Описание
Security update for timidity
This update for timidity fixes the following issues:
Security issues fixed:
- CVE-2017-11546: Fix division-by-zero with malformed MIDI file (boo#1081694)
- CVE-2017-11547: Fix out-of-bound accesses in the resamplers (boo#1081694)
Other issues fixed:
- Drop tcl/tk dependency; it's already broken with Tcl/Tk 8.6
Список пакетов
openSUSE Leap 42.3
timidity-2.14.0-9.3.1
Ссылки
- E-Mail link for openSUSE-SU-2018:0535-1
- SUSE Security Ratings
Описание
The insert_note_steps function in readmidi.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted mid file. NOTE: a crash might be relevant when using the --background option.
Затронутые продукты
openSUSE Leap 42.3:timidity-2.14.0-9.3.1
Ссылки
- CVE-2017-11546
- SUSE Bug 1081694
Описание
The resample_gauss function in resample.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted mid file. NOTE: a crash might be relevant when using the --background option. NOTE: the TiMidity++ README.alsaseq documentation suggests a setuid-root installation.
Затронутые продукты
openSUSE Leap 42.3:timidity-2.14.0-9.3.1
Ссылки
- CVE-2017-11547
- SUSE Bug 1081694