USN-912-1: Audio File Library vulnerability

Ubuntu Security Notice USN-912-1

16th March, 2010

audiofile vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 9.10
  • Ubuntu 9.04
  • Ubuntu 8.10
  • Ubuntu 8.04 LTS
  • Ubuntu 6.06 LTS

Software description

  • audiofile

Details

It was discovered that Audio File Library contained a heap-based buffer
overflow. If a user or automated system processed a crafted WAV file, an
attacker could cause a denial of service via application crash, or possibly
execute arbitrary code with the privileges of the user invoking the
program. The default compiler options for Ubuntu should reduce this
vulnerability to a denial of service.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 9.10:
libaudiofile0 0.2.6-7ubuntu2.1
Ubuntu 9.04:
libaudiofile0 0.2.6-7ubuntu1.9.04.1
Ubuntu 8.10:
libaudiofile0 0.2.6-7ubuntu1.8.10.1
Ubuntu 8.04 LTS:
libaudiofile0 0.2.6-7ubuntu1.8.04.1
Ubuntu 6.06 LTS:
libaudiofile0 0.2.6-6ubuntu1.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system upgrade is sufficient to effect the
necessary changes.

References

CVE-2008-5824