Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2019.1911 [DLA 1808-1] sox security update 29 May 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: sox Publisher: Debian Operating System: Debian GNU/Linux 8 UNIX variants (UNIX, Linux, OSX) Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Denial of Service -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2019-8357 CVE-2019-8356 CVE-2019-8355 CVE-2019-8354 Original Bulletin: https://lists.debian.org/debian-lts-announce/2019/05/msg00040.html Comment: This advisory references vulnerabilities in products which run on platforms other than Debian. It is recommended that administrators running sox check for an updated version of the software for their operating system. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : sox Version : 14.4.1-5+deb8u4 CVE ID : CVE-2019-8354 CVE-2019-8355 CVE-2019-8356 CVE-2019-8357 Debian Bug : 927906 Several issues were found in SoX, the Swiss army knife of sound processing programs, that could lead to denial of service via application crash or potentially to arbitrary code execution by processing maliciously crafted input files. For Debian 8 "Jessie", these problems have been fixed in version 14.4.1-5+deb8u4. We recommend that you upgrade your sox packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAlzs4iIACgkQnUbEiOQ2 gwIfsRAApZUUeMcVgDham5qEE5ra79rcBSrdJvbaYrEgllnOTgC675kJu9p4R4vb Tlp8vZv7MJadz/C5vdlNhIW70bnHOXua6P3sdbXf7rEAYWWguJZumChvFORm0Z10 Viiy+0vL1eo73LHQ6Hj2ThrjUyuXGGLd9JrAEHdyug+WwMiDciBsfgWlg+3s3iI0 nxDvJpXn1NpmSll/TN2GhEr6fAeF/PfemdTgV7L3Og3HtDqtZMM79z1hm1uWsSzd U7M37Vh8vKxGEEvZ0EtOsuoRwRCCpZEUtESWysntu9jlTXBFlhCsLSZkAWZyAFoM RWOT2CzZYPdz/kg1XBvCLiKEF+YpEpVfh0j1+Ky7glJSrnK1U2Hj0VoSaHazzVv5 IwI1/vRCK72yiJFcW9fQjuy+ArCvXiJI1ep2vYpi6VB/XHjezdFmk0QheWXusW+Q EfFGsQ2mDYVoZslaSgWiXVPuhjrQitrgkuolwBN6QNIs0QYGmkKmoV5jwGkw+zXj lomCBxQiInoHHs6CGK5QapJ77X5mMQf3au/PHNN6K33wJvMfQCkjZ3Ik0VNUf/r4 ZdnyMmytc+Okxy54WaX/5B3dQaYRk1uQy++zilmqEdNC841fOVlky6KC0zyoK8fT U0bnsER4fZqfxNfIsKL9tvRHomCP5QSJM4fPQ2OjS2EFve0hknU= =+Sew - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXO211GaOgq3Tt24GAQixERAAz539IwnS4SIrO3+0lOwql7DmIG/ydpvN I8WR5XsF9ugsYPF+c2EQtH3j/GrfYp9vFKsfixFQfOg1CLLjdHB1U/RKZe2EF7n3 1khxJvI66/ZQmMbTvt4RExIBi4NW6PYIAW0C1OxOvawpD+H9GCxxv55qsQj6YASJ 5VONDlXOs0otxoZyZhobiEs6XkD7REBlDDTu9+bXheN9f3SxorKH04rNaTzcAeF2 8IlsXe16d+E498o882Un2KUgVeUCO30W7ja+THmMWr7lYVexJd3VfVxnIXFYCApE 6GeLwpJj3zVfi6iT+CiTHJbLOHS8cTcy911RzOEbWggr3naYfqr54z00GQxIOGca tZDXvjDU5y7A8b/mZo14Mj4GFoJpACXy+tidB4zcOEwjbjauCIFXIDC+MNwvc5p1 t648n0w3dAryexHMpnKejfQwwpXM+EopCYS1dkqvqQO3tGkhlC1nFf7SAN2yg6JG jEUJizESXaRgOaQX90k4+qqMS3Nzogjq2h2Ux0ilL3ePbYW/KvOyMZu8ECj/FMxC +SrV5vmPBkffuRR44Wqr4SE9M+65zC/7IcnQytFN+9v+Qb+6y1ir/KtX0VlxUJRZ VwRrOIqRLZWaq8wVEYuLc5BP9cwHfEavI2fsHg3PWD2PHxoL7R+3ib2QrDw70v6Q Yb0bkhnRnOg= =Ze4T -----END PGP SIGNATURE-----