diff options
| author | Hugo Lefeuvre <hle@debian.org> | 2019-03-05 19:01:33 +0100 |
|---|---|---|
| committer | Hugo Lefeuvre <hle@owl.eu.com> | 2019-03-05 19:01:33 +0100 |
| commit | e93ca5fbfaed58a7d5dc6aef84b3b25a6d2651b6 (patch) | |
| tree | 9f3ecba5721884259258a58510ba217988f373c3 | |
| parent | c4a1c2bdc93f45db86669b5a8ce1e0f17a23954d (diff) | |
DLA-1705 advisory
| -rw-r--r-- | english/lts/security/2019/dla-1705.data | 10 | ||||
| -rw-r--r-- | english/lts/security/2019/dla-1705.wml | 51 |
2 files changed, 61 insertions, 0 deletions
diff --git a/english/lts/security/2019/dla-1705.data b/english/lts/security/2019/dla-1705.data new file mode 100644 index 00000000000..62a1b5e9538 --- /dev/null +++ b/english/lts/security/2019/dla-1705.data @@ -0,0 +1,10 @@ +<define-tag pagetitle>DLA-1705-1 sox</define-tag> +<define-tag report_date>2019-03-05</define-tag> +<define-tag secrefs>CVE-2017-11332 CVE-2017-11358 CVE-2017-11359 CVE-2017-15371 Bug#878809 Bug#870328</define-tag> +<define-tag packages>sox</define-tag> +<define-tag isvulnerable>yes</define-tag> +<define-tag fixed>yes</define-tag> +<define-tag fixed-section>no</define-tag> + +#use wml::debian::security + diff --git a/english/lts/security/2019/dla-1705.wml b/english/lts/security/2019/dla-1705.wml new file mode 100644 index 00000000000..ec72f513a3e --- /dev/null +++ b/english/lts/security/2019/dla-1705.wml @@ -0,0 +1,51 @@ +<define-tag description>LTS security update</define-tag> +<define-tag moreinfo> +<p>Multiple vulnerabilities have been discovered in SoX (Sound eXchange), +a sound processing program:</p> + +<ul> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2017-11332">CVE-2017-11332</a> + + <p>The startread function (wav.c) is affected by a divide-by-zero + vulnerability when processing WAV file with zero channel count. This + flaw might be leveraged by remote attackers using a crafted WAV file + to perform denial of service (application crash).</p></li> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2017-11358">CVE-2017-11358</a> + + <p>The read_samples function (hcom.c) is affected by an invalid memory read + vulnerability when processing HCOM files with invalid dictionnaries. This + flaw might be leveraged by remote attackers using a crafted HCOM file to + perform denial of service (application crash).</p></li> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2017-11359">CVE-2017-11359</a> + + <p>The wavwritehdr function (wav.c) is affected by a divide-by-zero + vulnerability when processing WAV files with invalid channel count over + 16 bits. This flaw might be leveraged by remote attackers using a crafted + WAV file to perform denial of service (application crash).</p></li> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2017-15371">CVE-2017-15371</a> + + <p>The sox_append_comment() function (formats.c) is vulnerable to a reachable + assertion when processing FLAC files with metadata declaring more comments + than provided. This flaw might be leveraged by remote attackers using + crafted FLAC data to perform denial of service (application crash).</p></li> + +</ul> + +<p>For Debian 8 <q>Jessie</q>, these problems have been fixed in version +14.4.1-5+deb8u3.</p> + +<p>We recommend that you upgrade your sox packages.</p> + +<p>Further information about Debian LTS security advisories, how to apply +these updates to your system and frequently asked questions can be +found at: <a href="https://wiki.debian.org/LTS">https://wiki.debian.org/LTS</a></p> + +</define-tag> + +# do not modify the following line +#include "$(ENGLISHDIR)/lts/security/2019/dla-1705.data" +# $Id: $ |