USN-912-1: Audio File Library vulnerability

16 March 2010

audiofile vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 9.10
  • Ubuntu 9.04
  • Ubuntu 8.10
  • Ubuntu 8.04 LTS
  • Ubuntu 6.06 LTS

Software Description

  • audiofile

Details

It was discovered that Audio File Library contained a heap-based buffer overflow. If a user or automated system processed a crafted WAV file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. The default compiler options for Ubuntu should reduce this vulnerability to a denial of service.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 9.10
libaudiofile0 - 0.2.6-7ubuntu2.1
Ubuntu 9.04
libaudiofile0 - 0.2.6-7ubuntu1.9.04.1
Ubuntu 8.10
libaudiofile0 - 0.2.6-7ubuntu1.8.10.1
Ubuntu 8.04 LTS
libaudiofile0 - 0.2.6-7ubuntu1.8.04.1
Ubuntu 6.06 LTS
libaudiofile0 - 0.2.6-6ubuntu1.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system upgrade is sufficient to effect the necessary changes.

References