LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: September 26th, 2014
Linux Security Week: September 22nd, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Ubuntu: libsndfile vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu It was discovered that libsndfile did not correctly handle description chunks in CAF audio files. If a user or automated system were tricked into opening a specially crafted CAF audio file, an attacker could execute arbitrary code with the privileges of the user invoking the program.
===========================================================
Ubuntu Security Notice USN-749-1             March 30, 2009
libsndfile vulnerability
CVE-2009-0186
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 7.10
Ubuntu 8.04 LTS
Ubuntu 8.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  libsndfile1                     1.0.12-3ubuntu1.1

Ubuntu 7.10:
  libsndfile1                     1.0.17-4ubuntu0.7.10.1

Ubuntu 8.04 LTS:
  libsndfile1                     1.0.17-4ubuntu0.8.04.1

Ubuntu 8.10:
  libsndfile1                     1.0.17-4ubuntu0.8.10.1

After a standard system upgrade you need to restart your session to effect
the necessary changes.

Details follow:

It was discovered that libsndfile did not correctly handle description
chunks in CAF audio files. If a user or automated system were tricked into
opening a specially crafted CAF audio file, an attacker could execute
arbitrary code with the privileges of the user invoking the program.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile_1.0.12-3ubuntu1.1.diff.gz
      Size/MD5:     5749 89e5a304266bb6a29a47e1b9ebae31a8
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile_1.0.12-3ubuntu1.1.dsc
      Size/MD5:      651 2fbd2934afd83f1c3ab6b4258a269881
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile_1.0.12.orig.tar.gz
      Size/MD5:   798471 03718b7b225b298f41c19620b8906108

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1-dev_1.0.12-3ubuntu1.1_amd64.deb
      Size/MD5:   308302 74265d5248f39ad6d8c97576067c30ca
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1_1.0.12-3ubuntu1.1_amd64.deb
      Size/MD5:   179406 0014dc31d5b53d643c2ecbce36b4b5c3
    http://security.ubuntu.com/ubuntu/pool/universe/libs/libsndfile/sndfile-programs_1.0.12-3ubuntu1.1_amd64.deb
      Size/MD5:    63950 609ed2d20822109f2d6d0098d7618ddb

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1-dev_1.0.12-3ubuntu1.1_i386.deb
      Size/MD5:   300372 2874cf5301cb2e076337bd9e5f2f0302
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1_1.0.12-3ubuntu1.1_i386.deb
      Size/MD5:   182560 61b33c31ed3f4838ae43deb2285af54c
    http://security.ubuntu.com/ubuntu/pool/universe/libs/libsndfile/sndfile-programs_1.0.12-3ubuntu1.1_i386.deb
      Size/MD5:    63840 02c9da91983dd14f3e7112f1a454482d

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1-dev_1.0.12-3ubuntu1.1_powerpc.deb
      Size/MD5:   331956 fc4744c453f92382096fe1095637a0a9
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1_1.0.12-3ubuntu1.1_powerpc.deb
      Size/MD5:   196006 a7bfb57e3aa4e304607bd362e90d2654
    http://security.ubuntu.com/ubuntu/pool/universe/libs/libsndfile/sndfile-programs_1.0.12-3ubuntu1.1_powerpc.deb
      Size/MD5:    69426 8130044b011566cde96f8e1bd9885f26

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1-dev_1.0.12-3ubuntu1.1_sparc.deb
      Size/MD5:   323784 a28aa32c141e121b7df3640da3a458c5
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1_1.0.12-3ubuntu1.1_sparc.deb
      Size/MD5:   197884 565658beff769c2fdaa3c2da2b43cc68
    http://security.ubuntu.com/ubuntu/pool/universe/libs/libsndfile/sndfile-programs_1.0.12-3ubuntu1.1_sparc.deb
      Size/MD5:    64316 084607cd611593dd47a92d1dacc4e564

Updated packages for Ubuntu 7.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile_1.0.17-4ubuntu0.7.10.1.diff.gz
      Size/MD5:    10204 26d89a562b90f5148023bacd3ce51e65
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile_1.0.17-4ubuntu0.7.10.1.dsc
      Size/MD5:      824 40af011aba04502d6c67851224a60d7b
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile_1.0.17.orig.tar.gz
      Size/MD5:   819456 2d126c35448503f6dbe33934d9581f6b

