USN-849-1: libsndfile vulnerabilities  

Posted by Daniela Mehler

"Ubuntu Security Notice USN-849-1 October 15, 2009
libsndfile vulnerabilities
CVE-2009-1788, CVE-2009-1791
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
libsndfile1 1.0.17-4ubuntu0.8.04.2

Ubuntu 8.10:
libsndfile1 1.0.17-4ubuntu0.8.10.2

Ubuntu 9.04:
libsndfile1 1.0.17-4ubuntu1.1

After a standard system upgrade you need to restart your session to effect
the necessary changes.

Details follow:

Tobias Klein discovered a heap-based buffer overflow in libsndfile. If a
user or automated system processed a crafted VOC file, an attacker could
cause a denial of service via application crash, or possibly execute
arbitrary code with the privileges of the user invoking the program.
(CVE-2009-1788)

Erik de Castro Lopo discovered a similar heap-based buffer overflow when
processing AIFF files. If a user or automated system processed a crafted
AIFF file, an attacker could cause a denial of service via application
crash, or possibly execute arbitrary code with the privileges of the user
invoking the program. (CVE-2009-1791)


Updated packages for Ubuntu 8.04 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile_1.0.17-4ubuntu0.8.04.2.diff.gz
Size/MD5: 10982 155661fd8f753ba4f40339ce22653247
http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile_1.0.17-4ubuntu0.8.04.2.dsc
Size/MD5: 824 6a662dc8fc04a7155fa0d7618a1ad08a
http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile_1.0.17.orig.tar.gz
Size/MD5: 819456 2d126c35448503f6dbe33934d9581f6b

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu0.8.04.2_amd64.deb
Size/MD5: 333080 b04139894513c7f772d43e9faa9d5067
http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu0.8.04.2_amd64.deb
Size/MD5: 191356 fd8af059d7a228a774dfd3faa618c95b
http://security.ubuntu.com/ubuntu/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu0.8.04.2_amd64.deb
Size/MD5: 73174 f67ac788caaf442a70be9873e4fab279

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu0.8.04.2_i386.deb
Size/MD5: 324752 fb5068446e64c7ce2155e2f8876d0883
http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu0.8.04.2_i386.deb
Size/MD5: 198188 52fba9ba7cae8403dd1c89a22f959a46
http://security.ubuntu.com/ubuntu/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu0.8.04.2_i386.deb
Size/MD5: 73246 e0b79992b197d3f93dc8edde921a221d

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu0.8.04.2_lpia.deb
Size/MD5: 324684 439609dc430fd09076b62ea35e4f4464
http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu0.8.04.2_lpia.deb
Size/MD5: 195676 7918d6d6246b28e79bc1b9a092b45f1b
http://ports.ubuntu.com/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu0.8.04.2_lpia.deb
Size/MD5: 73358 ddcde3a1cd6b548a67cb96744a47a403

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu0.8.04.2_powerpc.deb
Size/MD5: 358530 e07d0e3e996daa11c87c2e47f7b16740
http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu0.8.04.2_powerpc.deb
Size/MD5: 211398 ef31fbb5159f8027f6aff3d3b631340a
http://ports.ubuntu.com/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu0.8.04.2_powerpc.deb
Size/MD5: 81430 79a0fe9fca817a1def72401f8d6fab27

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu0.8.04.2_sparc.deb
Size/MD5: 344850 c863297579ed7c75bcc45c530395def7
http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu0.8.04.2_sparc.deb
Size/MD5: 207728 ef30bf99c77a71e4cc5a3844e0ec57bf
http://ports.ubuntu.com/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu0.8.04.2_sparc.deb
Size/MD5: 73910 5a7debb649fc2a2cc2461ea127b6a6de

Updated packages for Ubuntu 8.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile_1.0.17-4ubuntu0.8.10.2.diff.gz
Size/MD5: 10907 575d2f2d12e8db8b2d975ad93af0ae7f
http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile_1.0.17-4ubuntu0.8.10.2.dsc
Size/MD5: 1246 1473cdcd71be22f356774c9b3af100ba
http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile_1.0.17.orig.tar.gz
Size/MD5: 819456 2d126c35448503f6dbe33934d9581f6b

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu0.8.10.2_amd64.deb
Size/MD5: 333584 4d05fd58323f63c0e1c90fbcf47e6461
http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu0.8.10.2_amd64.deb
Size/MD5: 191956 39c0e51aad0fdc21621b2fea5407e778
http://security.ubuntu.com/ubuntu/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu0.8.10.2_amd64.deb
Size/MD5: 73366 d6fc5435dc0e4ddc45bf36bd7dac711b

