Описание
Security update for libsndfile
The libsndfile package was updated to fix the following security issue:
- CVE-2014-9756: Fixed a divide by zero problem that can lead to a Denial of Service (DoS) (bsc#953521).
- CVE-2015-7805: Fixed heap overflow issue (bsc#953516).
Список пакетов
SUSE Linux Enterprise Desktop 11 SP3
libsndfile-1.0.20-2.10.2
libsndfile-32bit-1.0.20-2.10.2
SUSE Linux Enterprise Desktop 11 SP4
libsndfile-1.0.20-2.10.2
libsndfile-32bit-1.0.20-2.10.2
SUSE Linux Enterprise Server 11 SP3
libsndfile-1.0.20-2.10.2
libsndfile-32bit-1.0.20-2.10.2
libsndfile-x86-1.0.20-2.10.2
SUSE Linux Enterprise Server 11 SP3-TERADATA
libsndfile-1.0.20-2.10.2
libsndfile-32bit-1.0.20-2.10.2
libsndfile-x86-1.0.20-2.10.2
SUSE Linux Enterprise Server 11 SP4
libsndfile-1.0.20-2.10.2
libsndfile-32bit-1.0.20-2.10.2
libsndfile-x86-1.0.20-2.10.2
SUSE Linux Enterprise Server for SAP Applications 11 SP3
libsndfile-1.0.20-2.10.2
libsndfile-32bit-1.0.20-2.10.2
libsndfile-x86-1.0.20-2.10.2
SUSE Linux Enterprise Server for SAP Applications 11 SP4
libsndfile-1.0.20-2.10.2
libsndfile-32bit-1.0.20-2.10.2
libsndfile-x86-1.0.20-2.10.2
SUSE Linux Enterprise Software Development Kit 11 SP3
libsndfile-devel-1.0.20-2.10.2
SUSE Linux Enterprise Software Development Kit 11 SP4
libsndfile-devel-1.0.20-2.10.2
Ссылки
- Link for SUSE-SU-2015:1979-1
- E-Mail link for SUSE-SU-2015:1979-1
- SUSE Security Ratings
- SUSE Bug 953516
- SUSE Bug 953521
- SUSE CVE CVE-2014-9756 page
- SUSE CVE CVE-2015-7805 page
Описание
The psf_fwrite function in file_io.c in libsndfile allows attackers to cause a denial of service (divide-by-zero error and application crash) via unspecified vectors related to the headindex variable.
Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP3:libsndfile-1.0.20-2.10.2
SUSE Linux Enterprise Desktop 11 SP3:libsndfile-32bit-1.0.20-2.10.2
SUSE Linux Enterprise Desktop 11 SP4:libsndfile-1.0.20-2.10.2
SUSE Linux Enterprise Desktop 11 SP4:libsndfile-32bit-1.0.20-2.10.2
Ссылки
- CVE-2014-9756
- SUSE Bug 953516
- SUSE Bug 953519
- SUSE Bug 953521
Описание
Heap-based buffer overflow in libsndfile 1.0.25 allows remote attackers to have unspecified impact via the headindex value in the header in an AIFF file.
Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP3:libsndfile-1.0.20-2.10.2
SUSE Linux Enterprise Desktop 11 SP3:libsndfile-32bit-1.0.20-2.10.2
SUSE Linux Enterprise Desktop 11 SP4:libsndfile-1.0.20-2.10.2
SUSE Linux Enterprise Desktop 11 SP4:libsndfile-32bit-1.0.20-2.10.2
Ссылки
- CVE-2015-7805
- SUSE Bug 953516
- SUSE Bug 953519