[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1049-1] libsndfile security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : libsndfile
Version        : 1.0.25-9.1+deb7u4
CVE ID         : CVE-2017-12562
Debian Bug     : #869166

It was discovered that there was a heap buffer overflow attack in libsndfile, a
library for reading/writing audio files. An attacker could cause a remote
denial of service attack by tricking the function into outputting a large
amount of data.

For Debian 7 "Wheezy", this issue has been fixed in libsndfile version
1.0.25-9.1+deb7u4.

We recommend that you upgrade your libsndfile packages.


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb, Debian Project Leader
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlmIXQYACgkQHpU+J9Qx
HljHoA/9GbDPSfYQdHt4ely6z6CwEwpM0giq+ixPecIlQxq9qVsPxBkbz2DEmEIT
K4ZqR5zCG8G8Scx+G4XBOv4pYe2rTDMV1OlVORSMd3Cg2QOpHXJU8xD3YB9cyLzq
TDJH3KdlBbdIxA8aWjZcsZ3ok+DF5WqOa57LXehNpXg0fg/aPqqG2YyzCqsPB10L
V6tsfAaIJZx9frKc5y0S6GvGZCVJVpl6ml8i/SyT5oS8HOVap8qVkHw2CgUZZCwq
Q2+fNsbPC1Lq2nsytG4qAsfcQmc/3jv3XeojVIyYOstMvmxcm1fB+Xu2SkF3JUIt
0XPi50Ach6gL2SGaRjm2KtY9rfoJqqzSkrHm8EYM3Upclg5AK0gnaLKLL7XmAQb+
jMmKOmVgY2/OPsJMMLyMKXdnAdiQfDRmQTF/WEZHPo8kKKDcVuYbHvI1nPZxRROd
JXQAsqLpoGjvvD0Po2z8O/1efTzWLEnSHOeNaTZtipqG/0EyPBb/6w0LNOyffj9x
SbhOIahM8TT2mZTvDGwMP+VMrH4GYBDyNw9Yee5OqvOn7vO7estoSKEBZQrgAtBR
WE3O68arn+hMPEEKHPV/GR/KjJR0Ep8P86EsqC/VjGkBb5RAENxttjhPsWrNYo+g
GNASXgNjHPRiRYE/w9kuDdeHUwPf5mt9TWv16JIUemEOuassSR0=
=bAx9
-----END PGP SIGNATURE-----


Reply to: