Описание
Security update for wavpack
This update for wavpack fixes the following issues:
- Update to version 5.4.0
- CVE-2020-35738: Fixed an out-of-bounds write in WavpackPackSamples (bsc#1180414)
- fixed: disable A32 asm code when building for Apple silicon
- fixed: issues with Adobe-style floating-point WAV files
- added: --normalize-floats option to wvunpack for correctly exporting un-normalized floating-point files
- Update to version 5.3.0
- fixed: OSS-Fuzz issues 19925, 19928, 20060, 20448
- fixed: trailing garbage characters on imported ID3v2 TXXX tags
- fixed: various minor undefined behavior and memory access issues
- fixed: sanitize tag extraction names for length and path inclusion
- improved: reformat wvunpack 'help' and split into long + short versions
- added: regression testing to Travis CI for OSS-Fuzz crashers
- Updated to version 5.2.0
*fixed: potential security issues including the following CVEs:
CVE-2018-19840, CVE-2018-19841, CVE-2018-10536 (bsc#1091344),
CVE-2018-10537 (bsc#1091343) CVE-2018-10538 (bsc#1091342),
CVE-2018-10539 (bsc#1091341), CVE-2018-10540 (bsc#1091340), CVE-2018-7254, CVE-2018-7253, CVE-2018-6767, CVE-2019-11498 and CVE-2019-1010319- added: support for CMake, Travis CI, and Google's OSS-fuzz
- fixed: use correction file for encode verify (pipe input, Windows)
- fixed: correct WAV header with actual length (pipe input, -i option)
- fixed: thumb interworking and not needing v6 architecture (ARM asm)
- added: handle more ID3v2.3 tag items and from all file types
- fixed: coredump on Sparc64 (changed MD5 implementation)
- fixed: handle invalid ID3v2.3 tags from sacd-ripper
- fixed: several corner-case memory leaks
Список пакетов
Image SLES15-SP1-SAPCAL-Azure
Image SLES15-SP1-SAPCAL-EC2-HVM
Image SLES15-SP1-SAPCAL-GCE
Image SLES15-SP3-EC2-HVM
Image SLES15-SP3-SAP-Azure
Image SLES15-SP3-SAP-EC2-HVM
Image SLES15-SP3-SAP-GCE
Image SLES15-SP3-SAPCAL-Azure
Image SLES15-SP3-SAPCAL-EC2-HVM
Image SLES15-SP3-SAPCAL-GCE
Image SLES15-SP4-SAP
Image SLES15-SP4-SAP-Azure
Image SLES15-SP4-SAP-EC2
Image SLES15-SP4-SAP-GCE
Image SLES15-SP4-SAPCAL
Image SLES15-SP4-SAPCAL-Azure
Image SLES15-SP4-SAPCAL-EC2
Image SLES15-SP4-SAPCAL-GCE
Image SLES15-SP5-SAP-Azure
Image SLES15-SP5-SAP-EC2
Image SLES15-SP5-SAP-GCE
Image SLES15-SP5-SAPCAL-Azure
Image SLES15-SP5-SAPCAL-EC2
Image SLES15-SP5-SAPCAL-GCE
Image SLES15-SP6-SAP
Image SLES15-SP6-SAP-Azure
Image SLES15-SP6-SAP-EC2
Image SLES15-SP6-SAP-GCE
Image SLES15-SP6-SAPCAL
Image SLES15-SP6-SAPCAL-Azure
Image SLES15-SP6-SAPCAL-EC2
Image SLES15-SP6-SAPCAL-GCE
SUSE Enterprise Storage 6
SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS
SUSE Linux Enterprise High Performance Computing 15-ESPOS
SUSE Linux Enterprise High Performance Computing 15-LTSS
SUSE Linux Enterprise Module for Basesystem 15 SP2
SUSE Linux Enterprise Module for Desktop Applications 15 SP2
SUSE Linux Enterprise Server 15 SP1-BCL
SUSE Linux Enterprise Server 15 SP1-LTSS
SUSE Linux Enterprise Server 15-LTSS
SUSE Linux Enterprise Server for SAP Applications 15
SUSE Linux Enterprise Server for SAP Applications 15 SP1
SUSE Manager Proxy 4.0
SUSE Manager Retail Branch Server 4.0
SUSE Manager Server 4.0
Ссылки
- Link for SUSE-SU-2021:0186-1
- E-Mail link for SUSE-SU-2021:0186-1
- SUSE Security Ratings
- SUSE Bug 1091340
- SUSE Bug 1091341
- SUSE Bug 1091342
- SUSE Bug 1091343
- SUSE Bug 1091344
- SUSE Bug 1180414
- SUSE CVE CVE-2018-10536 page
- SUSE CVE CVE-2018-10537 page
- SUSE CVE CVE-2018-10538 page
- SUSE CVE CVE-2018-10539 page
- SUSE CVE CVE-2018-10540 page
- SUSE CVE CVE-2018-19840 page
- SUSE CVE CVE-2018-19841 page
- SUSE CVE CVE-2018-6767 page
- SUSE CVE CVE-2018-7253 page
- SUSE CVE CVE-2018-7254 page
- SUSE CVE CVE-2019-1010319 page
Описание
An issue was discovered in WavPack 5.1.0 and earlier. The WAV parser component contains a vulnerability that allows writing to memory because ParseRiffHeaderConfig in riff.c does not reject multiple format chunks.
