USN-4704-1: libsndfile vulnerabilities

Releases

• Ubuntu 16.04 ESM
• Ubuntu 14.04 ESM

Packages

• libsndfile - Library for reading/writing audio files

Details

It was discovered that libsndfile incorrectly handled certain malformed
files. A remote attacker could use this issue to cause libsndfile to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2017-12562)

It was discovered that libsndfile incorrectly handled certain malformed
files. A remote attacker could use this issue to cause libsndfile to
crash, resulting in a denial of service, or possibly execute arbitrary
code. This issue only affected Ubuntu 14.04 ESM. (CVE-2017-14245,
CVE-2017-14246, CVE-2017-14634, CVE-2017-16942, CVE-2017-6892,
CVE-2018-13139, CVE-2018-19432, CVE-2018-19661, CVE-2018-19662,
CVE-2018-19758, CVE-2019-3832)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04

• libsndfile1 - 1.0.25-10ubuntu0.16.04.3
• sndfile-programs - 1.0.25-10ubuntu0.16.04.3

Ubuntu 14.04

• libsndfile1 - 1.0.25-7ubuntu2.2+esm1
  Available with Ubuntu Pro
• sndfile-programs - 1.0.25-7ubuntu2.2+esm1
  Available with Ubuntu Pro

After a standard system update you need to restart your session to make all
the necessary changes.

References

• CVE-2017-12562
• CVE-2018-19758
• CVE-2018-19661
• CVE-2017-16942
• CVE-2017-6892
• CVE-2018-19432
• CVE-2018-19662
• CVE-2017-14246
• CVE-2017-14634
• CVE-2019-3832
• CVE-2018-13139
• CVE-2017-14245

Related notices

• USN-4013-1: sndfile-programs, libsndfile1, libsndfile, libsndfile1-dev