Описание
Security update for libsndfile
This update for libsndfile fixes the following issues:
- CVE-2021-4156: Fixed heap buffer overflow in flac_buffer_copy that could potentially lead to heap exploitation (bsc#1194006).
Список пакетов
SUSE Linux Enterprise Point of Sale 11 SP3
libsndfile-1.0.20-2.19.18.1
SUSE Linux Enterprise Server 11 SP4-LTSS
libsndfile-1.0.20-2.19.18.1
libsndfile-32bit-1.0.20-2.19.18.1
Ссылки
- Link for SUSE-SU-2022:14872-1
- E-Mail link for SUSE-SU-2022:14872-1
- SUSE Security Ratings
- SUSE Bug 1194006
- SUSE CVE CVE-2021-4156 page
Описание
An out-of-bounds read flaw was found in libsndfile's FLAC codec functionality. An attacker who is able to submit a specially crafted file (via tricking a user to open or otherwise) to an application linked with libsndfile and using the FLAC codec, could trigger an out-of-bounds read that would most likely cause a crash but could potentially leak memory information that could be used in further exploitation of other flaws.
Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:libsndfile-1.0.20-2.19.18.1
SUSE Linux Enterprise Server 11 SP4-LTSS:libsndfile-1.0.20-2.19.18.1
SUSE Linux Enterprise Server 11 SP4-LTSS:libsndfile-32bit-1.0.20-2.19.18.1
Ссылки
- CVE-2021-4156
- SUSE Bug 1194006