[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 3058-1] libsndfile security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3058-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                    Thorsten Alteholz
June 26, 2022                                 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : libsndfile
Version        : 1.0.27-3+deb9u3
CVE ID         : CVE-2017-12562 CVE-2021-4156


Two issues have been found in libsndfile, a library for reading/writing
audio files.

CVE-2017-12562

   Due to a possible heap buffer overflow attack in an attacker could
   cause a remote denial of service attack by tricking the function into
   outputting a largeamount of data.

CVE-2021-4156

   Using a crafted FLAC file, an attacker could trigger an out-of-bounds
   read that would most likely cause a crash but could potentially leak
   memory information.


For Debian 9 stretch, these problems have been fixed in version
1.0.27-3+deb9u3.

We recommend that you upgrade your libsndfile packages.

For the detailed security status of libsndfile please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libsndfile

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmK7W7xfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEeC0xAAtkLIBSzpZUxr6ZyRmQqRqRlofjjYLQWgR+P/MVoY2FqT0Wgu9m1QKUi9
2X/UK4NMLVLfskdTsqqXHv1nrUj5e/lDlGCLYjeVvdAWTbALTndsr0e7Z75ojaLU
YJ/5ecRn0I/GTU/N+HCQk09oxu/F1/9fK6I6jQnRQQrb1oOtUl84zuudKR0NHsHT
J4WeBqZbhcIXdAyyuZ94xPF/K97O+Aokqoth+ycp7CjZvS9mQSsSpnqDMrW77xnE
nv4DoPK80L/Oe6B0++xiZxUcq9DDxJ8zeTqUvwktKdzxH9qvKcrh7mVgYMOiBKTF
YHtXiqbMsyz83A6nj5SFTZX5E/piQYocTPPMeuK2jA0cPE7MzLhxTVvYfmbk8LtY
59CQbPBHbr7bYzm1q1Qgwl0HleMeHkmzz65y02x4TCVnMLukQZrrBmF4iAAtmT3+
f/IDPg+nidzNFsD1BSRg/vYxAK5RxJeMsrkroEBY7pNO4GYAaRWF7DV33wwLhBwV
4GD9LsbVSVMO5CwItRfhkAv2TER0X2JmKQ/LYdUXACYDtvCoRDUgQDdnauf9y8M/
okb+syuIek+z2klRWnTIJZhWAcbw5PPLUNG5OG3AkFoUsgU1A10za30LJd4ch8e6
egIsuneiprCztxRQL8CEgWqCCwgbWfGeDJm9utDACQBfDsIkDtw=
=NXPH
-----END PGP SIGNATURE-----


Reply to: