Sicherheit: Mehrere Probleme in WavPack

Lesezeichen hinzufügen

--===============8433422933809411024==
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature";
boundary="OwLcNYc0lM97+oe1"
Content-Disposition: inline

--OwLcNYc0lM97+oe1
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

==========================================================================
Ubuntu Security Notice USN-4062-1
July 16, 2019

wavpack vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 19.04
- Ubuntu 18.04 LTS

Summary:

WavPack could be made to crash if it received a specially crafted WAV file.

Software Description:
- wavpack: audio codec (lossy and lossless) - encoder and decoder

Details:

Rohan Padhye discovered that WavPack incorrectly handled certain WAV files.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2019-1010315, CVE-2019-1010317, CVE-2019-1010318, CVE-2019-1010319)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.04:
libwavpack1 5.1.0-5ubuntu0.2
wavpack 5.1.0-5ubuntu0.2

Ubuntu 18.04 LTS:
libwavpack1 5.1.0-2ubuntu1.4
wavpack 5.1.0-2ubuntu1.4

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4062-1
CVE-2019-1010315, CVE-2019-1010317, CVE-2019-1010318, CVE-2019-1010319

Package Information:
https://launchpad.net/ubuntu/+source/wavpack/5.1.0-5ubuntu0.2
https://launchpad.net/ubuntu/+source/wavpack/5.1.0-2ubuntu1.4

--OwLcNYc0lM97+oe1
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJdLhqPAAoJEEW851uECx9p4rEQAJ1nK0H0//TgrFunFBK4r168
3+EAXitPIoK3TqX+/L5OPQVhMUeKFIunDQvtKC1wo7Px+Y8yS5vvuMsMOXPsMDSN
Qom0g/1sWvZh61VUlpidMNhZliHnzagfvW/+2fbk6YqfKQiCCdjbb61K6jF6o/DP
Diw5OkehPVIjSukmN4GgtkjR9PY3QcCUvJHpPNEB06+pTlidlD+fVQxi0o6s6ClY
tIv5OnWup67DHB81oNtQJwxqKNNJC4Ui38K3Y505dFX8783GGAAy0RvqAZ75Ol5k
l4D+ahVg83xExd59/QEzG7YqMce+DBergsBZqIUymWQpMHRxzg3E8F6BRb6dkG7R
WFyEk3EEViBgOubESEQWfU2wOMptnKi8w7CUUJA3CB4nMrvP2UTOIArH2pOsoJsk
+udPAd0aQpZrGxbhBKzGbwpEMw+BROKlfKtHxE+05ZiambSotVU1Fx0FoSS19DgH
/PubP1Zx8VKAxn+kM/geyz4BchcHDTG30g+ZLVVJzs7+q1Kzk3y8UVKP4BcqYSWu
4cREJfe/EvypO48JTpmn8b2DrqxVjYCxjrGMZp6hOJsJwfbY6C3MeS+d0zWTJZzM
+duwPGHkdcZiE4Od7KxaSplvKQxCOaoMVLeyRPOTuJhv7HnSfFfEjYNllxy0mU8J
nfZsNlj3AQKUpcSOl7iR
=T2UT
-----END PGP SIGNATURE-----

--OwLcNYc0lM97+oe1--

--===============8433422933809411024==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce