Описание
Security update for soundtouch
This update for soundtouch fixes the following security issue:
- CVE-2018-1000223: Prevent buffer overflow in WavInFile::readHeaderBlock() that could have resulted in arbitrary code execution when opening maliocius file in soundstretch utility (bsc#1103676)
Список пакетов
SUSE Linux Enterprise Desktop 12 SP3
libSoundTouch0-1.7.1-5.3.1
libSoundTouch0-32bit-1.7.1-5.3.1
soundtouch-1.7.1-5.3.1
SUSE Linux Enterprise Server 12 SP3
libSoundTouch0-1.7.1-5.3.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
libSoundTouch0-1.7.1-5.3.1
SUSE Linux Enterprise Software Development Kit 12 SP3
soundtouch-1.7.1-5.3.1
soundtouch-devel-1.7.1-5.3.1
SUSE Linux Enterprise Workstation Extension 12 SP3
libSoundTouch0-32bit-1.7.1-5.3.1
soundtouch-1.7.1-5.3.1
Ссылки
- Link for SUSE-SU-2018:3070-1
- E-Mail link for SUSE-SU-2018:3070-1
- SUSE Security Ratings
- SUSE Bug 1103676
- SUSE CVE CVE-2018-1000223 page
Описание
soundtouch version up to and including 2.0.0 contains a Buffer Overflow vulnerability in SoundStretch/WavFile.cpp:WavInFile::readHeaderBlock() that can result in arbitrary code execution. This attack appear to be exploitable via victim must open maliocius file in soundstretch utility.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP3:libSoundTouch0-1.7.1-5.3.1
SUSE Linux Enterprise Desktop 12 SP3:libSoundTouch0-32bit-1.7.1-5.3.1
SUSE Linux Enterprise Desktop 12 SP3:soundtouch-1.7.1-5.3.1
SUSE Linux Enterprise Server 12 SP3:libSoundTouch0-1.7.1-5.3.1
Ссылки
- CVE-2018-1000223
- SUSE Bug 1103676