USN-912-1: Audio File Library vulnerability

March 17th, 2010 • RelatedFiled Under
Referenced CVEs: 
CVE-2008-5824

Description: 
===========================================================
Ubuntu Security Notice USN-912-1 March 16, 2010
audiofile vulnerability
CVE-2008-5824
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04
Ubuntu 9.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
libaudiofile0 0.2.6-6ubuntu1.1

Ubuntu 8.04 LTS:
libaudiofile0 0.2.6-7ubuntu1.8.04.1

Ubuntu 8.10:
libaudiofile0 0.2.6-7ubuntu1.8.10.1

Ubuntu 9.04:
libaudiofile0 0.2.6-7ubuntu1.9.04.1

Ubuntu 9.10:
libaudiofile0 0.2.6-7ubuntu2.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

It was discovered that Audio File Library contained a heap-based buffer
overflow. If a user or automated system processed a crafted WAV file, an
attacker could cause a denial of service via application crash, or possibly
execute arbitrary code with the privileges of the user invoking the
program. The default compiler options for Ubuntu should reduce this
vulnerability to a denial of service.

Post a Response

You must be logged in to post a comment.