Описание
Security update for audiofile
This update for audiofile fixes the following issues:
- CVE-2018-17095: A heap-based buffer overflow in Expand3To4Module::run could occurred when running sfconvert leading to crashes or code execution when handling untrusted soundfiles (bsc#1111586).
Список пакетов
SUSE Linux Enterprise Module for Desktop Applications 15
audiofile-devel-0.3.6-3.3.1
libaudiofile1-0.3.6-3.3.1
Ссылки
- Link for SUSE-SU-2018:3506-1
- E-Mail link for SUSE-SU-2018:3506-1
- SUSE Security Ratings
- SUSE Bug 1111586
- SUSE CVE CVE-2018-17095 page
Описание
An issue has been discovered in mpruett Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0. A heap-based buffer overflow in Expand3To4Module::run has occurred when running sfconvert.
Затронутые продукты
SUSE Linux Enterprise Module for Desktop Applications 15:audiofile-devel-0.3.6-3.3.1
SUSE Linux Enterprise Module for Desktop Applications 15:libaudiofile1-0.3.6-3.3.1
Ссылки
- CVE-2018-17095
- SUSE Bug 1111586