ALAS2-2019-1352

Amazon Linux 2 Security Advisory: ALAS-2019-1352
Advisory Release Date: 2019-11-04 22:27 Pacific
Advisory Updated Date: 2019-11-07 00:31 Pacific

Severity: Low

References: CVE-2017-18189
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

A NULL pointer dereference flaw found in the way SoX handled processing of AIFF files. An attacker could potentially use this flaw to crash the SoX application by tricking it into processing crafted AIFF files.(CVE-2017-18189)

Affected Packages:

sox

Note:

This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.

Issue Correction:
Run yum update sox to update your system.

New Packages:

aarch64:
    sox-14.4.1-7.amzn2.aarch64
    sox-devel-14.4.1-7.amzn2.aarch64
    sox-debuginfo-14.4.1-7.amzn2.aarch64

i686:
    sox-14.4.1-7.amzn2.i686
    sox-devel-14.4.1-7.amzn2.i686
    sox-debuginfo-14.4.1-7.amzn2.i686

src:
    sox-14.4.1-7.amzn2.src

x86_64:
    sox-14.4.1-7.amzn2.x86_64
    sox-devel-14.4.1-7.amzn2.x86_64
    sox-debuginfo-14.4.1-7.amzn2.x86_64

Additional References

Red Hat: CVE-2017-18189

Mitre: CVE-2017-18189