Red Hat Customer Portal

Skip to main content

Security Advisory sox security update

Advisory: RHSA-2004:409-05
Type: Security Advisory
Severity: Important
Issued on: 2004-07-29
Last updated on: 2004-07-29
Affected Products: Red Hat Desktop (v. 3)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux WS (v. 3)
CVEs (cve.mitre.org): CVE-2004-0557

Details

Updated sox packages that fix buffer overflows in the WAV file handling
code are now available.

SoX (Sound eXchange) is a sound file format converter. SoX can convert
between many different digitized sound formats and perform simple sound
manipulation functions, including sound effects.

Buffer overflows existed in the parsing of WAV file header fields. It was
possible that a malicious WAV file could have caused arbitrary code to be
executed when the file was played or converted. The Common Vulnerabilities
and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0557
to these issues.

All users of sox should upgrade to these updated packages, which resolve
these issues as well as fix a number of minor bugs.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

Updated packages

Red Hat Desktop (v. 3)

SRPMS:
ftp://updates.redhat.com/rhn/public/2703533/sox/12.17.4-4.3/SRPMS/sox-12.17.4-4.3.src.rpm
Missing file
    MD5: 40158df8997fc3fcf257ce0f4948650f
ftp://updates.redhat.com/rhn/repository/NULL/sox/12.17.4-4.3/SRPMS/sox-12.17.4-4.3.src.rpm
Missing file
    MD5: 40158df8997fc3fcf257ce0f4948650f
 
IA-32:
ftp://updates.redhat.com/rhn/repository/NULL/sox/12.17.4-4.3/i386/sox-12.17.4-4.3.i386.rpm
Missing file
    MD5: 215224365c08b10de94dd2107fa96ace
ftp://updates.redhat.com/rhn/repository/NULL/sox-devel/12.17.4-4.3/i386/sox-devel-12.17.4-4.3.i386.rpm
Missing file
    MD5: 280a1993478f352ff7edfa0eaef55132
 
x86_64:
ftp://updates.redhat.com/rhn/repository/NULL/sox/12.17.4-4.3/x86_64/sox-12.17.4-4.3.x86_64.rpm
Missing file
    MD5: 92e357895cdfc4311c63812b580ef2c8
ftp://updates.redhat.com/rhn/repository/NULL/sox-devel/12.17.4-4.3/x86_64/sox-devel-12.17.4-4.3.x86_64.rpm
Missing file
    MD5: f49830a9982ff56d7f1afa446348559b
 
Red Hat Enterprise Linux AS (v. 3)

SRPMS:
ftp://updates.redhat.com/rhn/public/2703533/sox/12.17.4-4.3/SRPMS/sox-12.17.4-4.3.src.rpm
Missing file
    MD5: 40158df8997fc3fcf257ce0f4948650f
ftp://updates.redhat.com/rhn/repository/NULL/sox/12.17.4-4.3/SRPMS/sox-12.17.4-4.3.src.rpm
Missing file
    MD5: 40158df8997fc3fcf257ce0f4948650f
 
IA-32:
ftp://updates.redhat.com/rhn/repository/NULL/sox/12.17.4-4.3/i386/sox-12.17.4-4.3.i386.rpm
Missing file
    MD5: 215224365c08b10de94dd2107fa96ace
ftp://updates.redhat.com/rhn/repository/NULL/sox-devel/12.17.4-4.3/i386/sox-devel-12.17.4-4.3.i386.rpm
Missing file
    MD5: 280a1993478f352ff7edfa0eaef55132
 
IA-64:
ftp://updates.redhat.com/rhn/repository/NULL/sox/12.17.4-4.3/ia64/sox-12.17.4-4.3.ia64.rpm
Missing file
    MD5: aa0496e8d807e5cf8ea0c5ac76ba3025
ftp://updates.redhat.com/rhn/repository/NULL/sox-devel/12.17.4-4.3/ia64/sox-devel-12.17.4-4.3.ia64.rpm
Missing file
    MD5: 88782db6550e912d50d1b2642d1629b1
 
PPC:
ftp://updates.redhat.com/rhn/repository/NULL/sox/12.17.4-4.3/ppc/sox-12.17.4-4.3.ppc.rpm
Missing file
    MD5: 471a46afca8a9713f349b11a3b311efb
ftp://updates.redhat.com/rhn/repository/NULL/sox-devel/12.17.4-4.3/ppc/sox-devel-12.17.4-4.3.ppc.rpm
Missing file
    MD5: 143aeb239b70b7f0ced2ce83f50925de
 
s390:
ftp://updates.redhat.com/rhn/repository/NULL/sox/12.17.4-4.3/s390/sox-12.17.4-4.3.s390.rpm
Missing file
    MD5: fbf191cefb2ff1ceffc7eed7de147938
ftp://updates.redhat.com/rhn/repository/NULL/sox-devel/12.17.4-4.3/s390/sox-devel-12.17.4-4.3.s390.rpm
Missing file
    MD5: 5efc226a4128821c1218719e4a97f976
 
