Debian Long Term Support / LTS Security Information / 2019 / Security Information -- DLA-1808-1 sox

Debian Security Advisory

DLA-1808-1 sox -- LTS security update

Date Reported:

28 May 2019

Affected Packages:

sox

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 927906.
In Mitre's CVE dictionary: CVE-2019-8354, CVE-2019-8355, CVE-2019-8356, CVE-2019-8357.

More information:

Several issues were found in SoX, the Swiss army knife of sound processing programs, that could lead to denial of service via application crash or potentially to arbitrary code execution by processing maliciously crafted input files.

For Debian 8 Jessie, these problems have been fixed in version 14.4.1-5+deb8u4.

We recommend that you upgrade your sox packages.

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS