Описание
Security update for wavpack
This update for wavpack fixes the following issues:
Security issues fixed:
- CVE-2018-19840: Fixed a denial-of-service in the WavpackPackInit function from pack_utils.c (bsc#1120930)
- CVE-2018-19841: Fixed a denial-of-service in the WavpackVerifySingleBlock function from open_utils.c (bsc#1120929)
Список пакетов
Image SLES15-SP1-SAPCAL-Azure
libwavpack1-5.1.0-4.3.5
Image SLES15-SP1-SAPCAL-EC2-HVM
libwavpack1-5.1.0-4.3.5
Image SLES15-SP1-SAPCAL-GCE
libwavpack1-5.1.0-4.3.5
Image SLES15-SP3-EC2-HVM
libwavpack1-5.1.0-4.3.5
Image SLES15-SP3-SAP-Azure
libwavpack1-5.1.0-4.3.5
Image SLES15-SP3-SAP-EC2-HVM
libwavpack1-5.1.0-4.3.5
Image SLES15-SP3-SAP-GCE
libwavpack1-5.1.0-4.3.5
Image SLES15-SP3-SAPCAL-Azure
libwavpack1-5.1.0-4.3.5
Image SLES15-SP3-SAPCAL-EC2-HVM
libwavpack1-5.1.0-4.3.5
Image SLES15-SP3-SAPCAL-GCE
libwavpack1-5.1.0-4.3.5
Image SLES15-SP4-SAP
libwavpack1-5.1.0-4.3.5
Image SLES15-SP4-SAP-Azure
libwavpack1-5.1.0-4.3.5
Image SLES15-SP4-SAP-EC2
libwavpack1-5.1.0-4.3.5
Image SLES15-SP4-SAP-GCE
libwavpack1-5.1.0-4.3.5
Image SLES15-SP4-SAPCAL
libwavpack1-5.1.0-4.3.5
Image SLES15-SP4-SAPCAL-Azure
libwavpack1-5.1.0-4.3.5
Image SLES15-SP4-SAPCAL-EC2
libwavpack1-5.1.0-4.3.5
Image SLES15-SP4-SAPCAL-GCE
libwavpack1-5.1.0-4.3.5
Image SLES15-SP5-SAP-Azure
libwavpack1-5.1.0-4.3.5
Image SLES15-SP5-SAP-EC2
libwavpack1-5.1.0-4.3.5
Image SLES15-SP5-SAP-GCE
libwavpack1-5.1.0-4.3.5
Image SLES15-SP5-SAPCAL-Azure
libwavpack1-5.1.0-4.3.5
Image SLES15-SP5-SAPCAL-EC2
libwavpack1-5.1.0-4.3.5
Image SLES15-SP5-SAPCAL-GCE
libwavpack1-5.1.0-4.3.5
Image SLES15-SP6-SAP
libwavpack1-5.1.0-4.3.5
Image SLES15-SP6-SAP-Azure
libwavpack1-5.1.0-4.3.5
Image SLES15-SP6-SAP-EC2
libwavpack1-5.1.0-4.3.5
Image SLES15-SP6-SAP-GCE
libwavpack1-5.1.0-4.3.5
Image SLES15-SP6-SAPCAL
libwavpack1-5.1.0-4.3.5
Image SLES15-SP6-SAPCAL-Azure
libwavpack1-5.1.0-4.3.5
Image SLES15-SP6-SAPCAL-EC2
libwavpack1-5.1.0-4.3.5
Image SLES15-SP6-SAPCAL-GCE
libwavpack1-5.1.0-4.3.5
Image SLES15-SP7-SAPCAL-Azure
libwavpack1-5.1.0-4.3.5
Image SLES15-SP7-SAPCAL-EC2
libwavpack1-5.1.0-4.3.5
Image SLES15-SP7-SAPCAL-GCE
libwavpack1-5.1.0-4.3.5
SUSE Linux Enterprise Module for Basesystem 15
libwavpack1-5.1.0-4.3.5
SUSE Linux Enterprise Module for Desktop Applications 15
wavpack-5.1.0-4.3.5
wavpack-devel-5.1.0-4.3.5
Ссылки
- Link for SUSE-SU-2019:0772-1
- E-Mail link for SUSE-SU-2019:0772-1
- SUSE Security Ratings
- SUSE Bug 1120929
- SUSE Bug 1120930
- SUSE CVE CVE-2018-19840 page
- SUSE CVE CVE-2018-19841 page
Описание
The function WavpackPackInit in pack_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (resource exhaustion caused by an infinite loop) via a crafted wav audio file because WavpackSetConfiguration64 mishandles a sample rate of zero.
Затронутые продукты
Image SLES15-SP1-SAPCAL-Azure:libwavpack1-5.1.0-4.3.5
Image SLES15-SP1-SAPCAL-EC2-HVM:libwavpack1-5.1.0-4.3.5
Image SLES15-SP1-SAPCAL-GCE:libwavpack1-5.1.0-4.3.5
Image SLES15-SP3-EC2-HVM:libwavpack1-5.1.0-4.3.5
Ссылки
- CVE-2018-19840
- SUSE Bug 1120930
Описание
The function WavpackVerifySingleBlock in open_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (out-of-bounds read and application crash) via a crafted WavPack Lossless Audio file, as demonstrated by wvunpack.
Затронутые продукты
Image SLES15-SP1-SAPCAL-Azure:libwavpack1-5.1.0-4.3.5
Image SLES15-SP1-SAPCAL-EC2-HVM:libwavpack1-5.1.0-4.3.5
Image SLES15-SP1-SAPCAL-GCE:libwavpack1-5.1.0-4.3.5
Image SLES15-SP3-EC2-HVM:libwavpack1-5.1.0-4.3.5
Ссылки
- CVE-2018-19841
- SUSE Bug 1120929