Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2017:1107-1

Опубликовано: 26 апр. 2017
Источник: suse-cvrf

Описание

Security update for libsndfile

This update for libsndfile fixes the following security issues:

  • CVE-2017-7586: A stack-based buffer overflow via a specially crafted FLAC file was fixed (error in the 'header_read()' function) (bsc#1033053)
  • CVE-2017-7585,CVE-2017-7741, CVE-2017-7742: Several stack-based buffer overflows via a specially crafted FLAC file (error in the 'flac_buffer_copy()' function) were fixed (bsc#1033054,bsc#1033915,bsc#1033914).

This update was imported from the SUSE:SLE-12:Update update project.

Список пакетов

openSUSE Leap 42.1
libsndfile-1.0.25-26.3.1
libsndfile-devel-1.0.25-26.3.1
libsndfile-progs-1.0.25-26.3.1
libsndfile1-1.0.25-26.3.1
libsndfile1-32bit-1.0.25-26.3.1
openSUSE Leap 42.2
libsndfile-1.0.25-26.3.1
libsndfile-devel-1.0.25-26.3.1
libsndfile-progs-1.0.25-26.3.1
libsndfile1-1.0.25-26.3.1
libsndfile1-32bit-1.0.25-26.3.1

Ссылки

Описание

In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file.

Затронутые продукты
openSUSE Leap 42.1:libsndfile-1.0.25-26.3.1
openSUSE Leap 42.1:libsndfile-devel-1.0.25-26.3.1
openSUSE Leap 42.1:libsndfile-progs-1.0.25-26.3.1
openSUSE Leap 42.1:libsndfile1-1.0.25-26.3.1
Ссылки

Описание

In libsndfile before 1.0.28, an error in the "header_read()" function (common.c) when handling ID3 tags can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file.

Затронутые продукты
openSUSE Leap 42.1:libsndfile-1.0.25-26.3.1
openSUSE Leap 42.1:libsndfile-devel-1.0.25-26.3.1
openSUSE Leap 42.1:libsndfile-progs-1.0.25-26.3.1
openSUSE Leap 42.1:libsndfile1-1.0.25-26.3.1
Ссылки

Описание

In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a segmentation violation (with write memory access) via a specially crafted FLAC file during a resample attempt, a similar issue to CVE-2017-7585.

Затронутые продукты
openSUSE Leap 42.1:libsndfile-1.0.25-26.3.1
openSUSE Leap 42.1:libsndfile-devel-1.0.25-26.3.1
openSUSE Leap 42.1:libsndfile-progs-1.0.25-26.3.1
openSUSE Leap 42.1:libsndfile1-1.0.25-26.3.1
Ссылки

Описание

In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a segmentation violation (with read memory access) via a specially crafted FLAC file during a resample attempt, a similar issue to CVE-2017-7585.

Затронутые продукты
openSUSE Leap 42.1:libsndfile-1.0.25-26.3.1
openSUSE Leap 42.1:libsndfile-devel-1.0.25-26.3.1
openSUSE Leap 42.1:libsndfile-progs-1.0.25-26.3.1
openSUSE Leap 42.1:libsndfile1-1.0.25-26.3.1
Ссылки
Уязвимость openSUSE-SU-2017:1107-1