Описание
Security update for libopenmpt
This update for libopenmpt fixes the following issues:
Security issues fixed:
- CVE-2018-20861: Fixed crash with certain malformed custom tunings in MPTM files (bsc#1143578).
- CVE-2018-20860: Fixed crash with malformed MED files (bsc#1143581).
- CVE-2019-14383: Fixed J2B that allows an assertion failure during file parsing with debug STLs (bsc#1143584).
- CVE-2019-14382: Fixed DSM that allows an assertion failure during file parsing with debug STLs (bsc#1143582).
This update was imported from the SUSE:SLE-15:Update update project.
Список пакетов
openSUSE Leap 15.1
libmodplug-devel-0.3.17-lp151.2.3.1
libmodplug1-0.3.17-lp151.2.3.1
libmodplug1-32bit-0.3.17-lp151.2.3.1
libopenmpt-devel-0.3.17-lp151.2.3.1
libopenmpt0-0.3.17-lp151.2.3.1
libopenmpt0-32bit-0.3.17-lp151.2.3.1
libopenmpt_modplug1-0.3.17-lp151.2.3.1
libopenmpt_modplug1-32bit-0.3.17-lp151.2.3.1
openmpt123-0.3.17-lp151.2.3.1
Ссылки
- E-Mail link for openSUSE-SU-2019:2213-1
- SUSE Security Ratings
- SUSE Bug 1143578
- SUSE Bug 1143581
- SUSE Bug 1143582
- SUSE Bug 1143584
- SUSE CVE CVE-2018-20860 page
- SUSE CVE CVE-2018-20861 page
- SUSE CVE CVE-2019-14382 page
- SUSE CVE CVE-2019-14383 page
Описание
libopenmpt before 0.3.13 allows a crash with malformed MED files.
Затронутые продукты
openSUSE Leap 15.1:libmodplug-devel-0.3.17-lp151.2.3.1
openSUSE Leap 15.1:libmodplug1-0.3.17-lp151.2.3.1
openSUSE Leap 15.1:libmodplug1-32bit-0.3.17-lp151.2.3.1
openSUSE Leap 15.1:libopenmpt-devel-0.3.17-lp151.2.3.1
Ссылки
- CVE-2018-20860
- SUSE Bug 1143581
Описание
libopenmpt before 0.3.11 allows a crash with certain malformed custom tunings in MPTM files.
Затронутые продукты
openSUSE Leap 15.1:libmodplug-devel-0.3.17-lp151.2.3.1
openSUSE Leap 15.1:libmodplug1-0.3.17-lp151.2.3.1
openSUSE Leap 15.1:libmodplug1-32bit-0.3.17-lp151.2.3.1
openSUSE Leap 15.1:libopenmpt-devel-0.3.17-lp151.2.3.1
Ссылки
- CVE-2018-20861
- SUSE Bug 1143578
Описание
DSM in libopenmpt before 0.4.2 allows an assertion failure during file parsing with debug STLs.
Затронутые продукты
openSUSE Leap 15.1:libmodplug-devel-0.3.17-lp151.2.3.1
openSUSE Leap 15.1:libmodplug1-0.3.17-lp151.2.3.1
openSUSE Leap 15.1:libmodplug1-32bit-0.3.17-lp151.2.3.1
openSUSE Leap 15.1:libopenmpt-devel-0.3.17-lp151.2.3.1
Ссылки
- CVE-2019-14382
- SUSE Bug 1143582
Описание
J2B in libopenmpt before 0.4.2 allows an assertion failure during file parsing with debug STLs.
Затронутые продукты
openSUSE Leap 15.1:libmodplug-devel-0.3.17-lp151.2.3.1
openSUSE Leap 15.1:libmodplug1-0.3.17-lp151.2.3.1
openSUSE Leap 15.1:libmodplug1-32bit-0.3.17-lp151.2.3.1
openSUSE Leap 15.1:libopenmpt-devel-0.3.17-lp151.2.3.1
Ссылки
- CVE-2019-14383
- SUSE Bug 1143584