[USN-749-1] libsndfile vulnerability
Subject: [USN-749-1] libsndfile vulnerability
From: Marc Deslauriers <marc.deslauriers@canonical.com.>
Reply-To: Ubuntu Security <security@ubuntu.com.>
To: [email protected]
Cc: [email protected], [email protected]
X-Original-To: [email protected]
X-Mailcontrol-Inbound:
uq3drnD2P+ps5SfEb0fvr78+NoP1DHBZwGqKpaXB2eTgNv8D6KLIxb8+NoP1DHBZ8VSaBg0k0xw=
X-Spam-Score: -14.1
X-Scanned-By: MailControl A_08_51_00 (www.mailcontrol.com) on 10.69.0.171
Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="=-fLf7T6R9o1+FeiOxQ0Oa"
Date: Mon, 30 Mar 2009 14:28:13 -0400
Message-Id: <1238437693.5654.91.camel@mdlinux.technorage.com.>
Mime-Version: 1.0
X-Mailer: Evolution 2.26.0
X-Virus-Scanned: antivirus-gw at tyumen.ru
--=-fLf7T6R9o1+FeiOxQ0Oa
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D
Ubuntu Security Notice USN-749-1 March 30, 2009
libsndfile vulnerability
CVE-2009-0186
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 7.10
Ubuntu 8.04 LTS
Ubuntu 8.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
libsndfile1 1.0.12-3ubuntu1.1
Ubuntu 7.10:
libsndfile1 1.0.17-4ubuntu0.7.10.1
Ubuntu 8.04 LTS:
libsndfile1 1.0.17-4ubuntu0.8.04.1
Ubuntu 8.10:
libsndfile1 1.0.17-4ubuntu0.8.10.1
After a standard system upgrade you need to restart your session to effect
the necessary changes.
Details follow:
It was discovered that libsndfile did not correctly handle description
chunks in CAF audio files. If a user or automated system were tricked into
opening a specially crafted CAF audio file, an attacker could execute
arbitrary code with the privileges of the user invoking the program.
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile_=
1.0.12-3ubuntu1.1.diff.gz
Size/MD5: 5749 89e5a304266bb6a29a47e1b9ebae31a8
http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile_=
1.0.12-3ubuntu1.1.dsc
Size/MD5: 651 2fbd2934afd83f1c3ab6b4258a269881
http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile_=
1.0.12.orig.tar.gz
Size/MD5: 798471 03718b7b225b298f41c19620b8906108
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1=
-dev_1.0.12-3ubuntu1.1_amd64.deb
Size/MD5: 308302 74265d5248f39ad6d8c97576067c30ca
http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1=
_1.0.12-3ubuntu1.1_amd64.deb
Size/MD5: 179406 0014dc31d5b53d643c2ecbce36b4b5c3
http://security.ubuntu.com/ubuntu/pool/universe/libs/libsndfile/sndfile=
-programs_1.0.12-3ubuntu1.1_amd64.deb
Size/MD5: 63950 609ed2d20822109f2d6d0098d7618ddb
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1=
-dev_1.0.12-3ubuntu1.1_i386.deb
Size/MD5: 300372 2874cf5301cb2e076337bd9e5f2f0302
http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1=
_1.0.12-3ubuntu1.1_i386.deb
Size/MD5: 182560 61b33c31ed3f4838ae43deb2285af54c
http://security.ubuntu.com/ubuntu/pool/universe/libs/libsndfile/sndfile=
-programs_1.0.12-3ubuntu1.1_i386.deb
Size/MD5: 63840 02c9da91983dd14f3e7112f1a454482d
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1=
-dev_1.0.12-3ubuntu1.1_powerpc.deb
