drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in libsndfile
| Name: |
Ausführen beliebiger Kommandos in libsndfile |
|
| ID: |
USN-1174-1 |
|
| Distribution: |
Ubuntu |
|
| Plattformen: |
Ubuntu 10.04 LTS, Ubuntu 10.10, Ubuntu 11.04 |
|
| Datum: |
Di, 26. Juli 2011, 12:43 |
|
| Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2696 |
|
| Applikationen: |
libsndfile |
|
Originalnachricht |
--===============1955783885359534347==
Content-Type: multipart/signed; micalg="pgp-sha512";
protocol="application/pgp-signature";
boundary="=-TQ/ns2Q/BPgPm8CQ9uLk"
--=-TQ/ns2Q/BPgPm8CQ9uLk
Content-Type: text/plain; charset="UTF-8
Content-Transfer-Encoding: quoted-printable
==========================================================================
Ubuntu Security Notice USN-1174-1
July 25, 2011
libsndfile vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.04
- Ubuntu 10.10
- Ubuntu 10.04 LTS
Summary:
An application using libsndfile could be made to crash or possibly run
programs as your login if it opened a specially crafted file.
Software Description:
- libsndfile: Library for reading/writing audio files
Details:
Hossein Lotfi discovered that libsndfile did not properly verify the header
length and number of channels for PARIS Audio Format (PAF) audio files. An
attacker could exploit this to cause a denial of service via application
crash, or possibly execute arbitrary code with the privileges of the user
invoking the program.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 11.04:
libsndfile1 1.0.23-1ubuntu0.1
Ubuntu 10.10:
libsndfile1 1.0.21-2ubuntu0.10.10.1
Ubuntu 10.04 LTS:
libsndfile1 1.0.21-2ubuntu0.10.04.1
After a standard system update you need to restart your login session to
make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1174-1
CVE-2011-2696
Package Information:
https://launchpad.net/ubuntu/+source/libsndfile/1.0.23-1ubuntu0.1
https://launchpad.net/ubuntu/+source/libsndfile/1.0.21-2ubuntu0.10.10.1
https://launchpad.net/ubuntu/+source/libsndfile/1.0.21-2ubuntu0.10.04.1
--ÝQ/ns2Q/BPgPm8CQ9uLk
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAABCgAGBQJOLijBAAoJEFHb3FjMVZVz5SAP/RFStbiZ5AadAbgIl34Uggxu
+wDjXipg7TmZrVyQC0GwDcs53/2s82MRzS9vSZexDGdu095JhcSEN86adN/Ur5BM
OepVV3SteJmSg/CRRqHEWE7VEBDS8cJfZ/WpTxC6atKaZ6CNx/ANH0sR6kSYAQPw
0kXDV0LmavKH4PCxjihJxINZrEioJkqp29cTwpbgcKvf94S9QeF0IavHhCsKzx4t
DTScr2ZrCdsQ7IRUHol/W27j4NatvH/+ox68OLqGU8Ik+Se8hhbZA7mA5JUyLx6J
t1reQGDCcSmx/zmMQ+bTrGnnnlDrLLOVVramCFEtRgnc/J2m/gingFaGRDq9Mhyw
Gx4M+greLPwUslgOl4Z6szSfH3Z4pGaFc9uYnkW+xrORZ0Zxu3hZ3pjZKhWWwcoN
xCwPHyuPYcuJO0gCcJJvIZr3PkVFl4RfxbMfJr6sP5A7q5jc/hVYq/QNkIFaNQ96
2csOGIG2cjQ6B0X0XAn8f8iozPW5rw3aYb1MBaI0f83LVkvD81OyuWU4eS5gJdnt
9RJKFx172fFBCkjuXVK95um34n9PsPB86/uCv1pootTxnWrUmUniD4yMQ8Xzsvz4
oLtj6qLN4VSXHP7xFw2amRz3sULz4sfMMXjlcP0EI9IEt4cx/jBQ2MHXQojnEzMa
vQcAQVV6vf2HDunK4AAs
=mwqj
-----END PGP SIGNATURE-----
--=-TQ/ns2Q/BPgPm8CQ9uLk--
--===============1955783885359534347==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============1955783885359534347==--
|
|
|
|
