Описание
Security update for libsndfile
This update for libsndfile fixes the following security issues:
- CVE-2017-7586: A stack-based buffer overflow via a specially crafted FLAC file was fixed (error in the 'header_read()' function) (bsc#1033053)
- CVE-2017-7585,CVE-2017-7741, CVE-2017-7742: Several stack-based buffer overflows via a specially crafted FLAC file (error in the 'flac_buffer_copy()' function) were fixed (bsc#1033054,bsc#1033915,bsc#1033914).
Список пакетов
SUSE Linux Enterprise Desktop 12 SP1
SUSE Linux Enterprise Desktop 12 SP2
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
SUSE Linux Enterprise Server for SAP Applications 12 SP1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
SUSE Linux Enterprise Software Development Kit 12 SP1
SUSE Linux Enterprise Software Development Kit 12 SP2
Ссылки
- Link for SUSE-SU-2017:1040-1
- E-Mail link for SUSE-SU-2017:1040-1
- SUSE Security Ratings
- SUSE Bug 1033053
- SUSE Bug 1033054
- SUSE Bug 1033914
- SUSE Bug 1033915
- SUSE CVE CVE-2017-7585 page
- SUSE CVE CVE-2017-7586 page
- SUSE CVE CVE-2017-7741 page
- SUSE CVE CVE-2017-7742 page
Описание
In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file.
Затронутые продукты
Ссылки
- CVE-2017-7585
- SUSE Bug 1033054
- SUSE Bug 1033914
- SUSE Bug 1033915
Описание
In libsndfile before 1.0.28, an error in the "header_read()" function (common.c) when handling ID3 tags can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file.
Затронутые продукты
Ссылки
- CVE-2017-7586
- SUSE Bug 1033053
Описание
In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a segmentation violation (with write memory access) via a specially crafted FLAC file during a resample attempt, a similar issue to CVE-2017-7585.
Затронутые продукты
Ссылки
- CVE-2017-7741
- SUSE Bug 1033054
- SUSE Bug 1033915
Описание
In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a segmentation violation (with read memory access) via a specially crafted FLAC file during a resample attempt, a similar issue to CVE-2017-7585.
Затронутые продукты
Ссылки
- CVE-2017-7742
- SUSE Bug 1033054
- SUSE Bug 1033914