Описание
Security update for audiofile
This update for audiofile fixes the following issues:
Security issue fixed:
- CVE-2018-13440: Return AF_FAIL instead of causing NULL pointer dereferences later (bsc#1100523).
Список пакетов
SUSE Linux Enterprise Server 12 SP4
audiofile-0.3.6-11.7.8
libaudiofile1-0.3.6-11.7.8
libaudiofile1-32bit-0.3.6-11.7.8
SUSE Linux Enterprise Server 12 SP5
audiofile-0.3.6-11.7.8
libaudiofile1-0.3.6-11.7.8
libaudiofile1-32bit-0.3.6-11.7.8
SUSE Linux Enterprise Server for SAP Applications 12 SP4
audiofile-0.3.6-11.7.8
libaudiofile1-0.3.6-11.7.8
libaudiofile1-32bit-0.3.6-11.7.8
SUSE Linux Enterprise Server for SAP Applications 12 SP5
audiofile-0.3.6-11.7.8
libaudiofile1-0.3.6-11.7.8
libaudiofile1-32bit-0.3.6-11.7.8
SUSE Linux Enterprise Software Development Kit 12 SP4
audiofile-devel-0.3.6-11.7.8
SUSE Linux Enterprise Software Development Kit 12 SP5
audiofile-devel-0.3.6-11.7.8
Ссылки
- Link for SUSE-SU-2020:1619-1
- E-Mail link for SUSE-SU-2020:1619-1
- SUSE Security Ratings
- SUSE Bug 1100523
- SUSE CVE CVE-2018-13440 page
Описание
The audiofile Audio File Library 0.3.6 has a NULL pointer dereference bug in ModuleState::setup in modules/ModuleState.cpp, which allows an attacker to cause a denial of service via a crafted caf file, as demonstrated by sfconvert.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP4:audiofile-0.3.6-11.7.8
SUSE Linux Enterprise Server 12 SP4:libaudiofile1-0.3.6-11.7.8
SUSE Linux Enterprise Server 12 SP4:libaudiofile1-32bit-0.3.6-11.7.8
SUSE Linux Enterprise Server 12 SP5:audiofile-0.3.6-11.7.8
Ссылки
- CVE-2018-13440
- SUSE Bug 1100523