-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-1972-1 security@debian.org http://www.debian.org/security/ Stefan Fritsch January 17, 2010 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : audiofile Vulnerability : buffer overflow Problem type : local (remote) Debian-specific: no CVE Id : CVE-2008-5824 Debian bug : 510205 Max Kellermann discovered a heap-based buffer overflow in the handling of ADPCM WAV files in libaudiofile. This flaw could result in a denial of service (application crash) or possibly execution of arbitrary code via a crafted WAV file. The old stable distribution (etch), this problem will be fixed in version 0.2.6-6+etch1. The packages for the oldtable distribution are not included in this advisory. An update will be released soon. For the stable distribution (lenny), this problem has been fixed in version 0.2.6-7+lenny1. For the testing distribution (squeeze) and the unstable distribution (sid), this problem has been fixed in version 0.2.6-7.1. We recommend that you upgrade your audiofile packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 5.0 alias lenny (stable) - ----------------------------------------- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/a/audiofile/audiofile_0.2.6.orig.tar.gz Size/MD5 checksum: 374688 9c1049876cd51c0f1b12c2886cce4d42 http://security.debian.org/pool/updates/main/a/audiofile/audiofile_0.2.6-7+lenny1.dsc Size/MD5 checksum: 1048 ba1535425e02719cb32aaed448b9e615 http://security.debian.org/pool/updates/main/a/audiofile/audiofile_0.2.6-7+lenny1.diff.gz Size/MD5 checksum: 300816 57eece898416b8ecf3aa5dac27f2c4fc alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile-dev_0.2.6-7+lenny1_alpha.deb Size/MD5 checksum: 158224 c1579697bbb721374da6451aa12a2030 http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile0_0.2.6-7+lenny1_alpha.deb Size/MD5 checksum: 90028 01aa1e7a90c361cdd95f289f4d2b554d http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile0-dbg_0.2.6-7+lenny1_alpha.deb Size/MD5 checksum: 167796 34be04955f6912507db6855eb51fa3cf amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile0_0.2.6-7+lenny1_amd64.deb Size/MD5 checksum: 83988 1f3b65530a04afb05e077ff7ed72d331 http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile0-dbg_0.2.6-7+lenny1_amd64.deb Size/MD5 checksum: 169514 94248270333cdf6278dc7b27d3af01d7 http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile-dev_0.2.6-7+lenny1_amd64.deb Size/MD5 checksum: 130610 a5ba3174a86f15a11f8922ed892f9bec arm architecture (ARM) http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile0_0.2.6-7+lenny1_arm.deb Size/MD5 checksum: 74696 f3aa521f8ed711b4a2fd3ff14a3bba32 http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile0-dbg_0.2.6-7+lenny1_arm.deb Size/MD5 checksum: 164142 a87e3ac1f10e120bf8451aac693036ad http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile-dev_0.2.6-7+lenny1_arm.deb Size/MD5 checksum: 116354 20bccdc0014746f3b07c7b19acbef513 armel architecture (ARM EABI) http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile0_0.2.6-7+lenny1_armel.deb Size/MD5 checksum: 77702 0effe95d77f86d22aed53a9a93012d2b http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile-dev_0.2.6-7+lenny1_armel.deb Size/MD5 checksum: 121328 52f253d4bbf24883ca3dd83a7d9e0686 http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile0-dbg_0.2.6-7+lenny1_armel.deb Size/MD5 checksum: 166310 7f5222c459b8964c6551746641b9e385 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile-dev_0.2.6-7+lenny1_hppa.deb Size/MD5 checksum: 135830 8ad815e277bf74a7a231fd3577d1ecbb http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile0_0.2.6-7+lenny1_hppa.deb Size/MD5 checksum: 87580 83007039c0d0aa96508027c58d44956d http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile0-dbg_0.2.6-7+lenny1_hppa.deb Size/MD5 checksum: 166476 4ea9d29c71058ed703baeb407ebf74ef i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile0-dbg_0.2.6-7+lenny1_i386.deb Size/MD5 checksum: 164582 7c84007f5260c1b9ce714d9e090b649c http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile-dev_0.2.6-7+lenny1_i386.deb Size/MD5 checksum: 118288 99ca6cf504847281ffee6095d6c56df9 http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile0_0.2.6-7+lenny1_i386.deb Size/MD5 checksum: 77984 eaa5796ba0a90db7d759719ea46e3ea7 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile-dev_0.2.6-7+lenny1_ia64.deb Size/MD5 checksum: 171436 87e839b3f36d8374d46dd8cc46cfdf02 http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile0-dbg_0.2.6-7+lenny1_ia64.deb Size/MD5 checksum: 160876 0a1fca9b908b5626c488befbf17951cd http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile0_0.2.6-7+lenny1_ia64.deb Size/MD5 checksum: 114662 fcb0924085a99cb1f5fb7352cb7c4cfe mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile0_0.2.6-7+lenny1_mips.deb Size/MD5 checksum: 77652 cf4fdc50fb0c27d2d01ea62a00e419ae http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile-dev_0.2.6-7+lenny1_mips.deb Size/MD5 checksum: 136234 a99b4802eac588c1a4204b4cb51ee750 http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile0-dbg_0.2.6-7+lenny1_mips.deb Size/MD5 checksum: 170994 e1579208d48d6eed6d5b4ee78f633c25 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile0_0.2.6-7+lenny1_mipsel.deb Size/MD5 checksum: 77354 9956348cc10198f72e01ef2de9fefb3c http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile0-dbg_0.2.6-7+lenny1_mipsel.deb Size/MD5 checksum: 169408 e442c1e3761d6417f8619b67f100d0ac http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile-dev_0.2.6-7+lenny1_mipsel.deb Size/MD5 checksum: 136282 4aa8e92fdf213266c6a00815d2ee1326 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile0-dbg_0.2.6-7+lenny1_powerpc.deb Size/MD5 checksum: 168454 57af4df319a43b6bbe3f26da61b6996c http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile-dev_0.2.6-7+lenny1_powerpc.deb Size/MD5 checksum: 131276 481f73af6d5b0532d830889a2d0e17b7 http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile0_0.2.6-7+lenny1_powerpc.deb Size/MD5 checksum: 82444 94db16051730d9c914d3cb1cb8eb983b s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile-dev_0.2.6-7+lenny1_s390.deb Size/MD5 checksum: 126500 aaa163e9465ea8781f6af4ca7c9d2ee1 http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile0_0.2.6-7+lenny1_s390.deb Size/MD5 checksum: 83506 1d9f7379d796d06ca3e18027039fab42 http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile0-dbg_0.2.6-7+lenny1_s390.deb Size/MD5 checksum: 169568 9e4273791c4237c68fa2e70251d6cf93 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile-dev_0.2.6-7+lenny1_sparc.deb Size/MD5 checksum: 117968 ec723b26f1cca8f967695d0701d5defb http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile0-dbg_0.2.6-7+lenny1_sparc.deb Size/MD5 checksum: 154992 581562d68231ccef4ea31a33c3efcf93 http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile0_0.2.6-7+lenny1_sparc.deb Size/MD5 checksum: 74984 b8b65cf6dc6d7c2947c4049aa27d44ca These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFLUtmzbxelr8HyTqQRAkJwAKCeQxQPQHSTBQTYt28fGBuQc3isBgCfXvPg D0nWskyEDwZ34JBBpZV21Fo= =2bKJ -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/