Описание
Security update for taglib
This update for taglib fixes the following issues:
- CVE-2018-11439: The TagLib::Ogg::FLAC::File::scan function allowed remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted audio file (bsc#1096180).
Список пакетов
SUSE Linux Enterprise Server 12 SP5
libtag1-1.9.1-3.4.18
libtag_c0-1.9.1-3.4.18
taglib-1.9.1-3.4.18
SUSE Linux Enterprise Server for SAP Applications 12 SP5
libtag1-1.9.1-3.4.18
libtag_c0-1.9.1-3.4.18
taglib-1.9.1-3.4.18
SUSE Linux Enterprise Software Development Kit 12 SP5
libtag-devel-1.9.1-3.4.18
SUSE Linux Enterprise Workstation Extension 12 SP5
libtag1-32bit-1.9.1-3.4.18
libtag_c0-32bit-1.9.1-3.4.18
Ссылки
- Link for SUSE-SU-2020:2968-1
- E-Mail link for SUSE-SU-2020:2968-1
- SUSE Security Ratings
- SUSE Bug 1096180
- SUSE CVE CVE-2018-11439 page
Описание
The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in TagLib 1.11.1 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted audio file.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP5:libtag1-1.9.1-3.4.18
SUSE Linux Enterprise Server 12 SP5:libtag_c0-1.9.1-3.4.18
SUSE Linux Enterprise Server 12 SP5:taglib-1.9.1-3.4.18
SUSE Linux Enterprise Server for SAP Applications 12 SP5:libtag1-1.9.1-3.4.18
Ссылки
- CVE-2018-11439
- SUSE Bug 1096180