Описание
ELSA-2020-3877: audiofile security update (MODERATE)
[1:0.3.6-9]
- Apply security patches. CVE-2018-17095, CVE-2018-13440
- Resolves: rhbz#1600369, rhbz#1601014, rhbz#1637128
[1:0.3.6-8]
- Escape macros in %changelog
[1:0.3.6-7]
- Merge upstream pull requests #42,#43,#44 from Agostino Sarubbo to fix security issues. CVE-2017-6827, CVE-2017-6828, CVE-2017-6829, CVE-2017-6830, CVE-2017-6831, CVE-2017-6832, CVE-2017-6833, CVE-2017-6834, CVE-2017-6835, CVE-2017-6836, CVE-2017-6837, CVE-2017-6838, CVE-2017-6839
[1:0.3.6-6]
- patch to compile with GCC 6
[1:0.3.6-5]
- Merge fix from upstream pull request #25 for CVE-2015-7747. Test conversion from e.g. 16-bit LE stereo to 8-bit LE mono no longer causes corruption.
Обновленные пакеты
Oracle Linux 7
Oracle Linux aarch64
audiofile
0.3.6-9.el7
audiofile-devel
0.3.6-9.el7
Oracle Linux x86_64
audiofile
0.3.6-9.el7
audiofile-devel
0.3.6-9.el7
Связанные CVE
Связанные уязвимости
The audiofile Audio File Library 0.3.6 has a NULL pointer dereference bug in ModuleState::setup in modules/ModuleState.cpp, which allows an attacker to cause a denial of service via a crafted caf file, as demonstrated by sfconvert.
The audiofile Audio File Library 0.3.6 has a NULL pointer dereference bug in ModuleState::setup in modules/ModuleState.cpp, which allows an attacker to cause a denial of service via a crafted caf file, as demonstrated by sfconvert.
The audiofile Audio File Library 0.3.6 has a NULL pointer dereference bug in ModuleState::setup in modules/ModuleState.cpp, which allows an attacker to cause a denial of service via a crafted caf file, as demonstrated by sfconvert.
The audiofile Audio File Library 0.3.6 has a NULL pointer dereference ...
An issue has been discovered in mpruett Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0. A heap-based buffer overflow in Expand3To4Module::run has occurred when running sfconvert.