Описание
Security update for libsndfile
The libsndfile package was updated to fix the following security issue:
- CVE-2014-9756: Fixed a divide by zero problem that can lead to a Denial of Service (DoS) (bsc#953521).
- CVE-2015-7805: Fixed heap overflow issue (bsc#953516).
- CVE-2015-8075: Fixed heap overflow issue (bsc#953519).
Список пакетов
SUSE Linux Enterprise Desktop 12 SP1
libsndfile1-1.0.25-25.1
libsndfile1-32bit-1.0.25-25.1
SUSE Linux Enterprise Server 12 SP1
libsndfile1-1.0.25-25.1
libsndfile1-32bit-1.0.25-25.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1
libsndfile1-1.0.25-25.1
libsndfile1-32bit-1.0.25-25.1
SUSE Linux Enterprise Software Development Kit 12 SP1
libsndfile-devel-1.0.25-25.1
Ссылки
- Link for SUSE-SU-2015:2000-2
- E-Mail link for SUSE-SU-2015:2000-2
- SUSE Security Ratings
- SUSE Bug 953516
- SUSE Bug 953519
- SUSE Bug 953521
- SUSE CVE CVE-2014-9756 page
- SUSE CVE CVE-2015-7805 page
- SUSE CVE CVE-2015-8075 page
Описание
The psf_fwrite function in file_io.c in libsndfile allows attackers to cause a denial of service (divide-by-zero error and application crash) via unspecified vectors related to the headindex variable.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:libsndfile1-1.0.25-25.1
SUSE Linux Enterprise Desktop 12 SP1:libsndfile1-32bit-1.0.25-25.1
SUSE Linux Enterprise Server 12 SP1:libsndfile1-1.0.25-25.1
SUSE Linux Enterprise Server 12 SP1:libsndfile1-32bit-1.0.25-25.1
Ссылки
- CVE-2014-9756
- SUSE Bug 953516
- SUSE Bug 953519
- SUSE Bug 953521
Описание
Heap-based buffer overflow in libsndfile 1.0.25 allows remote attackers to have unspecified impact via the headindex value in the header in an AIFF file.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:libsndfile1-1.0.25-25.1
SUSE Linux Enterprise Desktop 12 SP1:libsndfile1-32bit-1.0.25-25.1
SUSE Linux Enterprise Server 12 SP1:libsndfile1-1.0.25-25.1
SUSE Linux Enterprise Server 12 SP1:libsndfile1-32bit-1.0.25-25.1
Ссылки
- CVE-2015-7805
- SUSE Bug 953516
- SUSE Bug 953519
Описание
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:libsndfile1-1.0.25-25.1
SUSE Linux Enterprise Desktop 12 SP1:libsndfile1-32bit-1.0.25-25.1
SUSE Linux Enterprise Server 12 SP1:libsndfile1-1.0.25-25.1
SUSE Linux Enterprise Server 12 SP1:libsndfile1-32bit-1.0.25-25.1
Ссылки
- CVE-2015-8075
- SUSE Bug 953516
- SUSE Bug 953519