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu0.8.10.2_i386.deb
Size/MD5: 326114 112da713fedd65c179e034ad239fb03d
http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu0.8.10.2_i386.deb
Size/MD5: 198058 7caaf04a95079d7356f30e1c6fcb7932
http://security.ubuntu.com/ubuntu/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu0.8.10.2_i386.deb
Size/MD5: 73030 06201e76a7ffc1c35ccaea4dac5c8973

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu0.8.10.2_lpia.deb
Size/MD5: 326654 4f380598f5fcae42a281782145624e17
http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu0.8.10.2_lpia.deb
Size/MD5: 195562 a2463e000507c083fd5aca8045210fe0
http://ports.ubuntu.com/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu0.8.10.2_lpia.deb
Size/MD5: 73060 b20bd82c1445509d4e6ab3b0636afd0d

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu0.8.10.2_powerpc.deb
Size/MD5: 362952 30dda722711cf6930d2f112ac3ef2d3c
http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu0.8.10.2_powerpc.deb
Size/MD5: 213986 69ad9ce28a9b8aa7b2a9b9fc2c61a240
http://ports.ubuntu.com/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu0.8.10.2_powerpc.deb
Size/MD5: 79728 7b046cf7c7312783e48034b48bdcaff4

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu0.8.10.2_sparc.deb
Size/MD5: 343486 67a39e6143e1b33b3eecdb9aed2020ec
http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu0.8.10.2_sparc.deb
Size/MD5: 207084 77a3b68d322ee5857c6a0dcc57178773
http://ports.ubuntu.com/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu0.8.10.2_sparc.deb
Size/MD5: 74356 a3ecc688b185b368849bf284940a1111

Updated packages for Ubuntu 9.04:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile_1.0.17-4ubuntu1.1.diff.gz
Size/MD5: 10906 4d67346d4b234a24f1702db8416b659b
http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile_1.0.17-4ubuntu1.1.dsc
Size/MD5: 1226 66033b4a297da65c1eac8c3d6bc52d4d
http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile_1.0.17.orig.tar.gz
Size/MD5: 819456 2d126c35448503f6dbe33934d9581f6b

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu1.1_amd64.deb
Size/MD5: 333568 81effb867b06ff55d7f717b992bfa00a
http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu1.1_amd64.deb
Size/MD5: 191992 77e6b0cc7f4ec916aec7719804130db2
http://security.ubuntu.com/ubuntu/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu1.1_amd64.deb
Size/MD5: 73370 3ec22a3cdf1591946665c1845d1b23a4

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu1.1_i386.deb
Size/MD5: 326024 f902489ec7c868980fa19aa5bf67036c
http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu1.1_i386.deb
Size/MD5: 198042 f79fab4035ccb7c3a6c6bed87aab0856
http://security.ubuntu.com/ubuntu/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu1.1_i386.deb
Size/MD5: 73006 e091f44791a81cb0006de499f9c8c6d8

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu1.1_lpia.deb
Size/MD5: 326676 fada9260676efa608819f89056ecba4e
http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu1.1_lpia.deb
Size/MD5: 195524 09cab783834300ce75dd766ec66d65b2
http://ports.ubuntu.com/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu1.1_lpia.deb
Size/MD5: 73054 fb525e51642b7884b0b442e40978613e

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu1.1_powerpc.deb
Size/MD5: 362950 920b7886bc0a847cfb6d3bcd0e7863a7
http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu1.1_powerpc.deb
Size/MD5: 214130 c6519b329e02e78b556220f49943892a
http://ports.ubuntu.com/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu1.1_powerpc.deb
Size/MD5: 79716 c1f778e7d070917ca90e444417faadf1

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu1.1_sparc.deb
Size/MD5: 343614 ada56da81ff52d2e75d8a4c5da00e125
http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu1.1_sparc.deb
Size/MD5: 207166 f8486ee41baeb2d611eaf71d94b4aa35
http://ports.ubuntu.com/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu1.1_sparc.deb
Size/MD5: 74360 e88f167db87963c3121b26bbbbc99150



--oyUTqETQ0mS9luUI
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkrXonsACgkQW0JvuRdL8BpWKQCfS0iXL2krPkz9GhgMVArLbN/w
+H8An3+AhepEnoA/gU8VpzC+IdDLwDC0
=h0tO
-----END PGP SIGNATURE-----
"

Rihanna saved millions on new homeUSN-845-1: Pan vulnerability

This entry was posted on 2:33 PM .