[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 956-1] libsndfile security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : libsndfile
Version        : 1.0.25-9.1+deb7u2
CVE ID         : CVE-2017-8361 CVE-2017-8362 CVE-2017-8363 CVE-2017-8365


CVE-2017-8361
     The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows
     remote attackers to cause a denial of service (buffer overflow and
     application crash) or possibly have unspecified other impact via a
     crafted audio file.

CVE-2017-8362
     The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows
     remote attackers to cause a denial of service (invalid read and
     application crash) via a crafted audio file.

CVE-2017-8363
     The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows
     remote attackers to cause a denial of service (heap-based buffer
     over-read and application crash) via a crafted audio file.

CVE-2017-8365
     The i2les_array function in pcm.c in libsndfile 1.0.28 allows
     remote attackers to cause a denial of service (buffer over-read
     and application crash) via a crafted audio file.


For Debian 7 "Wheezy", these problems have been fixed in version
1.0.25-9.1+deb7u2.

We recommend that you upgrade your libsndfile packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQJ8BAEBCgBmBQJZKsrhXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHuKwQAME38bKiLVnck6ku22U1463M
TkRUfgw687zd6G9Y0V47HT9K5fMKN7xrhkaBGeONhSC5Ou0CxerUS3TYj1xcAwXw
W3x6yGjmQxiduEYqMm++A/wIYCd+TZdEWOBC4ROQb+Enhbga2/0lyz4x34Uiq1sN
z6MacbIZWk2umRhf8JMhKDFaufFkivjFMnsFyWY2FsqraoKtXPi50mZQxZmXHRZP
cZQ7RYfbKdshj6kCDARs95Jje5uCqqNbNkXkErp8afaoW56CYWYyO3qMh3DudeKl
HzbqmaX3WaZgV7m4PuZ4n45oqfETH8WQKN9qnIc5UeGXKyN8jvydJ8zXmC8zPSeT
KlFNzwtU6YwZ/o4pjfA6yci8lchKCU/7vD8wOki1JMhCf7OGMrtF2HfawDudL98Z
Avy1GVvP9BdNS8FutYUoPqIDQvHviDGZaE++MdBu8JQMizenRcFXHMIDEuiy3LpY
bsqpFGDyTMeNHJPMiM02DNzzXDbCmBTAn/SWcKvU7b6UPXLcDlJFEL2Kb6sZi/3w
SVk57gOq4rse4A8IlpfFzc4ukR7LeCh4u5UEwKuI4cxbfBn+rRQqca74rpsd/UfI
gJCA0bkE3uPmj1cxSjscI5TaaAmheHKRvhcCeyKopDSsxesvE3cdLwN1M2tdnUd3
6YEcXudP/6j/FgveJpFm
=r6uZ
-----END PGP SIGNATURE-----


Reply to: