SUSE-SU-2018:2074-1

Опубликовано: 26 июл. 2018

Источник: suse-cvrf

Описание

Security update for libsndfile

This update for libsndfile fixes the following issues:

Security issues fixed:

CVE-2018-13139: Fix a stack-based buffer overflow in psf_memset in common.c that allows remote attackers to cause a denial of service (bsc#1100167).
CVE-2017-17456: Prevent segmentation fault in the function d2alaw_array() that may have lead to a remote DoS (bsc#1071777)
CVE-2017-17457: Prevent segmentation fault in the function d2ulaw_array() that may have lead to a remote DoS, a different vulnerability than CVE-2017-14246 (bsc#1071767)

Список пакетов

SUSE Linux Enterprise Module for Basesystem 15

libsndfile-devel-1.0.28-5.5.1

libsndfile1-1.0.28-5.5.1

Ссылки

https://www.suse.com/support/update/announcement/2018/suse-su-20182074-1/
Link for SUSE-SU-2018:2074-1
https://lists.suse.com/pipermail/sle-security-updates/2018-July/004320.html
E-Mail link for SUSE-SU-2018:2074-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1071767
SUSE Bug 1071767
https://bugzilla.suse.com/1071777
SUSE Bug 1071777
https://bugzilla.suse.com/1100167
SUSE Bug 1100167
https://www.suse.com/security/cve/CVE-2017-17456/
SUSE CVE CVE-2017-17456 page
https://www.suse.com/security/cve/CVE-2017-17457/
SUSE CVE CVE-2017-17457 page
https://www.suse.com/security/cve/CVE-2018-13139/
SUSE CVE CVE-2018-13139 page

Описание

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-14245. Reason: This candidate is a duplicate of CVE-2017-14245. Notes: All CVE users should reference CVE-2017-14245 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage

Затронутые продукты

SUSE Linux Enterprise Module for Basesystem 15:libsndfile-devel-1.0.28-5.5.1

SUSE Linux Enterprise Module for Basesystem 15:libsndfile1-1.0.28-5.5.1

Ссылки

https://www.suse.com/security/cve/CVE-2017-17456.html
CVE-2017-17456
https://bugzilla.suse.com/1059912
SUSE Bug 1059912
https://bugzilla.suse.com/1071777
SUSE Bug 1071777
https://bugzilla.suse.com/1117906
SUSE Bug 1117906

Описание

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-14246. Reason: This candidate is a duplicate of CVE-2017-14246. Notes: All CVE users should reference CVE-2017-14246 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage

Затронутые продукты

SUSE Linux Enterprise Module for Basesystem 15:libsndfile-devel-1.0.28-5.5.1

SUSE Linux Enterprise Module for Basesystem 15:libsndfile1-1.0.28-5.5.1

Ссылки

https://www.suse.com/security/cve/CVE-2017-17457.html
CVE-2017-17457
https://bugzilla.suse.com/1059913
SUSE Bug 1059913
https://bugzilla.suse.com/1071767
SUSE Bug 1071767
https://bugzilla.suse.com/1117906
SUSE Bug 1117906

Описание

A stack-based buffer overflow in psf_memset in common.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted audio file. The vulnerability can be triggered by the executable sndfile-deinterleave.

Затронутые продукты

SUSE Linux Enterprise Module for Basesystem 15:libsndfile-devel-1.0.28-5.5.1

SUSE Linux Enterprise Module for Basesystem 15:libsndfile1-1.0.28-5.5.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-13139.html
CVE-2018-13139
https://bugzilla.suse.com/1100167
SUSE Bug 1100167
https://bugzilla.suse.com/1116993
SUSE Bug 1116993
https://bugzilla.suse.com/1211493
SUSE Bug 1211493

SUSE-SU-2018:2074-1

Описание

Список пакетов

SUSE Linux Enterprise Module for Basesystem 15

Ссылки

Уязвимость: CVE-2017-17456

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2017-17457

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2018-13139

Описание

Затронутые продукты

Ссылки