Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 5356-1] sox security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 5356-1] sox security update


Chronologisch Thread  
    < Chronologisch >       < Thread >
  • From: Moritz Muehlenhoff <jmm AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 5356-1] sox security update
  • Date: Mon, 20 Feb 2023 19:08:52 +0000
  • Authentication-results: mail.piratenpartei.de; dkim=none; spf=none (mail.piratenpartei.de: domain of "bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org" has no SPF policy when checking 2001:41b8:202:deb:216:36ff:fe40:4002) smtp.mailfrom="bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org"; dmarc=none
  • List-archive: https://lists.debian.org/msgid-search/Y/PFRPGRXqeQ02Ys AT seger.debian.org
  • List-id: <debian-security-announce.lists.debian.org>
  • List-url: <http://lists.debian.org/debian-security-announce/>
  • Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Content-Type:MIME-Version:Message-ID:Subject:To:From:Date :Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=6cqaIzkAgKY5kA6kGlXjX8IO27D3jRmYyg54/Y/y4Ok=; b=qx 01l//nm/cryXRpVwxLheQxUq0YoCtp1aCQwNKD5Yso6lslhPSK/E6/5b8NmlALM0Cy8cifH1EbXlK Axoa4+sv1wEQ9z/TXGx66n+WGW6XZej1+eatwaujzvnXvKyY9kwvLZRsqO+ub2UVzgvt/NNHk9pXW DBkgdEW6cKktZtVpMfJz/pC4herHF36MpOeFfKjJbrr7L7m+SysnRAyB81I7D4O9iuiAQVyQMD0Y9 290RbHDviUBTVEHBiZ7vw1Ni7RHone8vBMgU+r8uUyzUI2jxn7u3tjEhWbxUaiWYep6Lhl91kMtte J4HWpuFUPzKq2W25Td0kt3iSY9gaP2/g==;
  • Old-return-path: <jmm AT seger.debian.org>
  • Priority: urgent
  • Resent-date: Mon, 20 Feb 2023 19:09:18 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <SEKD9YWmW4J.A.tK.eV88jB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5356-1 security AT debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
February 20, 2023 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : sox
CVE ID : CVE-2021-3643 CVE-2021-23159 CVE-2021-23172 CVE-2021-23210
CVE-2021-33844 CVE-2021-40426 CVE-2022-31650 CVE-2022-31651
Debian Bug : 1010374 1012138 1012516 1021133 1021134 1021135

Multiple security issues were discovered in Sox, the Swiss Army knife of
sound processing programs, which could result in denial of service or
potentially the execution of arbitrary code if a malformed audio file
is processed.

For the stable distribution (bullseye), these problems have been fixed in
version 14.4.2+git20190427-2+deb11u1.

We recommend that you upgrade your sox packages.

For the detailed security status of sox please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/sox

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmPzxOgACgkQEMKTtsN8
TjYaEhAAlz/kw36CztzPYWoje596qLuQKtTWW6AHLRvE1jOcum2ymDmEqePfjg+b
HXQPGGhU8Fd6StyXFnqrCW7pvrhcIcQNYZfUqvTcmIlOTdumyZxpoIBaRIk7m68H
MFd7o0Nc7/fJpHyAw4Oobn+kyZj1Tf3uoiHrqZS45RUG02jIIKV+7rkYxE7qIzHi
HiS9IBIpeBGljQ4RyLZ+eyNNQuF+7X7Ep29aym6l2nsOSHkDZETvpHKj+4TrMPvZ
QLQJ3hrbPoTIHQtsWWbDX8WD3NwXOBRCXwxIOlnXhjiFN5Toc7x0YB0mTdzmXYQ8
LWex4xDYtM/tJE4oipCV3/iD/c/d9Q3F0y1ielQeVuA6YEdTkLp1RoBUkMeWhXIy
LoDjmOdzNIHPX/8EfPSup83Adwv7Py8g7ZbNWj/FRhUjtpP8j54TD8y3uHQkPmoN
E6UXylMOkckcIO/RjrbNLCWhvtJ3xgTwWZCGurbkA4okVvXvOyS6h+A77OW5CkDq
Xh3hRlsHjsvhjJc5J504r0r4fBulfkrnegoDJEzl9LvPIFtXmx6HZlkVuzMam30o
7neR5Rw2cPd8l0uMsJXevW6xBMB42eAUXd2bhmw7iXNUIOVxZaGMspgHxhI8dkSb
GxmPtBNaUQqtcqSRTzSoKVqkD/rarnjUnMStvxeGd6X1PUU7qJw=
=+n6U
-----END PGP SIGNATURE-----


  • [IT-SecNots] [SECURITY] [DSA 5356-1] sox security update, Moritz Muehlenhoff, 20.02.2023

Archiv bereitgestellt durch MHonArc 2.6.24.

Seitenanfang