Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.0290 USN-4704-1: libsndfile vulnerabilities 27 January 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: libsndfile Publisher: Ubuntu Operating System: Ubuntu Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Denial of Service -- Remote with User Interaction Access Confidential Data -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2019-3832 CVE-2018-19758 CVE-2018-19662 CVE-2018-19661 CVE-2018-19432 CVE-2018-13139 CVE-2017-16942 CVE-2017-14634 CVE-2017-14246 CVE-2017-14245 CVE-2017-12562 CVE-2017-6892 Reference: ESB-2020.3743 ESB-2020.1498 ESB-2019.2063 ESB-2019.0011 Original Bulletin: https://ubuntu.com/security/notices/USN-4704-1 - --------------------------BEGIN INCLUDED TEXT-------------------- USN-4704-1: libsndfile vulnerabilities 26 January 2021 Several security issues were fixed in libsndfile. Releases o Ubuntu 16.04 LTS o Ubuntu 14.04 ESM Packages o libsndfile - Library for reading/writing audio files Details It was discovered that libsndfile incorrectly handled certain malformed files. A remote attacker could use this issue to cause libsndfile to crash, resulting in a denial of service, or possibly execute arbitrary code. ( CVE-2017-12562 ) It was discovered that libsndfile incorrectly handled certain malformed files. A remote attacker could use this issue to cause libsndfile to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 ESM. ( CVE-2017-14245 , CVE-2017-14246 , CVE-2017-14634 , CVE-2017-16942 , CVE-2017-6892 , CVE-2018-13139 , CVE-2018-19432 , CVE-2018-19661 , CVE-2018-19662 , CVE-2018-19758 , CVE-2019-3832 ) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 o libsndfile1 - 1.0.25-10ubuntu0.16.04.3 o sndfile-programs - 1.0.25-10ubuntu0.16.04.3 Ubuntu 14.04 o libsndfile1 - 1.0.25-7ubuntu2.2+esm1 o sndfile-programs - 1.0.25-7ubuntu2.2+esm1 After a standard system update you need to restart your session to make all the necessary changes. References o CVE-2017-12562 o CVE-2018-19758 o CVE-2018-19661 o CVE-2017-16942 o CVE-2017-6892 o CVE-2018-19432 o CVE-2018-19662 o CVE-2017-14246 o CVE-2017-14634 o CVE-2019-3832 o CVE-2018-13139 o CVE-2017-14245 Related notices o USN-4013-1 : libsndfile1, libsndfile - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYBDG4+NLKJtyKPYoAQgW+w/+I2IiYocxrhruJo8qXGEs1L0TCAdtvgfK SI6EffCS3uQPt9Jjtz5xOfMFkWzDeoZDP9asLoK5uRFK3EhrTqbiTiIn4LOQn6F6 M11GAEQ9zl1265vl3MNZS43GZFrmUQAp7JU33xlfWoY4qKUiPqPOCgB8QqQXwZ6n fWOrFJ9rXTlC6nWYrmfH+1B6X0aDFip3avsHRXHCqeYrS3SHHrmvBFel0BeUUr5i 4N5wDMglCmEhYK8dr4VQrTmaXvzinYU38SkeLFKlKdRW7xvcVo6esqHa9Mz4e5eZ cZiLIDdSrvbBWVbqIg8PvJ64Dno+593r1/dXyqfrmPwwo3Zq6SW3V8HoCNbCkfQQ HZf6bqUdKosA5DXCF5knHtsv1S4eEAe0o88GojNLmnc6608LPfUnN8PVeIk6Y0B+ 3iT4/FTsXh1F2rmCxU8qz3K5f0kf3533G82mK24JVciLzx6ywGOft4gB75RxPICF JoPCtdAaAXjB09f2kOiYvxX0RbECg0sfvLFz5vKvc4FAQu1R102USkJ78LwkUK05 zTQZy3a5JsWsKtn90JWeN79KewqKRxHzFx2JfPPUqXPmDdwwfXR9y3SXXXEoBXeZ OSLjGRSuhcCcjy4TXleOkXbLU8VhGSlcQqaRpM8/Qjvvfcnincd2g3+2yF5i2cGc 98hzZ735ULc= =KACq -----END PGP SIGNATURE-----