Cloud Foundry Logo
blog single gear
Security Advisory

USN-2787-1 audiofile vulnerability

USN-2787-1 audiofile vulnerability

Severity

Medium

Vendor

audiofile

Versions Affected

  • Ubuntu 14.04

Description

Fabrizio Gennari discovered that audiofile incorrectly handled changing both the sample format and the number of channels. If a user or automated system were tricked into processing a specially crafted file, audiofile could be made to crash, leading to a denial of service, or possibly execute arbitrary code.

The Cloud Foundry project released a new Cloud Foundry rootfs, cflinuxfs2 v.1.14.0, that has the patch.

Affected Products and Versions

Severity is medium unless otherwise noted.

  • All versions of Cloud Foundry cflinuxfs2 prior to v.1.19.0.

Mitigation

Users of affected versions should apply the following mitigation:

  • The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs2 v.1.14.0 or later versions.

Credit

Fabrizio Gennari

References

Cloud Foundry Foundation Security Team Profile Image

Cloud Foundry Foundation Security Team, AUTHOR

SEE ALL ARTICLES