Ubuntu Security Notice USN-849-1
15th October, 2009
libsndfile vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 9.04
- Ubuntu 8.10
- Ubuntu 8.04 LTS
Software description
- libsndfile
Details
Tobias Klein discovered a heap-based buffer overflow in libsndfile. If a
user or automated system processed a crafted VOC file, an attacker could
cause a denial of service via application crash, or possibly execute
arbitrary code with the privileges of the user invoking the program.
(CVE-2009-1788)
Erik de Castro Lopo discovered a similar heap-based buffer overflow when
processing AIFF files. If a user or automated system processed a crafted
AIFF file, an attacker could cause a denial of service via application
crash, or possibly execute arbitrary code with the privileges of the user
invoking the program. (CVE-2009-1791)
Update instructions
The problem can be corrected by updating your system to the following package version:
- Ubuntu 9.04:
- libsndfile1 1.0.17-4ubuntu1.1
- Ubuntu 8.10:
- libsndfile1 1.0.17-4ubuntu0.8.10.2
- Ubuntu 8.04 LTS:
- libsndfile1 1.0.17-4ubuntu0.8.04.2
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
After a standard system upgrade you need to restart your session to effect
the necessary changes.