Описание
Security update for audiofile
This update for audiofile fixes the following issues:
- CVE-2018-17095: A heap-based buffer overflow in Expand3To4Module::run could occurred when running sfconvert leading to crashes or code execution when handling untrusted soundfiles (bsc#1111586).
Список пакетов
SUSE Linux Enterprise Desktop 12 SP4
audiofile-0.3.6-11.3.1
libaudiofile1-0.3.6-11.3.1
libaudiofile1-32bit-0.3.6-11.3.1
SUSE Linux Enterprise Server 12 SP4
audiofile-0.3.6-11.3.1
libaudiofile1-0.3.6-11.3.1
libaudiofile1-32bit-0.3.6-11.3.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4
audiofile-0.3.6-11.3.1
libaudiofile1-0.3.6-11.3.1
libaudiofile1-32bit-0.3.6-11.3.1
SUSE Linux Enterprise Software Development Kit 12 SP4
audiofile-devel-0.3.6-11.3.1
Ссылки
- Link for SUSE-SU-2018:3588-2
- E-Mail link for SUSE-SU-2018:3588-2
- SUSE Security Ratings
- SUSE Bug 1111586
- SUSE CVE CVE-2018-17095 page
Описание
An issue has been discovered in mpruett Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0. A heap-based buffer overflow in Expand3To4Module::run has occurred when running sfconvert.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP4:audiofile-0.3.6-11.3.1
SUSE Linux Enterprise Desktop 12 SP4:libaudiofile1-0.3.6-11.3.1
SUSE Linux Enterprise Desktop 12 SP4:libaudiofile1-32bit-0.3.6-11.3.1
SUSE Linux Enterprise Server 12 SP4:audiofile-0.3.6-11.3.1
Ссылки
- CVE-2018-17095
- SUSE Bug 1111586