Описание
Security update for libsndfile
The libsndfile package was updated to fix the following security issue:
- CVE-2014-9756: Fixed a divide by zero problem that can lead to a Denial of Service (DoS) (bsc#953521).
- CVE-2015-7805: Fixed heap overflow issue (bsc#953516).
- CVE-2015-8075: Fixed heap overflow issue (bsc#953519).
Список пакетов
openSUSE Leap 42.1
libsndfile-1.0.25-24.1
libsndfile-devel-1.0.25-24.1
libsndfile-progs-1.0.25-24.1
libsndfile1-1.0.25-24.1
libsndfile1-32bit-1.0.25-24.1
Ссылки
- E-Mail link for openSUSE-SU-2015:2119-1
- SUSE Security Ratings
Описание
The psf_fwrite function in file_io.c in libsndfile allows attackers to cause a denial of service (divide-by-zero error and application crash) via unspecified vectors related to the headindex variable.
Затронутые продукты
openSUSE Leap 42.1:libsndfile-1.0.25-24.1
openSUSE Leap 42.1:libsndfile-devel-1.0.25-24.1
openSUSE Leap 42.1:libsndfile-progs-1.0.25-24.1
openSUSE Leap 42.1:libsndfile1-1.0.25-24.1
Ссылки
- CVE-2014-9756
- SUSE Bug 953516
- SUSE Bug 953519
- SUSE Bug 953521
Описание
Heap-based buffer overflow in libsndfile 1.0.25 allows remote attackers to have unspecified impact via the headindex value in the header in an AIFF file.
Затронутые продукты
openSUSE Leap 42.1:libsndfile-1.0.25-24.1
openSUSE Leap 42.1:libsndfile-devel-1.0.25-24.1
openSUSE Leap 42.1:libsndfile-progs-1.0.25-24.1
openSUSE Leap 42.1:libsndfile1-1.0.25-24.1
Ссылки
- CVE-2015-7805
- SUSE Bug 953516
- SUSE Bug 953519
Описание
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
Затронутые продукты
openSUSE Leap 42.1:libsndfile-1.0.25-24.1
openSUSE Leap 42.1:libsndfile-devel-1.0.25-24.1
openSUSE Leap 42.1:libsndfile-progs-1.0.25-24.1
openSUSE Leap 42.1:libsndfile1-1.0.25-24.1
Ссылки
- CVE-2015-8075
- SUSE Bug 953516
- SUSE Bug 953519