Tuesday, February 25, 2025

[USN-7267-2] libsndfile vulnerability

-----BEGIN PGP SIGNATURE-----

wsD5BAABCAAjFiEEcxdv4gCCE8W9nrt5a1+PL+d1/EgFAme9yFcFAwAAAAAACgkQa1+PL+d1/Eje
UgwAp/iBIQTX+GCMkPxGWAbSeUEw1O5YxVEL9tFVHmlIeIi0DiW0vhpyOTGmoF2j18gW9gEwRvP4
En/y2gu8ft1XXJ9cQX9icNS9Phay9/vZa9ohCFVQBGX9CrYK2VsatBb3G2Rfdr+4T6qSsqqwNLlU
1VGgeyNC0g5lizRwo/+1jENpSmRoohwsjTyhWQfksfoiEy406pTkurC5nVZgZSvwlOZmu/2CdsnB
Std5yRgx/x6bH4c0DT5NS7DT85xdOhrzKC2POCLjrKIrNGKq24lVLR4XCGiJJrC01mO4g12oundj
WkEAlPQi6yQYytPd5gwcj5gqtScDaknPGyieRf+6djt0V4Re7Nf/XQINls98wxjUgQ5P60Q7JJH8
58o81PNr6TBbzBdlvc9TeFD2MQ7oqQ4MCjF8XGTGk/vb5uZuhVJTYDZSE+pd2qRUAbAjOsMmiLMC
yc8D8zmvhGq4H96t+iaSeyduagZslDmEmolJ/AFyZjDH2NndEKgfNSudFGx0
=yKha
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7267-2
February 25, 2025

libsndfile vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.10
- Ubuntu 24.04 LTS

Summary:

libsndfile could be made to crash if it opened a specially crafted file.

Software Description:
- libsndfile: Library for reading/writing audio files

Details:

USN-7267-1 fixed a vulnerability in libsndfile. This update provides
the corresponding updates for Ubuntu 24.04 LTS and Ubuntu 24.10.

Original advisory details:

 It was discovered that libsndfile incorrectly handled certain malformed
 OggVorbis files. An attacker could possibly use this issue to cause
 libsndfile to crash, resulting in a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.10
  libsndfile1                     1.2.2-1ubuntu5.24.10.1
  sndfile-programs                1.2.2-1ubuntu5.24.10.1

Ubuntu 24.04 LTS
  libsndfile1                     1.2.2-1ubuntu5.24.04.1
  sndfile-programs                1.2.2-1ubuntu5.24.04.1

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-7267-2
  https://ubuntu.com/security/notices/USN-7267-1
  CVE-2024-50612

Package Information:
https://launchpad.net/ubuntu/+source/libsndfile/1.2.2-1ubuntu5.24.10.1
https://launchpad.net/ubuntu/+source/libsndfile/1.2.2-1ubuntu5.24.04.1

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)