==========================================================================
Ubuntu Security Notice USN-4079-2
August 01, 2019

sox vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 19.04
– Ubuntu 18.04 LTS

Summary:

SoX could be made to crash if it received a specially crafted MP3 file.

Software Description:
– sox: Swiss army knife of sound processing

Details:

USN-4079-1 fixed vulnerabilities in SoX. This update provides the corresponding
update for Ubuntu 18.04 LTS and Ubuntu 19.04.

Original advisory details:

It was discovered that SoX incorrectly handled certain MP3 files. An attacker
could possibly use this issue to cause a denial of service. (CVE-2019-8354,
CVE-2019-8355, CVE-2019-8356, CVE-2019-8357)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.04:
libsox3 14.4.2-3ubuntu0.19.04.1
sox 14.4.2-3ubuntu0.19.04.1

Ubuntu 18.04 LTS:
libsox3 14.4.2-3ubuntu0.18.04.1
sox 14.4.2-3ubuntu0.18.04.1

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4079-2
https://usn.ubuntu.com/4079-1
CVE-2019-8354, CVE-2019-8355, CVE-2019-8356, CVE-2019-8357

Package Information:
https://launchpad.net/ubuntu/+source/sox/14.4.2-3ubuntu0.19.04.1
https://launchpad.net/ubuntu/+source/sox/14.4.2-3ubuntu0.18.04.1
—–BEGIN PGP SIGNATURE—–

iQIzBAABCgAdFiEECtyyz6azUy6AZBzSkGeI6zGnN/8FAl1DjUwACgkQkGeI6zGn
N/+MdA/8Clxz+yzWf934zIi/FJFA6E13yjG0KP9bxyYpRVR1VaJtzihLgffakF6O
zq7h2PUoyN+EN0MaWKQO9kAi7FSh5HFZQUbKRejHP/aTfCxF/V+wwLMN+IigFC4G
D+ShDEaq4plnI/+p0rwQGmIAwBcGNtq4GlCZ8/tGmp1ZsC2H/5dXwuVOSGBXgsTp
FMpMYke+fblzbrt7y3wilLPU9vH36NO47K4QYK8zxboY4RlJG3tvxvtRBqN1h/YH
hrh7fWFVWCz/xcPYdx3+NJEJ9+WDFEsr9trVvykvrrd42ivL6v/JOAmgsjisjCUq
sVqpg0eWMpeT9wiq0er7gC1+U5vNp4Za0JVdzc6L0AdpAgSS/ascCHy97q4juDn+
Zf8nebnlfpTTSdELKDORnsxQnuMNfRZeHRoLOeO9f0grvBxl3tXg00nMqPPoPlVL
WaQBKaRUhBSUuA+DR8nfk2+bc+TuvnyTS3ivWD4RtLCqalY04e+ktf162DY4F7Yc
I1fqWsGR/l7bTzLqF5N9+P5UYZAS0lHXzcC5G+qWfz3jE48Dy6o5bu3q/ze+djmT
cJqXNC4MnP8eZtmbptmHBxAuP0Rz4qdnzxm5c9N8p/UJhOh8O0c9L7mMRQpugJLS
X2kF+nbvnMkLE6LUU1wmhUnf4qjdXX/bemUA8U6vkfqbr8mlJZc=
=1FOu
—–END PGP SIGNATURE—–
—