfRNJGeBe3hJDEhTOcQm2IXrl3d8mrifOQrXdiQWlN6Yb+fnqC
LYpARhk16L8H99nSMtkmDnhtcmfVe+I2QQSMum2R7AcUXmsD7yGye/A0k5HhgZiG
mPBtG6t4u4lVD52ZqKEyYcb8J6cvQsvNVdlxGvRft0ESniKGjBiD5dwsSddzIgMe
+jl56qRHnkUJfefozoOIELZGqX798j6am+V5W3wv0dfbCvUVyyma5mrocC+hlgi4
YOZOeVhE+PnAdpFk5SzDdQam225gmBFZsdF6F0l+GIktNyU5jQ401/dJesNAN6h+
bKtx1Fh7CoTP/9QLAlIz
=c3Lu
—–END PGP SIGNATURE—–
—