Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in SoX
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in SoX
ID: USN-4079-1
Distribution: Ubuntu
Plattformen: Ubuntu 16.04 LTS
Datum: Mi, 31. Juli 2019, 00:04
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8356
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8354
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8355
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8357
Applikationen: Sox

Originalnachricht


--===============5483915568313692768==
Content-Type: multipart/signed; micalg="pgp-sha512";
protocol="application/pgp-signature";
boundary="=-cbTnHfHvv6XBmLq0EowI"


--=-cbTnHfHvv6XBmLq0EowI
Content-Type: text/plain; charset="UTF-8
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-4079-1
July 30, 2019

sox vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS

Summary:

SoX could be made to crash if it received a specially crafted MP3 file.

Software Description:
- sox: Swiss army knife of sound processing

Details:

It was discovered that SoX incorrectly handled certain MP3 files. An attacker
could possibly use this issue to cause a denial of service. (CVE-2019-8354,
CVE-2019-8355, CVE-2019-8356, CVE-2019-8357)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
libsox2 14.4.1-5+deb8u4ubuntu0.1
sox 14.4.1-5+deb8u4ubuntu0.1

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4079-1
CVE-2019-8354, CVE-2019-8355, CVE-2019-8356, CVE-2019-8357

Package Information:
https://launchpad.net/ubuntu/+source/sox/14.4.1-5+deb8u4ubuntu0.1

--=-cbTnHfHvv6XBmLq0EowI
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEECtyyz6azUy6AZBzSkGeI6zGnN/8FAl1Ar78ACgkQkGeI6zGn
N/9pBQ/8CQ0UTf4A77W0BObfxT4kJlTYEr+wcnQVs41qhcObeFhQ3h2eJ66tIIyp
9PQp+a4xqVeqEfhmiYi5L9mvINuIwLNcHrHRYFROiDaGzYOZrTU+Aq5KbsmbYyUP
Vu7vwzubun/hq8n3Rzlbnk1j4CG/T54CTk6RzcsMwmC0TbX/lPkMIGMsTybKvgdL
DJ6QeASR0AmhHy+3xfXLiLJO/Z3M0ZYaJmIUAV0jcQdz4TARO++HcU1gS99BOpFd
myXwe+QLWGNGMFki8yLudNpeeVFQuQdBnRSBtiaJLrQ0tiSu8VB5as60rFGFpbek
Ob1guNsoFoCdUXgX/B+E3fBun2fQSOC+q/dwxa7c1SC2IloE92M6FuwOYkLsZiTY
UArC7kMeh9izLobP21346eImjbIJOWkmrPZ4uGwtyZE6pLJYz+XyiwkxHIc8z176
vCIJIzphuJ0+YztKBnIlSXf24Y1V30WNxPZ7dxHIkbs5CImMEu1X00Qk+yWCGWGg
bwKfl8ciTM5CYnwj8ks03XUddHNLCGlzjfVpwjC3WpZzIo6nDbQbdD2v6YaAGV/x
Op+1dv7uIwhn7uUmoIln3T3UsXe2oCNB9dGbi/JtuJ9PZcSfc8HR+G/cp70HVrgN
aLZ6Zwb6bufnhApfvPozgFYBLTUjbkfQJlVJ3Rfajy13R9Wcrlk=
=JuEn
-----END PGP SIGNATURE-----

--=-cbTnHfHvv6XBmLq0EowI--



--===============5483915568313692768==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5
LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl
IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj
dXJpdHktYW5ub3VuY2UK

--===============5483915568313692768==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung