Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2018:3606-2

Опубликовано: 10 дек. 2018
Источник: suse-cvrf

Описание

Security update for soundtouch

This update for soundtouch fixes the following issues:

  • CVE-2018-17098: The WavFileBase class allowed remote attackers to cause a denial of service (heap corruption from size inconsistency) or possibly have unspecified other impact, as demonstrated by SoundStretch. (bsc#1108632)
  • CVE-2018-17097: The WavFileBase class allowed remote attackers to cause a denial of service (double free) or possibly have unspecified other impact, as demonstrated by SoundStretch. (double free) (bsc#1108631)
  • CVE-2018-17096: The BPMDetect class allowed remote attackers to cause a denial of service (assertion failure and application exit), as demonstrated by SoundStretch. (bsc#1108630)

Список пакетов

SUSE Linux Enterprise Desktop 12 SP4
libSoundTouch0-1.7.1-5.6.1
libSoundTouch0-32bit-1.7.1-5.6.1
soundtouch-1.7.1-5.6.1
SUSE Linux Enterprise Server 12 SP4
libSoundTouch0-1.7.1-5.6.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4
libSoundTouch0-1.7.1-5.6.1
SUSE Linux Enterprise Software Development Kit 12 SP4
soundtouch-1.7.1-5.6.1
soundtouch-devel-1.7.1-5.6.1
SUSE Linux Enterprise Workstation Extension 12 SP4
libSoundTouch0-32bit-1.7.1-5.6.1
soundtouch-1.7.1-5.6.1

Ссылки

Описание

The BPMDetect class in BPMDetect.cpp in libSoundTouch.a in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (assertion failure and application exit), as demonstrated by SoundStretch.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP4:libSoundTouch0-1.7.1-5.6.1
SUSE Linux Enterprise Desktop 12 SP4:libSoundTouch0-32bit-1.7.1-5.6.1
SUSE Linux Enterprise Desktop 12 SP4:soundtouch-1.7.1-5.6.1
SUSE Linux Enterprise Server 12 SP4:libSoundTouch0-1.7.1-5.6.1
Ссылки

Описание

The WavFileBase class in WavFile.cpp in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (double free) or possibly have unspecified other impact, as demonstrated by SoundStretch.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP4:libSoundTouch0-1.7.1-5.6.1
SUSE Linux Enterprise Desktop 12 SP4:libSoundTouch0-32bit-1.7.1-5.6.1
SUSE Linux Enterprise Desktop 12 SP4:soundtouch-1.7.1-5.6.1
SUSE Linux Enterprise Server 12 SP4:libSoundTouch0-1.7.1-5.6.1
Ссылки

Описание

The WavFileBase class in WavFile.cpp in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (heap corruption from size inconsistency) or possibly have unspecified other impact, as demonstrated by SoundStretch.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP4:libSoundTouch0-1.7.1-5.6.1
SUSE Linux Enterprise Desktop 12 SP4:libSoundTouch0-32bit-1.7.1-5.6.1
SUSE Linux Enterprise Desktop 12 SP4:soundtouch-1.7.1-5.6.1
SUSE Linux Enterprise Server 12 SP4:libSoundTouch0-1.7.1-5.6.1
Ссылки