USN-5656-1: JACK vulnerability
4 October 2022
JACK could cause a crash in certain conditions.
- jackd2 - JACK Audio Connection Kit (server and example clients)
Joseph Yasi discovered that JACK incorrectly handled the closing of a socket
in certain conditions. An attacker could potentially use this issue to
cause a crash.
The problem can be corrected by updating your system to the following package versions:
- jackd2 - 1.9.10+20150825git1ed50c92~dfsg-1ubuntu1+esm1
- jackd2-firewire - 1.9.10+20150825git1ed50c92~dfsg-1ubuntu1+esm1
- libjack-jackd2-0 - 1.9.10+20150825git1ed50c92~dfsg-1ubuntu1+esm1
In general, a standard system update will make all the necessary changes.