Size/MD5: 331956 fc4744c453f92382096fe1095637a0a9
http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1=
_1.0.12-3ubuntu1.1_powerpc.deb
Size/MD5: 196006 a7bfb57e3aa4e304607bd362e90d2654
http://security.ubuntu.com/ubuntu/pool/universe/libs/libsndfile/sndfile=
-programs_1.0.12-3ubuntu1.1_powerpc.deb
Size/MD5: 69426 8130044b011566cde96f8e1bd9885f26
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1=
-dev_1.0.12-3ubuntu1.1_sparc.deb
Size/MD5: 323784 a28aa32c141e121b7df3640da3a458c5
http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1=
_1.0.12-3ubuntu1.1_sparc.deb
Size/MD5: 197884 565658beff769c2fdaa3c2da2b43cc68
http://security.ubuntu.com/ubuntu/pool/universe/libs/libsndfile/sndfile=
-programs_1.0.12-3ubuntu1.1_sparc.deb
Size/MD5: 64316 084607cd611593dd47a92d1dacc4e564
Updated packages for Ubuntu 7.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile_=
1.0.17-4ubuntu0.7.10.1.diff.gz
Size/MD5: 10204 26d89a562b90f5148023bacd3ce51e65
http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile_=
1.0.17-4ubuntu0.7.10.1.dsc
Size/MD5: 824 40af011aba04502d6c67851224a60d7b
http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile_=
1.0.17.orig.tar.gz
Size/MD5: 819456 2d126c35448503f6dbe33934d9581f6b
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1=
-dev_1.0.17-4ubuntu0.7.10.1_amd64.deb
Size/MD5: 334950 4f76034f136dc4c5fcbb9e70bd4f6c14
http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1=
_1.0.17-4ubuntu0.7.10.1_amd64.deb
Size/MD5: 190798 78f8525d14ea7d3029515ed3366b736b
http://security.ubuntu.com/ubuntu/pool/universe/libs/libsndfile/sndfile=
-programs_1.0.17-4ubuntu0.7.10.1_amd64.deb
Size/MD5: 73042 5e32ad10957a80656227990cf62ba58c
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1=
-dev_1.0.17-4ubuntu0.7.10.1_i386.deb
Size/MD5: 326206 773cd34c6c7aa9763077dc89234c3807
http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1=
_1.0.17-4ubuntu0.7.10.1_i386.deb
Size/MD5: 198010 646b1a82e269a0b540cc21836299228d
http://security.ubuntu.com/ubuntu/pool/universe/libs/libsndfile/sndfile=
-programs_1.0.17-4ubuntu0.7.10.1_i386.deb
Size/MD5: 73082 bfcacb225ef0a20eb0ba0552d43d4395
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1-dev_1.0.1=
7-4ubuntu0.7.10.1_lpia.deb
Size/MD5: 324588 198d74f38c0bfb834c530a949233b291
http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1_1.0.17-4u=
buntu0.7.10.1_lpia.deb
Size/MD5: 195562 08820d83bc9ab34c75d1af411a19ad8e
http://ports.ubuntu.com/pool/universe/libs/libsndfile/sndfile-programs_=
1.0.17-4ubuntu0.7.10.1_lpia.deb
Size/MD5: 73190 47df865379c3e4c77c95f74d149cacc4
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1=
-dev_1.0.17-4ubuntu0.7.10.1_powerpc.deb
Size/MD5: 359880 ab2f98bff652541c4779958fe6b8d888
http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1=
_1.0.17-4ubuntu0.7.10.1_powerpc.deb
Size/MD5: 212254 693582ab87c124aafcfdc75a72d4900d
http://security.ubuntu.com/ubuntu/pool/universe/libs/libsndfile/sndfile=
-programs_1.0.17-4ubuntu0.7.10.1_powerpc.deb
Size/MD5: 81016 fef73edefd3d195f91b6b773c5e98a98
