View Full Version : USN-525-1: libsndfile vulnerability

October 5th, 2007, 06:10 AM
Referenced CVEs:

================================================== ========= Ubuntu Security Notice USN-525-1 October 04, 2007 libsndfile vulnerability CVE-2007-4974 ================================================== ========= A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libsndfile1 1.0.12-3ubuntu1 Ubuntu 6.10: libsndfile1 1.0.16-1ubuntu0.6.10.1 Ubuntu 7.04: libsndfile1 1.0.16-1ubuntu0.7.04.1 After a standard system upgrade you need to restart your session to affect the necessary changes. Details follow: Robert Buchholz discovered that libsndfile did not correctly validate the size of its memory buffers. If a user were tricked into playing a specially crafted FLAC file, a remote attacker could execute arbitrary code with user privileges.

More... (http://www.ubuntu.com/usn/usn-525-1)