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu0.7.10.1_amd64.deb
      Size/MD5:   334950 4f76034f136dc4c5fcbb9e70bd4f6c14
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu0.7.10.1_amd64.deb
      Size/MD5:   190798 78f8525d14ea7d3029515ed3366b736b
    http://security.ubuntu.com/ubuntu/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu0.7.10.1_amd64.deb
      Size/MD5:    73042 5e32ad10957a80656227990cf62ba58c

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu0.7.10.1_i386.deb
      Size/MD5:   326206 773cd34c6c7aa9763077dc89234c3807
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu0.7.10.1_i386.deb
      Size/MD5:   198010 646b1a82e269a0b540cc21836299228d
    http://security.ubuntu.com/ubuntu/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu0.7.10.1_i386.deb
      Size/MD5:    73082 bfcacb225ef0a20eb0ba0552d43d4395

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu0.7.10.1_lpia.deb
      Size/MD5:   324588 198d74f38c0bfb834c530a949233b291
    http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu0.7.10.1_lpia.deb
      Size/MD5:   195562 08820d83bc9ab34c75d1af411a19ad8e
    http://ports.ubuntu.com/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu0.7.10.1_lpia.deb
      Size/MD5:    73190 47df865379c3e4c77c95f74d149cacc4

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu0.7.10.1_powerpc.deb
      Size/MD5:   359880 ab2f98bff652541c4779958fe6b8d888
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu0.7.10.1_powerpc.deb
      Size/MD5:   212254 693582ab87c124aafcfdc75a72d4900d
    http://security.ubuntu.com/ubuntu/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu0.7.10.1_powerpc.deb
      Size/MD5:    81016 fef73edefd3d195f91b6b773c5e98a98

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu0.7.10.1_sparc.deb
      Size/MD5:   347748 389eaee81f55ae9e4cbf57c824fad9f4
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu0.7.10.1_sparc.deb
      Size/MD5:   211030 c6bc38a625257f23c8d89d23d198c08a
    http://security.ubuntu.com/ubuntu/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu0.7.10.1_sparc.deb
      Size/MD5:    73704 4f97ea9fb3655bdfce7b9b612dc9845b

Updated packages for Ubuntu 8.04 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile_1.0.17-4ubuntu0.8.04.1.diff.gz
      Size/MD5:    10204 6bc4313cdd84ecfaab4e9bd6ef8a5512
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile_1.0.17-4ubuntu0.8.04.1.dsc
      Size/MD5:      824 15f0740faee7bcdcdcb5cc18b0baa3e4
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile_1.0.17.orig.tar.gz
      Size/MD5:   819456 2d126c35448503f6dbe33934d9581f6b

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu0.8.04.1_amd64.deb
      Size/MD5:   332910 ec4134faee04f9f0837aaf5f6e7328b7
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu0.8.04.1_amd64.deb
      Size/MD5:   191128 63640e6095d6795c24fb9d548d3a9233
    http://security.ubuntu.com/ubuntu/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu0.8.04.1_amd64.deb
      Size/MD5:    72998 e5154c7ff1d17d55c553cc91e72f53e3

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu0.8.04.1_i386.deb
      Size/MD5:   324578 4c4c3cf62645e7fbb62f932690f0e6b1
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu0.8.04.1_i386.deb
      Size/MD5:   198012 fa6255c0e74d83fb002a20a6cea1e745
    http://security.ubuntu.com/ubuntu/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu0.8.04.1_i386.deb
      Size/MD5:    73060 a596fb7e520ce178c9cc57a44350a5d2

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu0.8.04.1_lpia.deb
      Size/MD5:   324316 c508aee72883b91502473eb449a17ebe
    http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu0.8.04.1_lpia.deb
      Size/MD5:   195434 4ba5a1a36a0b0165c6d371e4b4d7f16b
    http://ports.ubuntu.com/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu0.8.04.1_lpia.deb
      Size/MD5:    73174 ac440be0fce23a2c4bbdc65da2594cc3

