UbuntuUpdates.org

Package "audiofile"

Name: audiofile

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • sfinfo and sfconvert tools
  • Open-source version of SGI's audiofile library (debug)
  • Open-source version of SGI's audiofile library (header files)
  • Open-source version of SGI's audiofile library
Latest version: 0.3.6-2ubuntu0.16.04.1
Release: xenial (16.04)
Level: updates
Repository: universe

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "audiofile" in Xenial

Repository Area Version
base universe 0.3.6-2ubuntu0.15.10.1
security universe 0.3.6-2ubuntu0.16.04.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 0.3.6-2ubuntu0.16.04.1 2017-03-22 18:07:00 UTC

  audiofile (0.3.6-2ubuntu0.16.04.1) xenial-security; urgency=high

  * SECURITY UPDATE: multiple vulnerabilities (LP: #1674005)
    - Apply patches from Debian 0.3.6-4:
      + 04_clamp-index-values-to-fix-index-overflow-in-IMA.cpp.patch
      + 05_Always-check-the-number-of-coefficients.patch
      + 06_Check-for-multiplication-overflow-in-MSADPCM-decodeSam.patch
      + 07_Check-for-multiplication-overflow-in-sfconvert.patch
      + 08_Fix-signature-of-multiplyCheckOverflow.-It-returns-a-b.patch
      + 09_Actually-fail-when-error-occurs-in-parseFormat.patch
      + 10_Check-for-division-by-zero-in-BlockCodec-runPull.patch
    - CVE-2017-6827, CVE-2017-6828, CVE-2017-6829, CVE-2017-6830,
      CVE-2017-6831, CVE-2017-6832, CVE-2017-6833, CVE-2017-6834,
      CVE-2017-6835, CVE-2017-6836, CVE-2017-6837, CVE-2017-6838,
      CVE-2017-6839

 -- Jeremy Bicha <email address hidden> Thu, 16 Mar 2017 21:43:45 +0100
1674005 audiofile: Multiple security issues from March 2017
CVE-2017-6827 Heap-based buffer overflow in the MSADPCM::initializeCoefficients function in MSADPCM.cpp in audiofile (aka libaudiofile and Audio File Library) 0.3.
CVE-2017-6828 Heap-based buffer overflow in the readValue function in FileHandle.cpp in audiofile (aka libaudiofile and Audio File Library) 0.3.6 allows remote att
CVE-2017-6829 The decodeSample function in IMA.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a c
CVE-2017-6830 Heap-based buffer overflow in the alaw2linear_buf function in G711.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a
CVE-2017-6831 Heap-based buffer overflow in the decodeBlockWAVE function in IMA.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a
CVE-2017-6832 Heap-based buffer overflow in the decodeBlock in MSADPCM.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of
CVE-2017-6833 The runPull function in libaudiofile/modules/BlockCodec.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of
CVE-2017-6834 Heap-based buffer overflow in the ulaw2linear_buf function in G711.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a
CVE-2017-6835 The reset1 function in libaudiofile/modules/BlockCodec.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of s
CVE-2017-6836 Heap-based buffer overflow in the Expand3To4Module::run function in libaudiofile/modules/SimpleModule.h in Audio File Library (aka audiofile) 0.3.6 a
CVE-2017-6837 WAVE.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via vectors related to a large numb
CVE-2017-6838 Integer overflow in sfcommands/sfconvert.c in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) v
CVE-2017-6839 Integer overflow in modules/MSADPCM.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via


About   -   Send Feedback to @ubuntu_updates