Cloud Foundry Logo
blog single gear
Blog
Security Advisory

USN-6558-1: audiofile vulnerabilities

by: April 4, 2024

USN-6558-1: audiofile vulnerabilities

Severity

Medium

Vendor

Canonical Ubuntu

Versions Affected

  • Canonical Ubuntu 18.04
  • Canonical Ubuntu 22.04

Description

It was discovered that audiofile could be made to dereference invalid memory. If a user or an automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-13440) It was discovered that audiofile could be made to write out of bounds. If a user or an automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-17095) It was discovered that audiofile could be made to dereference invalid memory. If a user or an automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. (CVE-2019-13147) It was discovered that audiofile could be made to leak memory. If a user or an automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to obtain sensitive information. (CVE-2022-24599) Update Instructions: Run `sudo pro fix USN-6558-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: audiofile-tools – 0.3.6-2ubuntu0.16.04.1+esm1 libaudiofile-dev – 0.3.6-2ubuntu0.16.04.1+esm1 libaudiofile1 – 0.3.6-2ubuntu0.16.04.1+esm1 Available with Ubuntu Pro: https://ubuntu.com/pro

CVEs contained in this USN include: CVE-2018-13440, CVE-2018-17095, CVE-2019-13147, CVE-2022-24599.

Affected Cloud Foundry Products and Versions

Severity is medium unless otherwise noted.

  • cflinuxfs4
    • All versions prior to 1.61.0
  • CF Deployment
    • All versions prior to 35.1.0

Mitigation

Users of affected products are strongly encouraged to follow the mitigations below.

The Cloud Foundry project recommends upgrading the following releases:

  • cflinuxfs4
    • Upgrade all versions to 1.61.0 or greater
  • CF Deployment
    • Upgrade all versions to 35.1.0 or greater

History

2024-04-04: Initial vulnerability report published.

Cloud Foundry Foundation Security Team Profile Image

Cloud Foundry Foundation Security Team, AUTHOR

SEE ALL ARTICLES

You Might Also Like

CVE-2019-11271: Bosh Deployment logs leak sensitive information
Security Advisory

CVE-2019-11271: Bosh Deployment logs leak sensitive information

by Cloud Foundry Foundation Security Team June 17, 2019
USN-2983-1 Expat vulnerability
Security Advisory

USN-2983-1 Expat vulnerability

by Cloud Foundry Foundation Security Team June 13, 2016
USN-5631-1: libjpeg-turbo vulnerabilities
Security Advisory

USN-5631-1: libjpeg-turbo vulnerabilities

by Cloud Foundry Foundation Security Team September 29, 2022
This website uses cookies to offer you a better browsing experience. Find out more about how we use cookies and how you can change your settings. Accept