UbuntuUpdates.org

Package "libsndfile"

Name: libsndfile

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Sample programs that use libsndfile
  • debugging symbols for sndfile-programs

Latest version: 1.0.25-7ubuntu2.2
Release: trusty (14.04)
Level: updates
Repository: universe

Links



Other versions of "libsndfile" in Trusty

Repository Area Version
security main 1.0.25-7ubuntu2.2
security universe 1.0.25-7ubuntu2.2
updates main 1.0.25-7ubuntu2.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1.0.25-7ubuntu2.2 2017-06-01 15:06:43 UTC

  libsndfile (1.0.25-7ubuntu2.2) trusty-security; urgency=medium

  * SECURITY UPDATE: multiple security issues
    - debian/patches/*: synchronize security fixes with Debian's
      1.0.25-9.1+deb7u2 release. Thanks!
    - CVE-2017-7585, CVE-2017-7586, CVE-2017-7741, CVE-2017-7742,
      CVE-2017-8361, CVE-2017-8362, CVE-2017-8363, CVE-2017-8365

 -- Marc Deslauriers <email address hidden> Wed, 31 May 2017 09:42:28 -0400

Source diff to previous version
CVE-2017-7585 In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a stack-based buffer overflow via a spe
CVE-2017-7586 In libsndfile before 1.0.28, an error in the "header_read()" function (common.c) when handling ID3 tags can be exploited to cause a stack-based buffe
CVE-2017-7741 In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a segmentation violation (with write me
CVE-2017-7742 In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a segmentation violation (with read mem
CVE-2017-8361 The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer overflow and application cr
CVE-2017-8362 The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (invalid read and application crash
CVE-2017-8363 The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and ap
CVE-2017-8365 The i2les_array function in pcm.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer over-read and application crash)

Version: 1.0.25-7ubuntu2.1 2015-12-07 20:06:30 UTC

  libsndfile (1.0.25-7ubuntu2.1) trusty-security; urgency=medium

  * SECURITY UPDATE: denial of service via out-of-bounds read
    - debian/patches/CVE-2014-9496.patch: check map offset and rsrc marker
      in src/sd2.c.
    - CVE-2014-9496
  * SECURITY UPDATE: denial of service via division-by-zero
    - debian/patches/CVE-2014-9756.patch: check bytes and items in
      src/file_io.c.
    - CVE-2014-9756
  * SECURITY UPDATE: heap overflow via AIFF file headindex value
    - debian/patches/CVE-2015-7805.patch: use headend in src/common.c.
    - CVE-2015-7805

 -- Marc Deslauriers Mon, 07 Dec 2015 10:01:39 -0500

CVE-2014-9496 The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows attackers to have unspecified impact via vectors related to a (1) map offset or (2) rs
CVE-2014-9756 The psf_fwrite function in file_io.c in libsndfile allows attackers to cause a denial of service (divide-by-zero error and application crash) via uns
CVE-2015-7805 Heap-based buffer overflow in libsndfile 1.0.25 allows remote attackers to have unspecified impact via the headindex value in the header in an AIFF f



About   -   Send Feedback to @ubuntu_updates