Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

USN-912-1: Audio File Library vulnerability

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) USN-912-1: Audio File Library vulnerability
# 1  
Old 03-16-2010
USN-912-1: Audio File Library vulnerability
Referenced CVEs:
CVE-2008-5824


Description:
=========================================================== Ubuntu Security Notice USN-912-1 March 16, 2010 audiofile vulnerability CVE-2008-5824 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 Ubuntu 9.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libaudiofile0 0.2.6-6ubuntu1.1 Ubuntu 8.04 LTS: libaudiofile0 0.2.6-7ubuntu1.8.04.1 Ubuntu 8.10: libaudiofile0 0.2.6-7ubuntu1.8.10.1 Ubuntu 9.04: libaudiofile0 0.2.6-7ubuntu1.9.04.1 Ubuntu 9.10: libaudiofile0 0.2.6-7ubuntu2.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that Audio File Library contained a heap-based buffer overflow. If a user or automated system processed a crafted WAV file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. The default compiler options for Ubuntu should reduce this vulnerability to a denial of service.





More...
Login or Register to Ask a Question

Previous Thread | Next Thread
Login or Register to Ask a Question

LEARN ABOUT DEBIAN

sfconvert

SFCONVERT(1)							 Debian GNU/Linux						      SFCONVERT(1)

NAME

       sfconvert - convert between various audio formats

SYNOPSIS

       sfconvert infile outfile [ options ... ] [ output keywords ... ]

DESCRIPTION

       The  sfconvert  tool can be used to convert audio files from one audio format to another.  The files' audio formats have to be supported by
       libaudiofile.

OPTIONS

       The following keywords specify the format of the output sound file:

       byteorder e
	      Desired endianness of output sample data. e may be one of big or little.

       channels n
	      Number of output channels. n is 1 for mono, and 2 for stereo files.

       format f
	      Audio format of output file. f has to be one of the currently supported formats: aiff (Audio Interchange File Format), aifc  (AIFF-C
	      File  Format),  next (NeXT/Sun Format), wave (MS RIFF WAVE Format), bicsf (Berkeley/IRCAM/CARL Sound File Format), avr (Audio Visual
	      Research File Format), iff (Amiga IFF/8SVX Sound File Format), or nist (NIST SPHERE File Format).

       integer n s
	      Produce integer samples. n specifies the width of individual samples in bits, s yields the encoding and may be one  of  2scomp  (2's
	      complement signed data), or unsigned (unsigned data). The integer and float options (see below) are mutually exclusive.

       float m
	      Produce  floating point samples with a maximum amplitude of m (usually 1.0). This options may not be used together with option inte-
	      ger.

SEE ALSO

       sfinfo(1).

AUTHOR

       sfconvert was written by Michael Pruett <michael@68k.org>.

       This manual page was written by Daniel Kobras <kobras@debian.org> for the Debian GNU/Linux system (but may be used by others).  It is based
       on the sfconvert plain text documentation as distributed with audiofile.

Debian Project							    March 2001							      SFCONVERT(1)