drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in libsndfile
Name: |
Ausführen beliebiger Kommandos in libsndfile |
|
ID: |
USN-1174-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 10.04 LTS, Ubuntu 10.10, Ubuntu 11.04 |
|
Datum: |
Di, 26. Juli 2011, 12:43 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2696 |
|
Applikationen: |
libsndfile |
|
Originalnachricht |
--===============1955783885359534347== Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-TQ/ns2Q/BPgPm8CQ9uLk"
--=-TQ/ns2Q/BPgPm8CQ9uLk Content-Type: text/plain; charset="UTF-8 Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-1174-1 July 25, 2011
libsndfile vulnerability ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.04 - Ubuntu 10.10 - Ubuntu 10.04 LTS
Summary:
An application using libsndfile could be made to crash or possibly run programs as your login if it opened a specially crafted file.
Software Description: - libsndfile: Library for reading/writing audio files
Details:
Hossein Lotfi discovered that libsndfile did not properly verify the header length and number of channels for PARIS Audio Format (PAF) audio files. An attacker could exploit this to cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 11.04: libsndfile1 1.0.23-1ubuntu0.1
Ubuntu 10.10: libsndfile1 1.0.21-2ubuntu0.10.10.1
Ubuntu 10.04 LTS: libsndfile1 1.0.21-2ubuntu0.10.04.1
After a standard system update you need to restart your login session to make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-1174-1 CVE-2011-2696
Package Information: https://launchpad.net/ubuntu/+source/libsndfile/1.0.23-1ubuntu0.1 https://launchpad.net/ubuntu/+source/libsndfile/1.0.21-2ubuntu0.10.10.1 https://launchpad.net/ubuntu/+source/libsndfile/1.0.21-2ubuntu0.10.04.1
--ÝQ/ns2Q/BPgPm8CQ9uLk Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAABCgAGBQJOLijBAAoJEFHb3FjMVZVz5SAP/RFStbiZ5AadAbgIl34Uggxu +wDjXipg7TmZrVyQC0GwDcs53/2s82MRzS9vSZexDGdu095JhcSEN86adN/Ur5BM OepVV3SteJmSg/CRRqHEWE7VEBDS8cJfZ/WpTxC6atKaZ6CNx/ANH0sR6kSYAQPw 0kXDV0LmavKH4PCxjihJxINZrEioJkqp29cTwpbgcKvf94S9QeF0IavHhCsKzx4t DTScr2ZrCdsQ7IRUHol/W27j4NatvH/+ox68OLqGU8Ik+Se8hhbZA7mA5JUyLx6J t1reQGDCcSmx/zmMQ+bTrGnnnlDrLLOVVramCFEtRgnc/J2m/gingFaGRDq9Mhyw Gx4M+greLPwUslgOl4Z6szSfH3Z4pGaFc9uYnkW+xrORZ0Zxu3hZ3pjZKhWWwcoN xCwPHyuPYcuJO0gCcJJvIZr3PkVFl4RfxbMfJr6sP5A7q5jc/hVYq/QNkIFaNQ96 2csOGIG2cjQ6B0X0XAn8f8iozPW5rw3aYb1MBaI0f83LVkvD81OyuWU4eS5gJdnt 9RJKFx172fFBCkjuXVK95um34n9PsPB86/uCv1pootTxnWrUmUniD4yMQ8Xzsvz4 oLtj6qLN4VSXHP7xFw2amRz3sULz4sfMMXjlcP0EI9IEt4cx/jBQ2MHXQojnEzMa vQcAQVV6vf2HDunK4AAs =mwqj -----END PGP SIGNATURE-----
--=-TQ/ns2Q/BPgPm8CQ9uLk--
--===============1955783885359534347== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============1955783885359534347==--
|
|
|
|