This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============0550386172299853364== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="e4kvg5Xxrqhac464r5k9crQ7AJQCu43XI"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --e4kvg5Xxrqhac464r5k9crQ7AJQCu43XI Content-Type: multipart/mixed; boundary="s3cTxX5L382su7N1kGHGw64AnKV2AdEJB" From: Marc Deslauriers <marc.deslauriers@canonical.com> Reply-To: Ubuntu Security <security@ubuntu.com> To: ubuntu-security-announce@lists.ubuntu.com Message-ID: <634fc9d8-2dc5-03bc-0268-ceeda80cf424@canonical.com> Subject: [USN-3241-1] audiofile vulnerabilities
--s3cTxX5L382su7N1kGHGw64AnKV2AdEJB Content-Type: text/plain; charset=utf- Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-3241-1 March 22, 2017
audiofile vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS - Ubuntu 12.04 LTS
Summary:
audiofile could be made to crash or run programs if it opened a specially crafted file.
Software Description: - audiofile: Open-source version of the SGI audiofile library
Details:
Agostino Sarubbo discovered that audiofile incorrectly handled certain malformed audio files. If a user or automated system were tricked into processing a specially crafted audio file, a remote attacker could cause applications linked against audiofile to crash, leading to a denial of service, or possibly execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 LTS: libaudiofile1 0.3.6-2ubuntu0.14.04.2
Ubuntu 12.04 LTS: libaudiofile1 0.3.3-2ubuntu0.3
In general, a standard system update will make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-3241-1 CVE-2017-6827, CVE-2017-6828, CVE-2017-6829, CVE-2017-6830, CVE-2017-6831, CVE-2017-6832, CVE-2017-6833, CVE-2017-6834, CVE-2017-6835, CVE-2017-6836, CVE-2017-6837, CVE-2017-6838, CVE-2017-6839
Package Information: https://launchpad.net/ubuntu/+source/audiofile/0.3.6-2ubuntu0.14.04.2 https://launchpad.net/ubuntu/+source/audiofile/0.3.3-2ubuntu0.3
--s3cTxX5L382su7N1kGHGw64AnKV2AdEJB--
--e4kvg5Xxrqhac464r5k9crQ7AJQCu43XI Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2
iQIcBAEBCgAGBQJY0qFhAAoJEGVp2FWnRL6TKU4P/1cUcLsbtbaQ64Mvu0HexoIx lmIwiZXXOqeJikeXWzYjnKbMWP/EttFkhdG/W+v6r/ccvfnpZWjBGsE1HTbPC4Az M3L0FoD+RnSRcEff9rKz2t2pfV8KpDqwoBpwfbKLcDq/eEKFLXwK3T0pQnggIEiz C9M82pVsJc89fG1QO0hVYo7mUUqpoGHVvwR44muKaQfxV1VOukDyWn92xOPCfIFS j2EU46y7+RnjuEjJ+gs5XO6l9ufFQjAk/TmC5IDTBAjwU5IVKuB8yxefzeIdvT+W ADT1H+aaofAFuxVkfPZ52ZLX971Acb3hK2kMyY5y6fj4WiFys2C8QLdiruG6BEGv EuaZaq9OBYtrNaIlfl0BgC7PpOAEW+3IxJp0emhyijP5Y0j6fmI4QYmUCnSHXoWT E+NFiupbnbiQh4+oMWl7IPotauGkhPkGeAHKjtJNYjLEM1D3fxREK/nHk5PYtBoA r05H2MQ/0ua2XGBWlrDkALAUKQkKpraNDsZ6S/Mjc+hJ+htMxM+Jc344hkrEOLPL zOoZgE7MhH7MFdF+1ucbIf+gwg4vJIzotn62mGQF4k3/4CZUjom+tIp+ZRRfJZme 2AIDyUaObPMVerLom7A8oGBzKnDgTZ9v4ZEuasnTT7R2d2uvHM8YjxDi54Axoe9X QysBMq0iJSzUEvKCSEpi =5qWx -----END PGP SIGNATURE-----
--e4kvg5Xxrqhac464r5k9crQ7AJQCu43XI--
--===============0550386172299853364== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============0550386172299853364==--
|