-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3058-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz June 26, 2022 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : libsndfile Version : 1.0.27-3+deb9u3 CVE ID : CVE-2017-12562 CVE-2021-4156 Two issues have been found in libsndfile, a library for reading/writing audio files. CVE-2017-12562 Due to a possible heap buffer overflow attack in an attacker could cause a remote denial of service attack by tricking the function into outputting a largeamount of data. CVE-2021-4156 Using a crafted FLAC file, an attacker could trigger an out-of-bounds read that would most likely cause a crash but could potentially leak memory information. For Debian 9 stretch, these problems have been fixed in version 1.0.27-3+deb9u3. We recommend that you upgrade your libsndfile packages. For the detailed security status of libsndfile please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libsndfile Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmK7W7xfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7 WEeC0xAAtkLIBSzpZUxr6ZyRmQqRqRlofjjYLQWgR+P/MVoY2FqT0Wgu9m1QKUi9 2X/UK4NMLVLfskdTsqqXHv1nrUj5e/lDlGCLYjeVvdAWTbALTndsr0e7Z75ojaLU YJ/5ecRn0I/GTU/N+HCQk09oxu/F1/9fK6I6jQnRQQrb1oOtUl84zuudKR0NHsHT J4WeBqZbhcIXdAyyuZ94xPF/K97O+Aokqoth+ycp7CjZvS9mQSsSpnqDMrW77xnE nv4DoPK80L/Oe6B0++xiZxUcq9DDxJ8zeTqUvwktKdzxH9qvKcrh7mVgYMOiBKTF YHtXiqbMsyz83A6nj5SFTZX5E/piQYocTPPMeuK2jA0cPE7MzLhxTVvYfmbk8LtY 59CQbPBHbr7bYzm1q1Qgwl0HleMeHkmzz65y02x4TCVnMLukQZrrBmF4iAAtmT3+ f/IDPg+nidzNFsD1BSRg/vYxAK5RxJeMsrkroEBY7pNO4GYAaRWF7DV33wwLhBwV 4GD9LsbVSVMO5CwItRfhkAv2TER0X2JmKQ/LYdUXACYDtvCoRDUgQDdnauf9y8M/ okb+syuIek+z2klRWnTIJZhWAcbw5PPLUNG5OG3AkFoUsgU1A10za30LJd4ch8e6 egIsuneiprCztxRQL8CEgWqCCwgbWfGeDJm9utDACQBfDsIkDtw= =NXPH -----END PGP SIGNATURE-----
