Debian alert DLA-1049-1 (libsndfile)
| From: | Chris Lamb <lamby@debian.org> | |
| To: | debian-lts-announce@lists.debian.org | |
| Subject: | [SECURITY] [DLA 1049-1] libsndfile security update | |
| Date: | Mon, 07 Aug 2017 08:29:17 -0400 | |
| Message-ID: | <1502108957.3093931.1065524504.71B0C8D0@webmail.messagingengine.com> |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : libsndfile Version : 1.0.25-9.1+deb7u4 CVE ID : CVE-2017-12562 Debian Bug : #869166 It was discovered that there was a heap buffer overflow attack in libsndfile, a library for reading/writing audio files. An attacker could cause a remote denial of service attack by tricking the function into outputting a large amount of data. For Debian 7 "Wheezy", this issue has been fixed in libsndfile version 1.0.25-9.1+deb7u4. We recommend that you upgrade your libsndfile packages. Regards, - -- ,''`. : :' : Chris Lamb, Debian Project Leader `. `'` lamby@debian.org / chris-lamb.co.uk `- -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlmIXQYACgkQHpU+J9Qx HljHoA/9GbDPSfYQdHt4ely6z6CwEwpM0giq+ixPecIlQxq9qVsPxBkbz2DEmEIT K4ZqR5zCG8G8Scx+G4XBOv4pYe2rTDMV1OlVORSMd3Cg2QOpHXJU8xD3YB9cyLzq TDJH3KdlBbdIxA8aWjZcsZ3ok+DF5WqOa57LXehNpXg0fg/aPqqG2YyzCqsPB10L V6tsfAaIJZx9frKc5y0S6GvGZCVJVpl6ml8i/SyT5oS8HOVap8qVkHw2CgUZZCwq Q2+fNsbPC1Lq2nsytG4qAsfcQmc/3jv3XeojVIyYOstMvmxcm1fB+Xu2SkF3JUIt 0XPi50Ach6gL2SGaRjm2KtY9rfoJqqzSkrHm8EYM3Upclg5AK0gnaLKLL7XmAQb+ jMmKOmVgY2/OPsJMMLyMKXdnAdiQfDRmQTF/WEZHPo8kKKDcVuYbHvI1nPZxRROd JXQAsqLpoGjvvD0Po2z8O/1efTzWLEnSHOeNaTZtipqG/0EyPBb/6w0LNOyffj9x SbhOIahM8TT2mZTvDGwMP+VMrH4GYBDyNw9Yee5OqvOn7vO7estoSKEBZQrgAtBR WE3O68arn+hMPEEKHPV/GR/KjJR0Ep8P86EsqC/VjGkBb5RAENxttjhPsWrNYo+g GNASXgNjHPRiRYE/w9kuDdeHUwPf5mt9TWv16JIUemEOuassSR0= =bAx9 -----END PGP SIGNATURE-----