1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 5356-1] sox security update

    From Moritz Muehlenhoff@21:1/5 to All on Mon Feb 20 20:20:01 2023
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-5356-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff February 20, 2023 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : sox
    CVE ID : CVE-2021-3643 CVE-2021-23159 CVE-2021-23172 CVE-2021-23210
    CVE-2021-33844 CVE-2021-40426 CVE-2022-31650 CVE-2022-31651 Debian Bug : 1010374 1012138 1012516 1021133 1021134 1021135

    Multiple security issues were discovered in Sox, the Swiss Army knife of
    sound processing programs, which could result in denial of service or potentially the execution of arbitrary code if a malformed audio file
    is processed.

    For the stable distribution (bullseye), these problems have been fixed in version 14.4.2+git20190427-2+deb11u1.

    We recommend that you upgrade your sox packages.

    For the detailed security status of sox please refer to
    its security tracker page at:
    https://security-tracker.debian.org/tracker/sox

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org
    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmPzxOgACgkQEMKTtsN8 TjYaEhAAlz/kw36CztzPYWoje596qLuQKtTWW6AHLRvE1jOcum2ymDmEqePfjg+b HXQPGGhU8Fd6StyXFnqrCW7pvrhcIcQNYZfUqvTcmIlOTdumyZxpoIBaRIk7m68H MFd7o0Nc7/fJpHyAw4Oobn+kyZj1Tf3uoiHrqZS45RUG02jIIKV+7rkYxE7qIzHi HiS9IBIpeBGljQ4RyLZ+eyNNQuF+7X7Ep29aym6l2nsOSHkDZETvpHKj+4TrMPvZ QLQJ3hrbPoTIHQtsWWbDX8WD3NwXOBRCXwxIOlnXhjiFN5Toc7x0YB0mTdzmXYQ8 LWex4xDYtM/tJE4oipCV3/iD/c/d9Q3F0y1ielQeVuA6YEdTkLp1RoBUkMeWhXIy LoDjmOdzNIHPX/8EfPSup83Adwv7Py8g7ZbNWj/FRhUjtpP8j54TD8y3uHQkPmoN E6UXylMOkckcIO/RjrbNLCWhvtJ3xgTwWZCGurbkA4okVvXvOyS6h+A77OW5CkDq Xh3hRlsHjsvhjJc5J504r0r4fBulfkrnegoDJEzl9LvPIFtXmx6HZlkVuzMam30o 7neR5Rw2cPd8l0uMsJXevW6xBMB42eAUXd2bhmw7iXNUIOVxZaGMspgHxhI8dkSb GxmPtBNaUQqtcqSRTzSoKVqkD/rarnjUnMStvxeGd6X1PUU7qJw=
    =+n6U
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)