Описание
Security update for libsndfile
This update for libsndfile fixes the following issues:
Security issues fixed:
- CVE-2017-17456: Prevent segmentation fault in the function d2alaw_array() that may have lead to a remote DoS (bsc#1071777).
- CVE-2017-17457: Prevent segmentation fault in the function d2ulaw_array() that may have lead to a remote DoS, a different vulnerability than CVE-2017-14246 (bsc#1071767).
- CVE-2018-19758: Fixed a heap-based buffer over-read at wav.c in wav_write_header that could have been used for a denial of service attack (bsc#1117954).
Список пакетов
SUSE Linux Enterprise Server 11 SP4
SUSE Linux Enterprise Server for SAP Applications 11 SP4
SUSE Linux Enterprise Software Development Kit 11 SP4
Ссылки
- Link for SUSE-SU-2019:14008-1
- E-Mail link for SUSE-SU-2019:14008-1
- SUSE Security Ratings
- SUSE Bug 1071767
- SUSE Bug 1071777
- SUSE Bug 1117954
- SUSE CVE CVE-2017-17456 page
- SUSE CVE CVE-2017-17457 page
- SUSE CVE CVE-2018-19758 page
Описание
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-14245. Reason: This candidate is a duplicate of CVE-2017-14245. Notes: All CVE users should reference CVE-2017-14245 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
Затронутые продукты
Ссылки
- CVE-2017-17456
- SUSE Bug 1059912
- SUSE Bug 1071777
- SUSE Bug 1117906
Описание
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-14246. Reason: This candidate is a duplicate of CVE-2017-14246. Notes: All CVE users should reference CVE-2017-14246 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
Затронутые продукты
Ссылки
- CVE-2017-17457
- SUSE Bug 1059913
- SUSE Bug 1071767
- SUSE Bug 1117906
Описание
There is a heap-based buffer over-read at wav.c in wav_write_header in libsndfile 1.0.28 that will cause a denial of service.
Затронутые продукты
Ссылки
- CVE-2018-19758
- SUSE Bug 1117954
- SUSE Bug 1125575