UbuntuUpdates.org

Package "audiofile"

Name: audiofile

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Open-source version of SGI's audiofile library (debug)
  • Open-source version of SGI's audiofile library (header files)
  • Open-source version of SGI's audiofile library
Latest version: 0.3.3-2ubuntu0.3
Release: precise (12.04)
Level: security
Repository: main

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "audiofile" in Precise

Repository Area Version
base main 0.3.3-2
base universe 0.3.3-2
security universe 0.3.3-2ubuntu0.3
updates universe 0.3.3-2ubuntu0.3
updates main 0.3.3-2ubuntu0.3

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 0.3.3-2ubuntu0.3 2017-03-22 16:06:51 UTC

  audiofile (0.3.3-2ubuntu0.3) precise-security; urgency=medium

  * SECURITY UPDATE: multiple vulnerabilities (LP: #1674005)
    - Apply patches backported from Debian 0.3.6-4:
      + 04_clamp-index-values-to-fix-index-overflow-in-IMA.cpp.patch
      + 05_Always-check-the-number-of-coefficients.patch
      + 06_Check-for-multiplication-overflow-in-MSADPCM-decodeSam.patch
      + 07_Check-for-multiplication-overflow-in-sfconvert.patch
      + 08_Fix-signature-of-multiplyCheckOverflow.-It-returns-a-b.patch
      + 09_Actually-fail-when-error-occurs-in-parseFormat.patch
      + 10_Check-for-division-by-zero-in-BlockCodec-runPull.patch
    - CVE-2017-6827, CVE-2017-6828, CVE-2017-6829, CVE-2017-6830,
      CVE-2017-6831, CVE-2017-6832, CVE-2017-6833, CVE-2017-6834,
      CVE-2017-6835, CVE-2017-6836, CVE-2017-6837, CVE-2017-6838,
      CVE-2017-6839
  * debian/patches/sfconvert_error_handling.patch: improve sfconvert error
    handling so we can test the reproducers.

 -- Marc Deslauriers <email address hidden> Wed, 22 Mar 2017 10:39:00 -0400
Source diff to previous version
1674005 audiofile: Multiple security issues from March 2017
CVE-2017-6827 Heap-based buffer overflow in the MSADPCM::initializeCoefficients function in MSADPCM.cpp in audiofile (aka libaudiofile and Audio File Library) 0.3.
CVE-2017-6828 Heap-based buffer overflow in the readValue function in FileHandle.cpp in audiofile (aka libaudiofile and Audio File Library) 0.3.6 allows remote att
CVE-2017-6829 The decodeSample function in IMA.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a c
CVE-2017-6830 Heap-based buffer overflow in the alaw2linear_buf function in G711.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a
CVE-2017-6831 Heap-based buffer overflow in the decodeBlockWAVE function in IMA.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a
CVE-2017-6832 Heap-based buffer overflow in the decodeBlock in MSADPCM.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of
CVE-2017-6833 The runPull function in libaudiofile/modules/BlockCodec.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of
CVE-2017-6834 Heap-based buffer overflow in the ulaw2linear_buf function in G711.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a
CVE-2017-6835 The reset1 function in libaudiofile/modules/BlockCodec.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of s
CVE-2017-6836 Heap-based buffer overflow in the Expand3To4Module::run function in libaudiofile/modules/SimpleModule.h in Audio File Library (aka audiofile) 0.3.6 a
CVE-2017-6837 WAVE.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via vectors related to a large numb
CVE-2017-6838 Integer overflow in sfcommands/sfconvert.c in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) v
CVE-2017-6839 Integer overflow in modules/MSADPCM.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via

Version: 0.3.3-2ubuntu0.1 2015-10-28 20:06:34 UTC

  audiofile (0.3.3-2ubuntu0.1) precise-security; urgency=medium

  * SECURITY UPDATE: buffer overflow when changing both sample format and
    number of channels (LP: #1502721)
    - debian/patches/CVE-2015-7747.patch: don't corrupt files in
      libaudiofile/modules/ModuleState.cpp, added test to test/Makefile.am,
      test/sixteen-stereo-to-eight-mono.c.
    - CVE-2015-7747

 -- Marc Deslauriers Tue, 20 Oct 2015 08:57:52 -0400
1502721 When changing both sample format and number of channels, data gets corrupted; if new sample format smaller than old, possible buffer overflow
CVE-2015-7747 When changing both sample format and number of channels, data gets corrupted; if new sample format smaller than old, possible buffer overflow


About   -   Send Feedback to @ubuntu_updates