<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body>
<div class="gmail_quote">==============================<wbr>==============================<wbr>==============<br>
Ubuntu Security Notice USN-5904-1<br>
March 02, 2023<br>
<br>
sox vulnerabilities<br>
==============================<wbr>==============================<wbr>==============<br>
<br>
A security issue affects these releases of Ubuntu and its
derivatives:<br>
<br>
- Ubuntu 22.10<br>
- Ubuntu 22.04 LTS<br>
- Ubuntu 20.04 LTS<br>
- Ubuntu 18.04 LTS<br>
- Ubuntu 16.04 ESM<br>
- Ubuntu 14.04 ESM<br>
<br>
Summary:<br>
<br>
Several security issues were fixed in SoX.<br>
<br>
Software Description:<br>
- sox: Swiss army knife of sound processing<br>
<br>
Details:<br>
<br>
Helmut Grohne discovered that SoX incorrectly handled certain
inputs. If a<br>
user or an automated system were tricked into opening a specially
crafted<br>
input file, a remote attacker could possibly use this issue to
cause a<br>
denial of service. This issue only affected Ubuntu 14.04 LTS,
Ubuntu 16.04 LTS,<br>
and Ubuntu 18.04 LTS. (CVE-2019-13590)<br>
<br>
Helmut Grohne discovered that SoX incorrectly handled certain
inputs. If a<br>
user or an automated system were tricked into opening a specially
crafted<br>
input file, a remote attacker could possibly use this issue to
cause a<br>
denial of service. (CVE-2021-23159, CVE-2021-23172,
CVE-2021-23210,<br>
CVE-2021-33844, CVE-2021-3643, CVE-2021-40426, CVE-2022-31650, and<br>
CVE-2022-31651)<br>
<br>
Update instructions:<br>
<br>
The problem can be corrected by updating your system to the
following<br>
package versions:<br>
<br>
Ubuntu 22.10:<br>
libsox3 14.4.2+git20190427-3ubuntu0.1<br>
sox 14.4.2+git20190427-3ubuntu0.1<br>
<br>
Ubuntu 22.04 LTS:<br>
libsox3 14.4.2+git20190427-2+deb11u1b<wbr>uild0.22.04.1<br>
sox 14.4.2+git20190427-2+deb11u1b<wbr>uild0.22.04.1<br>
<br>
Ubuntu 20.04 LTS:<br>
libsox3 14.4.2+git20190427-2+deb11u1b<wbr>uild0.20.04.1<br>
sox 14.4.2+git20190427-2+deb11u1b<wbr>uild0.20.04.1<br>
<br>
Ubuntu 18.04 LTS:<br>
libsox3 14.4.2-3ubuntu0.18.04.2<br>
sox 14.4.2-3ubuntu0.18.04.2<br>
<br>
Ubuntu 16.04 ESM:<br>
libsox2 14.4.1-5+deb8u4ubuntu0.1+esm1<br>
sox 14.4.1-5+deb8u4ubuntu0.1+esm1<br>
<br>
Ubuntu 14.04 ESM:<br>
libsox2 14.4.1-3ubuntu1.1+esm2<br>
sox 14.4.1-3ubuntu1.1+esm2<br>
<br>
In general, a standard system update will make all the necessary
changes.<br>
<br>
References:<br>
<span> </span><a
href="https://ubuntu.com/security/notices/USN-5904-1"
rel="noreferrer" target="_blank"
data-saferedirecturl="https://www.google.com/url?q=https://ubuntu.com/security/notices/USN-5904-1&source=gmail&ust=1677844026768000&usg=AOvVaw3iRCdH3EqE54ZsORan7lqm"
style="color: rgb(17, 85, 204);">https://ubuntu.com/security/no<wbr>tices/USN-5904-1</a><br>
CVE-2019-13590, CVE-2021-23159, CVE-2021-23172, CVE-2021-23210,<br>
CVE-2021-33844, CVE-2021-3643, CVE-2021-40426, CVE-2022-31650,<br>
CVE-2022-31651<br>
<br>
Package Information:<br>
<span> </span><a
href="https://launchpad.net/ubuntu/+source/sox/14.4.2+git20190427-3ubuntu0.1"
rel="noreferrer" target="_blank"
data-saferedirecturl="https://www.google.com/url?q=https://launchpad.net/ubuntu/%2Bsource/sox/14.4.2%2Bgit20190427-3ubuntu0.1&source=gmail&ust=1677844026768000&usg=AOvVaw3od0SZwEkALer8K7qypp5b"
style="color: rgb(17, 85, 204);">https://launchpad.net/ubuntu/+<wbr>source/sox/14.4.2+git20190427-<wbr>3ubuntu0.1</a><br>
<span> </span><a
href="https://launchpad.net/ubuntu/+source/sox/14.4.2+git20190427-2+deb11u1build0.22.04.1"
rel="noreferrer" target="_blank"
data-saferedirecturl="https://www.google.com/url?q=https://launchpad.net/ubuntu/%2Bsource/sox/14.4.2%2Bgit20190427-2%2Bdeb11u1build0.22.04.1&source=gmail&ust=1677844026768000&usg=AOvVaw0jfjMuchs73drtD1XiWm5N"
style="color: rgb(17, 85, 204);">https://launchpad.net/ubuntu/+<wbr>source/sox/14.4.2+git20190427-<wbr>2+deb11u1build0.22.04.1</a><br>
<span> </span><a
href="https://launchpad.net/ubuntu/+source/sox/14.4.2+git20190427-2+deb11u1build0.20.04.1"
rel="noreferrer" target="_blank"
data-saferedirecturl="https://www.google.com/url?q=https://launchpad.net/ubuntu/%2Bsource/sox/14.4.2%2Bgit20190427-2%2Bdeb11u1build0.20.04.1&source=gmail&ust=1677844026768000&usg=AOvVaw3oDvfMXVpUL7N8Dafwp2rR"
style="color: rgb(17, 85, 204);">https://launchpad.net/ubuntu/+<wbr>source/sox/14.4.2+git20190427-<wbr>2+deb11u1build0.20.04.1</a><br>
<span> </span><a
href="https://launchpad.net/ubuntu/+source/sox/14.4.2-3ubuntu0.18.04.2"
rel="noreferrer" target="_blank"
data-saferedirecturl="https://www.google.com/url?q=https://launchpad.net/ubuntu/%2Bsource/sox/14.4.2-3ubuntu0.18.04.2&source=gmail&ust=1677844026768000&usg=AOvVaw2lNoRCjaRTmPiHnpNBM9b1"
style="color: rgb(17, 85, 204);">https://launchpad.net/ubuntu/+<wbr>source/sox/14.4.2-3ubuntu0.18.<wbr>04.2</a><br>
</div>
<br clear="all">
<div><br style="color: rgb(34, 34, 34); font-family: Arial,
Helvetica, sans-serif; font-size: small; font-style: normal;
font-variant-ligatures: normal; font-variant-caps: normal;
font-weight: 400; letter-spacing: normal; orphans: 2;
text-align: start; text-indent: 0px; text-transform: none;
white-space: normal; widows: 2; word-spacing: 0px;
-webkit-text-stroke-width: 0px; background-color: rgb(255, 255,
255); text-decoration-thickness: initial; text-decoration-style:
initial; text-decoration-color: initial;">
<br>
</div>
<p></p>
</body>
</html>