Ubuntu Security Notice USN-525-1
4th October, 2007
libsndfile vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 7.04
- Ubuntu 6.10
- Ubuntu 6.06 LTS
Software description
- libsndfile
Details
Robert Buchholz discovered that libsndfile did not correctly validate the
size of its memory buffers. If a user were tricked into playing a specially
crafted FLAC file, a remote attacker could execute arbitrary code with user
privileges.
Update instructions
The problem can be corrected by updating your system to the following package version:
- Ubuntu 7.04:
- libsndfile1 1.0.16-1ubuntu0.7.04.1
- Ubuntu 6.10:
- libsndfile1 1.0.16-1ubuntu0.6.10.1
- Ubuntu 6.06 LTS:
- libsndfile1 1.0.12-3ubuntu1
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
After a standard system upgrade you need to restart your session to effect
the necessary changes.