USN-3637-1: WavPack vulnerabilities

30 April 2018

wavpack vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 18.04 LTS
  • Ubuntu 17.10

Summary

Several security issues were fixed in WavPackXXX-APP-XXX.

Software Description

  • wavpack - audio codec (lossy and lossless) - encoder and decoder

Details

Thuan Pham, Marcel Böhme, Andrew Santosa and Alexandru Razvan Caciulescu discovered that WavPack incorrectly handled certain .wav files. An attacker could possibly use this to execute arbitrary code or cause a denial of service. (CVE-2018-10536, CVE-2018-10537)

Thuan Pham, Marcel Böhme, Andrew Santosa and Alexandru Razvan Caciulescu discovered that WavPack incorrectly handled certain .wav files. An attacker could possibly use this to cause a denial of service. (CVE-2018-10538, CVE-2018-10539, CVE-2018-10540)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.04 LTS
wavpack - 5.1.0-2ubuntu1.1
Ubuntu 17.10
wavpack - 5.1.0-2ubuntu0.3

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References