SUSE-SU-2022:0052-2

Опубликовано: 17 фев. 2022

Источник: suse-cvrf

Описание

Security update for libsndfile

This update for libsndfile fixes the following issues:

CVE-2021-4156: Fixed heap buffer overflow in flac_buffer_copy that could potentially lead to heap exploitation (bsc#1194006).

Список пакетов

Container containers/milvus:2.4

libsndfile1-1.0.28-5.15.1

Container containers/open-webui:0

libsndfile1-1.0.28-5.15.1

Container suse/kiosk/firefox-esr:esr

libsndfile1-1.0.28-5.15.1

Container suse/kiosk/pulseaudio:17

libsndfile1-1.0.28-5.15.1

Image SLES15-SP4-SAP-Azure-LI-BYOS

libsndfile1-1.0.28-5.15.1

Image SLES15-SP4-SAP-Azure-LI-BYOS-Production

libsndfile1-1.0.28-5.15.1

Image SLES15-SP4-SAP-Azure-VLI-BYOS

libsndfile1-1.0.28-5.15.1

Image SLES15-SP4-SAP-Azure-VLI-BYOS-Production

libsndfile1-1.0.28-5.15.1

Image SLES15-SP5-SAP-Azure-LI-BYOS

libsndfile1-1.0.28-5.15.1

Image SLES15-SP5-SAP-Azure-LI-BYOS-Production

libsndfile1-1.0.28-5.15.1

Image SLES15-SP5-SAP-Azure-VLI-BYOS

libsndfile1-1.0.28-5.15.1

Image SLES15-SP5-SAP-Azure-VLI-BYOS-Production

libsndfile1-1.0.28-5.15.1

Image SLES15-SP6-SAP-Azure-LI-BYOS

libsndfile1-1.0.28-5.15.1

Image SLES15-SP6-SAP-Azure-LI-BYOS-Production

libsndfile1-1.0.28-5.15.1

Image SLES15-SP6-SAP-Azure-VLI-BYOS

libsndfile1-1.0.28-5.15.1

Image SLES15-SP6-SAP-Azure-VLI-BYOS-Production

libsndfile1-1.0.28-5.15.1

Image SLES15-SP7-SAP-Azure-LI-BYOS-Production

libsndfile1-1.0.28-5.15.1

Image SLES15-SP7-SAP-Azure-VLI-BYOS-Production

libsndfile1-1.0.28-5.15.1

SUSE Linux Enterprise Real Time 15 SP2

libsndfile-devel-1.0.28-5.15.1

libsndfile1-1.0.28-5.15.1

Ссылки

https://www.suse.com/support/update/announcement/2022/suse-su-20220052-2/
Link for SUSE-SU-2022:0052-2
https://lists.suse.com/pipermail/sle-security-updates/2022-February/010248.html
E-Mail link for SUSE-SU-2022:0052-2
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1194006
SUSE Bug 1194006
https://www.suse.com/security/cve/CVE-2021-4156/
SUSE CVE CVE-2021-4156 page

Описание

An out-of-bounds read flaw was found in libsndfile's FLAC codec functionality. An attacker who is able to submit a specially crafted file (via tricking a user to open or otherwise) to an application linked with libsndfile and using the FLAC codec, could trigger an out-of-bounds read that would most likely cause a crash but could potentially leak memory information that could be used in further exploitation of other flaws.

Затронутые продукты

Container containers/milvus:2.4:libsndfile1-1.0.28-5.15.1

Container containers/open-webui:0:libsndfile1-1.0.28-5.15.1

Container suse/kiosk/firefox-esr:esr:libsndfile1-1.0.28-5.15.1

Container suse/kiosk/pulseaudio:17:libsndfile1-1.0.28-5.15.1

Ссылки

https://www.suse.com/security/cve/CVE-2021-4156.html
CVE-2021-4156
https://bugzilla.suse.com/1194006
SUSE Bug 1194006

SUSE-SU-2022:0052-2

Описание

Список пакетов

Container containers/milvus:2.4

Container containers/open-webui:0

Container suse/kiosk/firefox-esr:esr

Container suse/kiosk/pulseaudio:17

Image SLES15-SP4-SAP-Azure-LI-BYOS

Image SLES15-SP4-SAP-Azure-LI-BYOS-Production

Image SLES15-SP4-SAP-Azure-VLI-BYOS

Image SLES15-SP4-SAP-Azure-VLI-BYOS-Production

Image SLES15-SP5-SAP-Azure-LI-BYOS

Image SLES15-SP5-SAP-Azure-LI-BYOS-Production

Image SLES15-SP5-SAP-Azure-VLI-BYOS

Image SLES15-SP5-SAP-Azure-VLI-BYOS-Production

Image SLES15-SP6-SAP-Azure-LI-BYOS

Image SLES15-SP6-SAP-Azure-LI-BYOS-Production

Image SLES15-SP6-SAP-Azure-VLI-BYOS

Image SLES15-SP6-SAP-Azure-VLI-BYOS-Production

Image SLES15-SP7-SAP-Azure-LI-BYOS-Production

Image SLES15-SP7-SAP-Azure-VLI-BYOS-Production

SUSE Linux Enterprise Real Time 15 SP2

Ссылки

Уязвимость: CVE-2021-4156

Описание

Затронутые продукты

Ссылки