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu0.8.04.1_powerpc.deb
      Size/MD5:   358328 ccaef905c034bc0180cd6f788e3e51fe
    http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu0.8.04.1_powerpc.deb
      Size/MD5:   211176 d956eabc911e7a762820b5425f93b778
    http://ports.ubuntu.com/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu0.8.04.1_powerpc.deb
      Size/MD5:    81256 27d20c9322c5a173fa6e081bd25fdfbd

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu0.8.04.1_sparc.deb
      Size/MD5:   344700 0db66235d1da30b20d6b8442e9dda4d0
    http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu0.8.04.1_sparc.deb
      Size/MD5:   207526 bdd10965df1be4733c0836a0ebe0f2d7
    http://ports.ubuntu.com/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu0.8.04.1_sparc.deb
      Size/MD5:    73724 66075286b40045b01d12bbfd8ff1d159

Updated packages for Ubuntu 8.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile_1.0.17-4ubuntu0.8.10.1.diff.gz
      Size/MD5:    10163 7a97269e0d3539e3ba97a0d2180d548f
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile_1.0.17-4ubuntu0.8.10.1.dsc
      Size/MD5:     1246 0a4610351cb26ef8a6fe9928f79a47fe
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile_1.0.17.orig.tar.gz
      Size/MD5:   819456 2d126c35448503f6dbe33934d9581f6b

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu0.8.10.1_amd64.deb
      Size/MD5:   333414 f2c8be1a441fc05417d7565f9263f7f8
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu0.8.10.1_amd64.deb
      Size/MD5:   191790 5f07d746d33ddc7b6c54e624bafb9b20
    http://security.ubuntu.com/ubuntu/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu0.8.10.1_amd64.deb
      Size/MD5:    73206 bfff044c1433b601043dfaa4dbd32a2e

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu0.8.10.1_i386.deb
      Size/MD5:   325804 44a34d93aa28c3e81549dc9405e6997f
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu0.8.10.1_i386.deb
      Size/MD5:   197810 bd5ad51ab6b31d917b016a6097857b95
    http://security.ubuntu.com/ubuntu/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu0.8.10.1_i386.deb
      Size/MD5:    72856 1001a6456c39d93805f9fb2eebb7f728

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu0.8.10.1_lpia.deb
      Size/MD5:   326384 00fa39d8d58a742ee4a79afdb7f843b7
    http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu0.8.10.1_lpia.deb
      Size/MD5:   195390 46c9f63cc2f1b251e53cd070a8cc6947
    http://ports.ubuntu.com/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu0.8.10.1_lpia.deb
      Size/MD5:    72898 8a17cd0af180290cfd476b39f262c822

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu0.8.10.1_powerpc.deb
      Size/MD5:   362670 bd7517006ec2c4707b1bf42ccc47a9ba
    http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu0.8.10.1_powerpc.deb
      Size/MD5:   213816 bc209aacd8644b4259569f9ae1d15720
    http://ports.ubuntu.com/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu0.8.10.1_powerpc.deb
      Size/MD5:    79556 9f2fbdebf0f4c9920c425d65982b09cc

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu0.8.10.1_sparc.deb
      Size/MD5:   343436 da15fe706c292c838f772c52ff8273ed
    http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu0.8.10.1_sparc.deb
      Size/MD5:   207042 8eb0c549c8d02a9ab0c699b385422237
    http://ports.ubuntu.com/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu0.8.10.1_sparc.deb
      Size/MD5:    74180 87379dae900f75991d796ea8d6fcd841



--=-fLf7T6R9o1+FeiOxQ0Oa
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEABECAAYFAknRDzoACgkQLMAs/0C4zNptAQCfRUFLBqD4Rs/hKMOkS1LsZYyi
wGoAnjW46gdlbnLaTwJY59uSr79VwYMH
=hYTe
-----END PGP SIGNATURE-----

--=-fLf7T6R9o1+FeiOxQ0Oa--



--==============Y86839420155388381=Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--==============Y86839420155388381==--
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Shellshock makes Heartbleed look insignificant
Hacker Group Lizard Squad Takes Down Destiny, Call of Duty, FIFA And More
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.