Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2017.0773
audiofile vulnerabilities
23 March 2017
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: audiofile
Publisher: Ubuntu
Operating System: Ubuntu
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Denial of Service -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2017-6839 CVE-2017-6838 CVE-2017-6837
CVE-2017-6836 CVE-2017-6835 CVE-2017-6834
CVE-2017-6833 CVE-2017-6832 CVE-2017-6831
CVE-2017-6830 CVE-2017-6829 CVE-2017-6828
CVE-2017-6827
Reference: ESB-2017.0764
Original Bulletin:
http://www.ubuntu.com/usn/usn-3241-1
- --------------------------BEGIN INCLUDED TEXT--------------------
==========================================================================
Ubuntu Security Notice USN-3241-1
March 22, 2017
audiofile vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- - Ubuntu 14.04 LTS
- - Ubuntu 12.04 LTS
Summary:
audiofile could be made to crash or run programs if it opened a specially
crafted file.
Software Description:
- - audiofile: Open-source version of the SGI audiofile library
Details:
Agostino Sarubbo discovered that audiofile incorrectly handled certain
malformed audio files. If a user or automated system were tricked into
processing a specially crafted audio file, a remote attacker could cause
applications linked against audiofile to crash, leading to a denial of
service, or possibly execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS:
libaudiofile1 0.3.6-2ubuntu0.14.04.2
Ubuntu 12.04 LTS:
libaudiofile1 0.3.3-2ubuntu0.3
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-3241-1
CVE-2017-6827, CVE-2017-6828, CVE-2017-6829, CVE-2017-6830,
CVE-2017-6831, CVE-2017-6832, CVE-2017-6833, CVE-2017-6834,
CVE-2017-6835, CVE-2017-6836, CVE-2017-6837, CVE-2017-6838,
CVE-2017-6839
Package Information:
https://launchpad.net/ubuntu/+source/audiofile/0.3.6-2ubuntu0.14.04.2
https://launchpad.net/ubuntu/+source/audiofile/0.3.3-2ubuntu0.3
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBWNMrCYx+lLeg9Ub1AQhzJQ//Sbx96G08w3k4uuQEZz9H6J6WCo3cVW4t
hdEjVV8x5PM3tay3/u3XVs62ISeSSiJbPaaC6J/GeYakz42OSUD2ViHiEko6bZvM
9fM2dVioZXPgVQrtPaJaPzbNziaagMR5l1b1imVkZUBjDV/dkdhiVdvwz9yd4yOq
o9L/Bt0E9wb9FkRS0Cdr3YRDHuk2oEf5amAZPM6q8Rt3yYRJQO05yKdJNYEKw4lM
31MB2OwZNX7dD/ffQ7Ts6yRpr7fvZBswabrHNazb0rggjMojd9akscRB5ZdBCxEd
LxmwBVK8lnqey7E4pDBNS83Lbn0A04VuzfS7uYDOkGsgvHM+Mzh/VNWQ4pG2ZuC9
tRIaMKUnuEizLsVAUBC+QYDe9TP/+eAbJ2OF6USKbISiGv6Q7AeIGPYZ9EDg5Obw
Xu3rt4b2pjiwvTaJFRjacE+v+g0ilK1miG/QIyR/cmdf06rKK9q0F2O19Kc8B3N7
BEj/LlpXVH+q1ZBPhcfUt6Zf3Nx+E6bJwFTrmYs/raevgb2v70WbyCa4wu0Y/sFq
qlG4ExBmhgen5zSVl5NdKGDISO5bMkCCjT0WUrxIvBBSRBXE2q6JSyZBykSM8aPP
1NMC9iGZBUrOaK48sDYrDwj4rfvJfAXN+DqiU9a0+YwNau7IOdOfaKiL4IZ8A4qi
z3fjvF6bs6I=
=rU0r
-----END PGP SIGNATURE-----