s390x:
ftp://updates.redhat.com/rhn/repository/NULL/sox/12.17.4-4.3/s390x/sox-12.17.4-4.3.s390x.rpm
Missing file
    MD5: 193e592c520af65afb0a0b45f597c9f9
ftp://updates.redhat.com/rhn/repository/NULL/sox-devel/12.17.4-4.3/s390x/sox-devel-12.17.4-4.3.s390x.rpm
Missing file
    MD5: 0ec54d5b4d5944313f719b2fcdb33fb4
 
x86_64:
ftp://updates.redhat.com/rhn/repository/NULL/sox/12.17.4-4.3/x86_64/sox-12.17.4-4.3.x86_64.rpm
Missing file
    MD5: 92e357895cdfc4311c63812b580ef2c8
ftp://updates.redhat.com/rhn/repository/NULL/sox-devel/12.17.4-4.3/x86_64/sox-devel-12.17.4-4.3.x86_64.rpm
Missing file
    MD5: f49830a9982ff56d7f1afa446348559b
 
Red Hat Enterprise Linux ES (v. 3)

SRPMS:
ftp://updates.redhat.com/rhn/public/2703533/sox/12.17.4-4.3/SRPMS/sox-12.17.4-4.3.src.rpm
Missing file
    MD5: 40158df8997fc3fcf257ce0f4948650f
ftp://updates.redhat.com/rhn/repository/NULL/sox/12.17.4-4.3/SRPMS/sox-12.17.4-4.3.src.rpm
Missing file
    MD5: 40158df8997fc3fcf257ce0f4948650f
 
IA-32:
ftp://updates.redhat.com/rhn/repository/NULL/sox/12.17.4-4.3/i386/sox-12.17.4-4.3.i386.rpm
Missing file
    MD5: 215224365c08b10de94dd2107fa96ace
ftp://updates.redhat.com/rhn/repository/NULL/sox-devel/12.17.4-4.3/i386/sox-devel-12.17.4-4.3.i386.rpm
Missing file
    MD5: 280a1993478f352ff7edfa0eaef55132
 
IA-64:
ftp://updates.redhat.com/rhn/repository/NULL/sox/12.17.4-4.3/ia64/sox-12.17.4-4.3.ia64.rpm
Missing file
    MD5: aa0496e8d807e5cf8ea0c5ac76ba3025
ftp://updates.redhat.com/rhn/repository/NULL/sox-devel/12.17.4-4.3/ia64/sox-devel-12.17.4-4.3.ia64.rpm
Missing file
    MD5: 88782db6550e912d50d1b2642d1629b1
 
x86_64:
ftp://updates.redhat.com/rhn/repository/NULL/sox/12.17.4-4.3/x86_64/sox-12.17.4-4.3.x86_64.rpm
Missing file
    MD5: 92e357895cdfc4311c63812b580ef2c8
ftp://updates.redhat.com/rhn/repository/NULL/sox-devel/12.17.4-4.3/x86_64/sox-devel-12.17.4-4.3.x86_64.rpm
Missing file
    MD5: f49830a9982ff56d7f1afa446348559b
 
Red Hat Enterprise Linux WS (v. 3)

SRPMS:
ftp://updates.redhat.com/rhn/public/2703533/sox/12.17.4-4.3/SRPMS/sox-12.17.4-4.3.src.rpm
Missing file
    MD5: 40158df8997fc3fcf257ce0f4948650f
ftp://updates.redhat.com/rhn/repository/NULL/sox/12.17.4-4.3/SRPMS/sox-12.17.4-4.3.src.rpm
Missing file
    MD5: 40158df8997fc3fcf257ce0f4948650f
 
IA-32:
ftp://updates.redhat.com/rhn/repository/NULL/sox/12.17.4-4.3/i386/sox-12.17.4-4.3.i386.rpm
Missing file
    MD5: 215224365c08b10de94dd2107fa96ace
ftp://updates.redhat.com/rhn/repository/NULL/sox-devel/12.17.4-4.3/i386/sox-devel-12.17.4-4.3.i386.rpm
Missing file
    MD5: 280a1993478f352ff7edfa0eaef55132
 
IA-64:
ftp://updates.redhat.com/rhn/repository/NULL/sox/12.17.4-4.3/ia64/sox-12.17.4-4.3.ia64.rpm
Missing file
    MD5: aa0496e8d807e5cf8ea0c5ac76ba3025
ftp://updates.redhat.com/rhn/repository/NULL/sox-devel/12.17.4-4.3/ia64/sox-devel-12.17.4-4.3.ia64.rpm
Missing file
    MD5: 88782db6550e912d50d1b2642d1629b1
 
x86_64:
ftp://updates.redhat.com/rhn/repository/NULL/sox/12.17.4-4.3/x86_64/sox-12.17.4-4.3.x86_64.rpm
Missing file
    MD5: 92e357895cdfc4311c63812b580ef2c8
ftp://updates.redhat.com/rhn/repository/NULL/sox-devel/12.17.4-4.3/x86_64/sox-devel-12.17.4-4.3.x86_64.rpm
Missing file
    MD5: f49830a9982ff56d7f1afa446348559b
 

Bugs fixed (see bugzilla for more information)

102499 - sox RPM does not install soxmix
127502 - -r option dumps core on x86_64
79151 - largefile support missing
91144 - SoX's soxplay doesn't except paths containg spaces


References


Keywords

sox, wav


These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/