SUSE-SU-2020:2727-1

Опубликовано: 23 сент. 2020

Источник: suse-cvrf

Описание

Security update for wavpack

This update for wavpack fixes the following issues:

Security issues fixed:

CVE-2018-19840: Fixed a denial-of-service in the WavpackPackInit function from pack_utils.c (bsc#1120930)

Список пакетов

SUSE Linux Enterprise Server 12 SP5

libwavpack1-4.60.99-5.6.3

SUSE Linux Enterprise Server for SAP Applications 12 SP5

libwavpack1-4.60.99-5.6.3

SUSE Linux Enterprise Software Development Kit 12 SP5

wavpack-4.60.99-5.6.3

wavpack-devel-4.60.99-5.6.3

Ссылки

https://www.suse.com/support/update/announcement/2020/suse-su-20202727-1/
Link for SUSE-SU-2020:2727-1
https://lists.suse.com/pipermail/sle-security-updates/2020-September/007470.html
E-Mail link for SUSE-SU-2020:2727-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1120930
SUSE Bug 1120930
https://www.suse.com/security/cve/CVE-2018-19840/
SUSE CVE CVE-2018-19840 page

Описание

The function WavpackPackInit in pack_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (resource exhaustion caused by an infinite loop) via a crafted wav audio file because WavpackSetConfiguration64 mishandles a sample rate of zero.

Затронутые продукты

SUSE Linux Enterprise Server 12 SP5:libwavpack1-4.60.99-5.6.3

SUSE Linux Enterprise Server for SAP Applications 12 SP5:libwavpack1-4.60.99-5.6.3

SUSE Linux Enterprise Software Development Kit 12 SP5:wavpack-4.60.99-5.6.3

SUSE Linux Enterprise Software Development Kit 12 SP5:wavpack-devel-4.60.99-5.6.3

Ссылки

https://www.suse.com/security/cve/CVE-2018-19840.html
CVE-2018-19840
https://bugzilla.suse.com/1120930
SUSE Bug 1120930

SUSE-SU-2020:2727-1

Описание

Список пакетов

SUSE Linux Enterprise Server 12 SP5

SUSE Linux Enterprise Server for SAP Applications 12 SP5

SUSE Linux Enterprise Software Development Kit 12 SP5

Ссылки

Уязвимость: CVE-2018-19840

Описание

Затронутые продукты

Ссылки