USN-2787-1 audiofile vulnerability
Severity
Medium
Vendor
audiofile
Versions Affected
- Ubuntu 14.04
Description
Fabrizio Gennari discovered that audiofile incorrectly handled changing both the sample format and the number of channels. If a user or automated system were tricked into processing a specially crafted file, audiofile could be made to crash, leading to a denial of service, or possibly execute arbitrary code.
The Cloud Foundry project released a new Cloud Foundry rootfs, cflinuxfs2 v.1.14.0, that has the patch.
Pivotal is releasing an updated version of Pivotal Cloud Foundry Elastic Runtime which references this patched CF rootfs.
Affected VMware Products and Versions
Severity is medium unless otherwise noted.
- All versions of Cloud Foundry cflinuxfs2 prior to v.1.19.0.
- Pivotal Cloud Foundry Elastic Runtime pre-1.6.5 versions.
Mitigation
Users of affected versions should apply the following mitigation:
- The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs2 v.1.14.0 or later versions.
- Pivotal recommends that customers upgrade to the 1.6.5 or later versions of Pivotal Cloud Foundry Elastic Runtime.
Credit
Fabrizio Gennari