drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Pufferüberlauf in libsndfile
Name: |
Pufferüberlauf in libsndfile |
|
ID: |
USN-5409-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 16.04 ESM |
|
Datum: |
Di, 10. Mai 2022, 22:22 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4156 |
|
Applikationen: |
libsndfile |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============4014476786345777663== Content-Language: en-US Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------BEd2VNssDgycCVkQ2zF7C6Bt"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------BEd2VNssDgycCVkQ2zF7C6Bt Content-Type: multipart/mixed; boundary="------------pPYtdfCSQpZA0EvPiUZQgN9D"; protected-headers="v1" From: Camila Camargo de Matos <camila.camargodematos@canonical.com> Reply-To: security@ubuntu.com To: ubuntu-security-announce@lists.ubuntu.com Message-ID: <1cff262f-c6fd-3b3a-cc34-a6d29d6a4e27@canonical.com> Subject: [USN-5409-1] libsndfile vulnerability
--------------pPYtdfCSQpZA0EvPiUZQgN9D Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64
========================================================================== Ubuntu Security Notice USN-5409-1 May 10, 2022
libsndfile vulnerability ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM
Summary:
libsndfile could be made to crash or expose sensitive information if it received specially crafted input.
Software Description: - libsndfile: Library for reading/writing audio files
Details:
It was discovered that libsndfile was incorrectly performing memory management operations and incorrectly using buffers when executing its FLAC codec. If a user or automated system were tricked into processing a specially crafted sound file, an attacker could possibly use this issue to cause a denial of service or obtain sensitive information.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 ESM: libsndfile1 1.0.25-10ubuntu0.16.04.3+esm2 libsndfile1-dev 1.0.25-10ubuntu0.16.04.3+esm2 sndfile-programs 1.0.25-10ubuntu0.16.04.3+esm2
In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-5409-1 CVE-2021-4156
--------------pPYtdfCSQpZA0EvPiUZQgN9D--
--------------BEd2VNssDgycCVkQ2zF7C6Bt Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature"
-----BEGIN PGP SIGNATURE-----
wsB5BAABCAAjFiEEGq96SdAIJY1vInRLbzAtCH6LqTYFAmJ6wQUFAwAAAAAACgkQbzAtCH6LqTZo Xwf6Ai8MCSplqBTHjf6Kv7bBb20fzYEwTeVxyjQnwNQE+B/rVNWiQAHqb80QVEQIdJTYe0fJoWom V8djgQeAwT+2Q3lYYW0OcRLZbsE4PwkWjghyHn97mdJWg+ul8+bOT9TBgtPdl6e/Hb5PLGcJiCvU 5Wm1t1h8MF3Nq2CkkN+vlAnU8iQPiIfeQdEIn85aRNK8iWbtYYdMmc37K2FFckMczxTAmLe8g0mp Ii837lmZo1YFAPDKpTWI9rNbUKjmIW+j34QuaSgQfmZD79OXtEehp07fmo4EXRZlnvhq3TsCTStV HbHLRGCqNGeonc44PEZ9rGeRlyeEIgdfTaDNnm3t0A== =yBbG -----END PGP SIGNATURE-----
--------------BEd2VNssDgycCVkQ2zF7C6Bt--
--===============4014476786345777663== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
Cg==
--===============4014476786345777663==--
|
|
|
|