Затронутые продукты
Ссылки
- CVE-2018-10536
- SUSE Bug 1091344
Описание
An issue was discovered in WavPack 5.1.0 and earlier. The W64 parser component contains a vulnerability that allows writing to memory because ParseWave64HeaderConfig in wave64.c does not reject multiple format chunks.
Затронутые продукты
Ссылки
- CVE-2018-10537
- SUSE Bug 1091343
Описание
An issue was discovered in WavPack 5.1.0 and earlier for WAV input. Out-of-bounds writes can occur because ParseRiffHeaderConfig in riff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation.
Затронутые продукты
Ссылки
- CVE-2018-10538
- SUSE Bug 1091342
Описание
An issue was discovered in WavPack 5.1.0 and earlier for DSDiff input. Out-of-bounds writes can occur because ParseDsdiffHeaderConfig in dsdiff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation.
Затронутые продукты
Ссылки
- CVE-2018-10539
- SUSE Bug 1091341
Описание
An issue was discovered in WavPack 5.1.0 and earlier for W64 input. Out-of-bounds writes can occur because ParseWave64HeaderConfig in wave64.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation.
Затронутые продукты
Ссылки
- CVE-2018-10540
- SUSE Bug 1091340
Описание
The function WavpackPackInit in pack_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (resource exhaustion caused by an infinite loop) via a crafted wav audio file because WavpackSetConfiguration64 mishandles a sample rate of zero.
Затронутые продукты
Ссылки
- CVE-2018-19840
- SUSE Bug 1120930
Описание
The function WavpackVerifySingleBlock in open_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (out-of-bounds read and application crash) via a crafted WavPack Lossless Audio file, as demonstrated by wvunpack.
Затронутые продукты
Ссылки
- CVE-2018-19841
- SUSE Bug 1120929
Описание
A stack-based buffer over-read in the ParseRiffHeaderConfig function of cli/riff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service attack or possibly have unspecified other impact via a maliciously crafted RF64 file.
Затронутые продукты
Ссылки
- CVE-2018-6767
- SUSE Bug 1079746
Описание
The ParseDsdiffHeaderConfig function of the cli/dsdiff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (heap-based buffer over-read) or possibly overwrite the heap via a maliciously crafted DSDIFF file.
Затронутые продукты
Ссылки
- CVE-2018-7253
- SUSE Bug 1081692
Описание
The ParseCaffHeaderConfig function of the cli/caff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (global buffer over-read), or possibly trigger a buffer overflow or incorrect memory allocation, via a maliciously crafted CAF file.
Затронутые продукты
Ссылки
- CVE-2018-7254
- SUSE Bug 1081693
Описание
WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseWave64HeaderConfig (wave64.c:211). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/33a0025d1d63ccd05d9dbaa6923d52b1446a62fe.
Затронутые продукты
Ссылки
- CVE-2019-1010319
- SUSE Bug 1141334
Описание
WavpackSetConfiguration64 in pack_utils.c in libwavpack.a in WavPack through 5.1.0 has a "Conditional jump or move depends on uninitialised value" condition, which might allow attackers to cause a denial of service (application crash) via a DFF file that lacks valid sample-rate data.
Затронутые продукты
Ссылки
- CVE-2019-11498
- SUSE Bug 1133384
Описание
WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in pack_utils.c because of an integer overflow in a malloc argument. NOTE: some third-parties claim that there are later "unofficial" releases through 5.3.2, which are also affected.
Затронутые продукты
Ссылки
- CVE-2020-35738
- SUSE Bug 1180414