Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2018:2065-1

Опубликовано: 26 июл. 2018
Источник: suse-cvrf

Описание

Security update for libsndfile

This update for libsndfile fixes the following issues:

Security issues fixed:

  • CVE-2018-13139: Fix a stack-based buffer overflow in psf_memset in common.c that allows remote attackers to cause a denial of service (bsc#1100167).
  • CVE-2017-17456: Prevent segmentation fault in the function d2alaw_array() that may have lead to a remote DoS (bsc#1071777)
  • CVE-2017-17457: Prevent segmentation fault in the function d2ulaw_array() that may have lead to a remote DoS, a different vulnerability than CVE-2017-14246 (bsc#1071767)

Список пакетов

SUSE Linux Enterprise Desktop 12 SP3
libsndfile1-1.0.25-36.13.1
libsndfile1-32bit-1.0.25-36.13.1
SUSE Linux Enterprise Server 12 SP3
libsndfile1-1.0.25-36.13.1
libsndfile1-32bit-1.0.25-36.13.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
libsndfile1-1.0.25-36.13.1
libsndfile1-32bit-1.0.25-36.13.1
SUSE Linux Enterprise Software Development Kit 12 SP3
libsndfile-devel-1.0.25-36.13.1

Ссылки

Описание

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-14245. Reason: This candidate is a duplicate of CVE-2017-14245. Notes: All CVE users should reference CVE-2017-14245 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP3:libsndfile1-1.0.25-36.13.1
SUSE Linux Enterprise Desktop 12 SP3:libsndfile1-32bit-1.0.25-36.13.1
SUSE Linux Enterprise Server 12 SP3:libsndfile1-1.0.25-36.13.1
SUSE Linux Enterprise Server 12 SP3:libsndfile1-32bit-1.0.25-36.13.1
Ссылки

Описание

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-14246. Reason: This candidate is a duplicate of CVE-2017-14246. Notes: All CVE users should reference CVE-2017-14246 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP3:libsndfile1-1.0.25-36.13.1
SUSE Linux Enterprise Desktop 12 SP3:libsndfile1-32bit-1.0.25-36.13.1
SUSE Linux Enterprise Server 12 SP3:libsndfile1-1.0.25-36.13.1
SUSE Linux Enterprise Server 12 SP3:libsndfile1-32bit-1.0.25-36.13.1
Ссылки

Описание

A stack-based buffer overflow in psf_memset in common.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted audio file. The vulnerability can be triggered by the executable sndfile-deinterleave.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP3:libsndfile1-1.0.25-36.13.1
SUSE Linux Enterprise Desktop 12 SP3:libsndfile1-32bit-1.0.25-36.13.1
SUSE Linux Enterprise Server 12 SP3:libsndfile1-1.0.25-36.13.1
SUSE Linux Enterprise Server 12 SP3:libsndfile1-32bit-1.0.25-36.13.1
Ссылки