Forum: >>> Magnum BBS <<<

[SECURITY] [DSA-1972-1] New audiofile packages fix buffer overflow (1/2

From Stefan Fritsch@1:229/2 to All on Sun Jan 17 10:40:01 2010

From: [email protected]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------- Debian Security Advisory DSA-1972-1 [email protected] http://www.debian.org/security/ Stefan Fritsch January 17, 2010 http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : audiofile
Vulnerability : buffer overflow
Problem type : local (remote)
Debian-specific: no
CVE Id : CVE-2008-5824
Debian bug : 510205

Max Kellermann discovered a heap-based buffer overflow in the handling
of ADPCM WAV files in libaudiofile. This flaw could result in a denial
of service (application crash) or possibly execution of arbitrary code
via a crafted WAV file.

The old stable distribution (etch), this problem will be fixed in
version 0.2.6-6+etch1.

The packages for the oldtable distribution are not included in this
advisory. An update will be released soon.

For the stable distribution (lenny), this problem has been fixed in
version 0.2.6-7+lenny1.

For the testing distribution (squeeze) and the unstable distribution
(sid), this problem has been fixed in version 0.2.6-7.1.

We recommend that you upgrade your audiofile packages.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 5.0 alias lenny (stable)
- -----------------------------------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/a/audiofile/audiofile_0.2.6.orig.tar.gz
Size/MD5 checksum: 374688 9c1049876cd51c0f1b12c2886cce4d42
http://security.debian.org/pool/updates/main/a/audiofile/audiofile_0.2.6-7+lenny1.dsc
Size/MD5 checksum: 1048 ba1535425e02719cb32aaed448b9e615
http://security.debian.org/pool/updates/main/a/audiofile/audiofile_0.2.6-7+lenny1.diff.gz
Size/MD5 checksum: 300816 57eece898416b8ecf3aa5dac27f2c4fc

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile-dev_0.2.6-7+lenny1_alpha.deb
Size/MD5 checksum: 158224 c1579697bbb721374da6451aa12a2030
http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile0_0.2.6-7+lenny1_alpha.deb
Size/MD5 checksum: 90028 01aa1e7a90c361cdd95f289f4d2b554d
http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile0-dbg_0.2.6-7+lenny1_alpha.deb
Size/MD5 checksum: 167796 34be04955f6912507db6855eb51fa3cf

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile0_0.2.6-7+lenny1_amd64.deb
Size/MD5 checksum: 83988 1f3b65530a04afb05e077ff7ed72d331
http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile0-dbg_0.2.6-7+lenny1_amd64.deb
Size/MD5 checksum: 169514 94248270333cdf6278dc7b27d3af01d7
http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile-dev_0.2.6-7+lenny1_amd64.deb
Size/MD5 checksum: 130610 a5ba3174a86f15a11f8922ed892f9bec

arm architecture (ARM)

http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile0_0.2.6-7+lenny1_arm.deb
Size/MD5 checksum: 74696 f3aa521f8ed711b4a2fd3ff14a3bba32
http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile0-dbg_0.2.6-7+lenny1_arm.deb
Size/MD5 checksum: 164142 a87e3ac1f10e120bf8451aac693036ad
http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile-dev_0.2.6-7+lenny1_arm.deb
Size/MD5 checksum: 116354 20bccdc0014746f3b07c7b19acbef513

armel architecture (ARM EABI)

http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile0_0.2.6-7+lenny1_armel.deb
Size/MD5 checksum: 77702 0effe95d77f86d22aed53a9a93012d2b
http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile-dev_0.2.6-7+lenny1_armel.deb
Size/MD5 checksum: 121328 52f253d4bbf24883ca3dd83a7d9e0686
http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile0-dbg_0.2.6-7+lenny1_armel.deb
Size/MD5 checksum: 166310 7f5222c459b8964c6551746641b9e385

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile-dev_0.2.6-7+lenny1_hppa.deb
Size/MD5 checksum: 135830 8ad815e277bf74a7a231fd3577d1ecbb
http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile0_0.2.6-7+lenny1_hppa.deb
Size/MD5 checksum: 87580 83007039c0d0aa96508027c58d44956d
http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile0-dbg_0.2.6-7+lenny1_hppa.deb
Size/MD5 checksum: 166476 4ea9d29c71058ed703baeb407ebf74ef

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile0-dbg_0.2.6-7+lenny1_i386.deb
Size/MD5 checksum: 164582 7c84007f5260c1b9ce714d9e090b649c
http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile-dev_0.2.6-7+lenny1_i386.deb
Size/MD5 checksum: 118288 99ca6cf504847281ffee6095d6c56df9
http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile0_0.2.6-7+lenny1_i386.deb
Size/MD5 checksum: 77984 eaa5796ba0a90db7d759719ea46e3ea7

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile-dev_0.2.6-7+lenny1_ia64.deb
Size/MD5 checksum: 171436 87e839b3f36d8374d46dd8cc46cfdf02
http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile0-dbg_0.2.6-7+lenny1_ia64.deb
Size/MD5 checksum: 160876 0a1fca9b908b5626c488befbf17951cd
http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile0_0.2.6-7+lenny1_ia64.deb
Size/MD5 checksum: 114662 fcb0924085a99cb1f5fb7352cb7c4cfe

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile0_0.2.6-7+lenny1_mips.deb
Size/MD5 checksum: 77652 cf4fdc50fb0c27d2d01ea62a00e419ae
http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile-dev_0.2.6-7+lenny1_mips.deb

[continued in next message]

--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)

Who's Online
Recent Visitors
- Krenn
  Sat Jun 6 11:38:56 2026
  from Sydney, Nsw via Telnet
- Furryboy
  Sat Jun 6 10:56:29 2026
  from Romania, Galati via SSH
- Centurion
  Fri Jun 5 22:28:01 2026
  from Berea, Ohio via Telnet
- Ab Cadd
  Fri Jun 5 17:52:51 2026
  from Sheboygan, Wi via Telnet
- Gwylbert
  Fri Jun 5 06:28:52 2026
  from Sydney, Nsw via Telnet
- Centurion
  Thu Jun 4 23:42:23 2026
  from Berea, Ohio via Telnet
- Michal Wronka
  Thu Jun 4 23:19:58 2026
  from Wroclaw, Poland via Telnet
- Michal Wronka
  Thu Jun 4 23:17:20 2026
  from Wroclaw, Poland via SSH

System Info

Sysop:	Keyop
Location:	Huddersfield, West Yorkshire, UK
Users:	715
Nodes:	16 (2 / 14)
Uptime:	146:03:02
Calls:	12,089
Calls today:	2
Files:	15,000
Messages:	6,517,500

[SECURITY] [DSA-1972-1] New audiofile packages fix buffer overflow (1/2

Who's Online

Recent Visitors

System Info