Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2019.0562
[DLA 1687-1] sox security update
25 February 2019
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: sox
Publisher: Debian
Operating System: Debian GNU/Linux 8
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Denial of Service -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2014-8145
Reference: ESB-2014.2513
Original Bulletin:
https://lists.debian.org/debian-lts-announce/2019/02/msg00034.html
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Package : sox
Version : 14.4.1-5+deb8u1
CVE ID : CVE-2014-8145
Debian Bug : 773720
Mike Salvatore discovered that the fixes for these heap-based buffer
overflows had not been properly applied in the Debian package.
For Debian 8 "Jessie", this problem has been fixed in version
14.4.1-5+deb8u1.
We recommend that you upgrade your sox packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAlxy9uQACgkQiNJCh6LY
mLGEiA/+PiAhtxro1VFF3IRpziLFa6ndQ2YgvCFhZStBiLZjmG/RG4NCOjWREQ7M
vp81eWwe8Vme4IgtYM+PNFlwzf5SlTYNviVA/XDkdFQl7PqOzPO+A1IEkC7E5fZn
HyaCQhzr1SZ+e666Az/5pHX+GNimorrON9wxJqt9Z7/qW97jWM75g8e7zY9rZByd
aQ357OP8njiS/iLedxaVHTR7KNYT61DVuH8qz4NZNjbomEmRGbzHpDNqqFnUoGrC
i+MuefKXBvbJ7zYsXC+hmUKq7VqzG4OO3yZ7C6igvnPyxt3yIZ3Kfg/vfhP6UUuh
ydhPfjAKtpSQ4WvQ/GvFMXIdnw194ax+BopF0nDQhdNPk+UFvPAHgXmK45x5Kg9O
CbVFHtIaIrt8gcppYDtLu5l2C0HaiD5gHj8SD1ZhVOXWMFXvBbAmBVQ71jM6jrjw
u8VLlFRWfFRRvwKcb55EacsmCtgdDGtxHQDc9XP3nrBHfYuZXsg4mOYHDNrVpwxn
3MvCGZH0iRPCzux9/I4yM7ymF8dFNtG+Gzak6j7ekxPV9ENOMuU/nlwdZfhc3kD9
t+8BcsHnVDZk9LGXiszyrPdHRX9Jkfbx+hvP+MTSnH6s2rcyuVmPBv1s44k/aG3a
JJtKdUVMPR0WDA8kvDJCKCgzVNmgOPEu5h9dhcfCiFemfLvGTpQ=
=XFuK
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXHN5YWaOgq3Tt24GAQgs+w/+Je29VfFMjS1cyceczonpJSAHz9iC+iLC
d2YSbAnSx2wKplCF1uUIQnUHEQ8sERtPAGGPyxCwaF+grpmX5Fa5HUbvVUSpGgX8
SHqZtIU3U1UkUQvZKg6wjoh8YKycRZBWXdzGjwaZsuKM6R1rXhvDrM/EeXfIjnE0
FOWjCAF/kNuziBFS/ytPedUNpZLgF63IyImez5TrZn0w4sqRTtM2gfzcHj6vrwuM
8dB5cEdY8+6G+/a1f9ToD+ciKQI6LhOng1339yz82/XaYSxPiFkB0S65s//DXu2Q
bXOPsYR9XrClNz0wA93wijN0/S1MiiQLpEOmrD1UfEAATUNekmyJC9lXhgNR7SAw
JBsdsEQ74V13x2TLNJexqdSUhyq0XFNAfFzH8J2E+oD1CaL9iSc81gfVDt2Tg+uG
MYyAUEW01S1s/6ikcByPbEd3LuMTGz6vJaTlEr/1YSAgB32Bm1lGCoryFRxPvaUz
BHVZ4pSDi63cnRRHVr/h+tdDpd0XM+FX5GVJKBGL1v3Oi/zUFsK0V8Rcag+Y7cvb
sN8sEqcS3W/HvdCj+/JGhAEUXmX5U4pDfMtf1ttaw6IDAHmiMe5NtVqyHuZNLbIs
2MbxMK2r79IgoBRobxaKM1aAifL0r4sI5pqrJJer9YeEZVEklMReEHUsW0kHMHKl
UkFdZcaqwzA=
=g2Pd
-----END PGP SIGNATURE-----