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1=
-dev_1.0.17-4ubuntu0.7.10.1_sparc.deb
Size/MD5: 347748 389eaee81f55ae9e4cbf57c824fad9f4
http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1=
_1.0.17-4ubuntu0.7.10.1_sparc.deb
Size/MD5: 211030 c6bc38a625257f23c8d89d23d198c08a
http://security.ubuntu.com/ubuntu/pool/universe/libs/libsndfile/sndfile=
-programs_1.0.17-4ubuntu0.7.10.1_sparc.deb
Size/MD5: 73704 4f97ea9fb3655bdfce7b9b612dc9845b
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile_=
1.0.17-4ubuntu0.8.04.1.diff.gz
Size/MD5: 10204 6bc4313cdd84ecfaab4e9bd6ef8a5512
http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile_=
1.0.17-4ubuntu0.8.04.1.dsc
Size/MD5: 824 15f0740faee7bcdcdcb5cc18b0baa3e4
http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile_=
1.0.17.orig.tar.gz
Size/MD5: 819456 2d126c35448503f6dbe33934d9581f6b
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1=
-dev_1.0.17-4ubuntu0.8.04.1_amd64.deb
Size/MD5: 332910 ec4134faee04f9f0837aaf5f6e7328b7
http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1=
_1.0.17-4ubuntu0.8.04.1_amd64.deb
Size/MD5: 191128 63640e6095d6795c24fb9d548d3a9233
http://security.ubuntu.com/ubuntu/pool/universe/libs/libsndfile/sndfile=
-programs_1.0.17-4ubuntu0.8.04.1_amd64.deb
Size/MD5: 72998 e5154c7ff1d17d55c553cc91e72f53e3
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1=
-dev_1.0.17-4ubuntu0.8.04.1_i386.deb
Size/MD5: 324578 4c4c3cf62645e7fbb62f932690f0e6b1
http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1=
_1.0.17-4ubuntu0.8.04.1_i386.deb
Size/MD5: 198012 fa6255c0e74d83fb002a20a6cea1e745
http://security.ubuntu.com/ubuntu/pool/universe/libs/libsndfile/sndfile=
-programs_1.0.17-4ubuntu0.8.04.1_i386.deb
Size/MD5: 73060 a596fb7e520ce178c9cc57a44350a5d2
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1-dev_1.0.1=
7-4ubuntu0.8.04.1_lpia.deb
Size/MD5: 324316 c508aee72883b91502473eb449a17ebe
http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1_1.0.17-4u=
buntu0.8.04.1_lpia.deb
Size/MD5: 195434 4ba5a1a36a0b0165c6d371e4b4d7f16b
http://ports.ubuntu.com/pool/universe/libs/libsndfile/sndfile-programs_=
1.0.17-4ubuntu0.8.04.1_lpia.deb
Size/MD5: 73174 ac440be0fce23a2c4bbdc65da2594cc3
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1-dev_1.0.1=
7-4ubuntu0.8.04.1_powerpc.deb
Size/MD5: 358328 ccaef905c034bc0180cd6f788e3e51fe
http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1_1.0.17-4u=
buntu0.8.04.1_powerpc.deb
Size/MD5: 211176 d956eabc911e7a762820b5425f93b778
http://ports.ubuntu.com/pool/universe/libs/libsndfile/sndfile-programs_=
1.0.17-4ubuntu0.8.04.1_powerpc.deb
Size/MD5: 81256 27d20c9322c5a173fa6e081bd25fdfbd
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1-dev_1.0.1=
7-4ubuntu0.8.04.1_sparc.deb
Size/MD5: 344700 0db66235d1da30b20d6b8442e9dda4d0
http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1_1.0.17-4u=
buntu0.8.04.1_sparc.deb
Size/MD5: 207526 bdd10965df1be4733c0836a0ebe0f2d7
http://ports.ubuntu.com/pool/universe/libs/libsndfile/sndfile-programs_=
