Ubuntu Security Notice 4079-2 - USN-4079-1 fixed vulnerabilities in SoX. This update provides the corresponding update for Ubuntu 18.04 LTS and Ubuntu 19.04. It was discovered that SoX incorrectly handled certain MP3 files. An attacker could possibly use this issue to cause a denial of service. Various other issues were also addressed.
5ffe08fe87a127722df794d049e52f8a60387a6175169e17197ecd176757eafd
==========================================================================
Ubuntu Security Notice USN-4079-2
August 01, 2019
sox vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 19.04
- Ubuntu 18.04 LTS
Summary:
SoX could be made to crash if it received a specially crafted MP3 file.
Software Description:
- sox: Swiss army knife of sound processing
Details:
USN-4079-1 fixed vulnerabilities in SoX. This update provides the corresponding
update for Ubuntu 18.04 LTS and Ubuntu 19.04.
Original advisory details:
It was discovered that SoX incorrectly handled certain MP3 files. An attacker
could possibly use this issue to cause a denial of service. (CVE-2019-8354,
CVE-2019-8355, CVE-2019-8356, CVE-2019-8357)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 19.04:
libsox3 14.4.2-3ubuntu0.19.04.1
sox 14.4.2-3ubuntu0.19.04.1
Ubuntu 18.04 LTS:
libsox3 14.4.2-3ubuntu0.18.04.1
sox 14.4.2-3ubuntu0.18.04.1
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4079-2
https://usn.ubuntu.com/4079-1
CVE-2019-8354, CVE-2019-8355, CVE-2019-8356, CVE-2019-8357
Package Information:
https://launchpad.net/ubuntu/+source/sox/14.4.2-3ubuntu0.19.04.1
https://launchpad.net/ubuntu/+source/sox/14.4.2-3ubuntu0.18.04.1