Ubuntu Security Notice 3569-1 - It was discovered that libvorbis incorrectly handled certain sound files. An attacker could possibly use this to execute arbitrary code. It was discovered that libvorbis incorrectly handled certain sound files. An attacker could use this to cause a denial of service.
7637d44087725a3233537de489217a990a2f1060c897ef61c57f51e0fb5a5d60
==========================================================================
Ubuntu Security Notice USN-3569-1
February 13, 2018
libvorbis vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.10
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in libvorbis.
Software Description:
- libvorbis: The Vorbis General Audio Compression Codec
Details:
It was discovered that libvorbis incorrectly handled certain sound
files. An attacker could possibly use this to execute arbitrary code.
(CVE-2017-14632)
It was discovered that libvorbis incorrectly handled certain sound
files. An attacker could use this to cause a denial of service.
(CVE-2017-14633)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 17.10:
libvorbis0a 1.3.5-4ubuntu0.1
Ubuntu 16.04 LTS:
libvorbis0a 1.3.5-3ubuntu0.1
Ubuntu 14.04 LTS:
libvorbis0a 1.3.2-1.3ubuntu1.1
After a standard system upgrade you need to restart any applications
that
use libvorbis, such as Totem and gtkpod, to effect the necessary
changes.
References:
https://www.ubuntu.com/usn/usn-3569-1
CVE-2017-14632, CVE-2017-14633
Package Information:
https://launchpad.net/ubuntu/+source/libvorbis/1.3.5-4ubuntu0.1
https://launchpad.net/ubuntu/+source/libvorbis/1.3.5-3ubuntu0.1
https://launchpad.net/ubuntu/+source/libvorbis/1.3.2-1.3ubuntu1.1