drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Pufferüberlauf in libsndfile
| Name: |
Pufferüberlauf in libsndfile |
|
| ID: |
USN-5409-1 |
|
| Distribution: |
Ubuntu |
|
| Plattformen: |
Ubuntu 16.04 ESM |
|
| Datum: |
Di, 10. Mai 2022, 22:22 |
|
| Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4156 |
|
| Applikationen: |
libsndfile |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============4014476786345777663==
Content-Language: en-US
Content-Type: multipart/signed; micalg=pgp-sha256;
protocol="application/pgp-signature";
boundary="------------BEd2VNssDgycCVkQ2zF7C6Bt"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--------------BEd2VNssDgycCVkQ2zF7C6Bt
Content-Type: multipart/mixed;
boundary="------------pPYtdfCSQpZA0EvPiUZQgN9D";
protected-headers="v1"
From: Camila Camargo de Matos <camila.camargodematos@canonical.com>
Reply-To: security@ubuntu.com
To: ubuntu-security-announce@lists.ubuntu.com
Message-ID: <1cff262f-c6fd-3b3a-cc34-a6d29d6a4e27@canonical.com>
Subject: [USN-5409-1] libsndfile vulnerability
--------------pPYtdfCSQpZA0EvPiUZQgN9D
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: base64
==========================================================================
Ubuntu Security Notice USN-5409-1
May 10, 2022
libsndfile vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM
Summary:
libsndfile could be made to crash or expose sensitive information
if it received specially crafted input.
Software Description:
- libsndfile: Library for reading/writing audio files
Details:
It was discovered that libsndfile was incorrectly performing memory
management operations and incorrectly using buffers when executing
its FLAC codec. If a user or automated system were tricked into
processing a specially crafted sound file, an attacker could
possibly use this issue to cause a denial of service or obtain
sensitive information.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 ESM:
libsndfile1 1.0.25-10ubuntu0.16.04.3+esm2
libsndfile1-dev 1.0.25-10ubuntu0.16.04.3+esm2
sndfile-programs 1.0.25-10ubuntu0.16.04.3+esm2
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5409-1
CVE-2021-4156
--------------pPYtdfCSQpZA0EvPiUZQgN9D--
--------------BEd2VNssDgycCVkQ2zF7C6Bt
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature"
-----BEGIN PGP SIGNATURE-----
wsB5BAABCAAjFiEEGq96SdAIJY1vInRLbzAtCH6LqTYFAmJ6wQUFAwAAAAAACgkQbzAtCH6LqTZo
Xwf6Ai8MCSplqBTHjf6Kv7bBb20fzYEwTeVxyjQnwNQE+B/rVNWiQAHqb80QVEQIdJTYe0fJoWom
V8djgQeAwT+2Q3lYYW0OcRLZbsE4PwkWjghyHn97mdJWg+ul8+bOT9TBgtPdl6e/Hb5PLGcJiCvU
5Wm1t1h8MF3Nq2CkkN+vlAnU8iQPiIfeQdEIn85aRNK8iWbtYYdMmc37K2FFckMczxTAmLe8g0mp
Ii837lmZo1YFAPDKpTWI9rNbUKjmIW+j34QuaSgQfmZD79OXtEehp07fmo4EXRZlnvhq3TsCTStV
HbHLRGCqNGeonc44PEZ9rGeRlyeEIgdfTaDNnm3t0A==
=yBbG
-----END PGP SIGNATURE-----
--------------BEd2VNssDgycCVkQ2zF7C6Bt--
--===============4014476786345777663==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline
Cg==
--===============4014476786345777663==--
|
|
|
|