1.0.17-4ubuntu0.8.04.1_sparc.deb
Size/MD5: 73724 66075286b40045b01d12bbfd8ff1d159
Updated packages for Ubuntu 8.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile_=
1.0.17-4ubuntu0.8.10.1.diff.gz
Size/MD5: 10163 7a97269e0d3539e3ba97a0d2180d548f
http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile_=
1.0.17-4ubuntu0.8.10.1.dsc
Size/MD5: 1246 0a4610351cb26ef8a6fe9928f79a47fe
http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile_=
1.0.17.orig.tar.gz
Size/MD5: 819456 2d126c35448503f6dbe33934d9581f6b
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1=
-dev_1.0.17-4ubuntu0.8.10.1_amd64.deb
Size/MD5: 333414 f2c8be1a441fc05417d7565f9263f7f8
http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1=
_1.0.17-4ubuntu0.8.10.1_amd64.deb
Size/MD5: 191790 5f07d746d33ddc7b6c54e624bafb9b20
http://security.ubuntu.com/ubuntu/pool/universe/libs/libsndfile/sndfile=
-programs_1.0.17-4ubuntu0.8.10.1_amd64.deb
Size/MD5: 73206 bfff044c1433b601043dfaa4dbd32a2e
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1=
-dev_1.0.17-4ubuntu0.8.10.1_i386.deb
Size/MD5: 325804 44a34d93aa28c3e81549dc9405e6997f
http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1=
_1.0.17-4ubuntu0.8.10.1_i386.deb
Size/MD5: 197810 bd5ad51ab6b31d917b016a6097857b95
http://security.ubuntu.com/ubuntu/pool/universe/libs/libsndfile/sndfile=
-programs_1.0.17-4ubuntu0.8.10.1_i386.deb
Size/MD5: 72856 1001a6456c39d93805f9fb2eebb7f728
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1-dev_1.0.1=
7-4ubuntu0.8.10.1_lpia.deb
Size/MD5: 326384 00fa39d8d58a742ee4a79afdb7f843b7
http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1_1.0.17-4u=
buntu0.8.10.1_lpia.deb
Size/MD5: 195390 46c9f63cc2f1b251e53cd070a8cc6947
http://ports.ubuntu.com/pool/universe/libs/libsndfile/sndfile-programs_=
1.0.17-4ubuntu0.8.10.1_lpia.deb
Size/MD5: 72898 8a17cd0af180290cfd476b39f262c822
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1-dev_1.0.1=
7-4ubuntu0.8.10.1_powerpc.deb
Size/MD5: 362670 bd7517006ec2c4707b1bf42ccc47a9ba
http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1_1.0.17-4u=
buntu0.8.10.1_powerpc.deb
Size/MD5: 213816 bc209aacd8644b4259569f9ae1d15720
http://ports.ubuntu.com/pool/universe/libs/libsndfile/sndfile-programs_=
1.0.17-4ubuntu0.8.10.1_powerpc.deb
Size/MD5: 79556 9f2fbdebf0f4c9920c425d65982b09cc
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1-dev_1.0.1=
7-4ubuntu0.8.10.1_sparc.deb
Size/MD5: 343436 da15fe706c292c838f772c52ff8273ed
http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1_1.0.17-4u=
buntu0.8.10.1_sparc.deb
Size/MD5: 207042 8eb0c549c8d02a9ab0c699b385422237
http://ports.ubuntu.com/pool/universe/libs/libsndfile/sndfile-programs_=
1.0.17-4ubuntu0.8.10.1_sparc.deb
Size/MD5: 74180 87379dae900f75991d796ea8d6fcd841
--=-fLf7T6R9o1+FeiOxQ0Oa
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEABECAAYFAknRDzoACgkQLMAs/0C4zNptAQCfRUFLBqD4Rs/hKMOkS1LsZYyi
wGoAnjW46gdlbnLaTwJY59uSr79VwYMH
=hYTe
-----END PGP SIGNATURE-----
--=-fLf7T6R9o1+FeiOxQ0Oa--