Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2021:0444-1

Опубликовано: 18 мар. 2021
Источник: suse-cvrf

Описание

Security update for libmysofa

This update for libmysofa fixes the following issues:

  • Added security backports: gh#hoene/libmysofa#136 - CVE-2020-36152 - boo#1181977 gh#hoene/libmysofa#138 - CVE-2020-36148 - boo#1181981 gh#hoene/libmysofa#137 - CVE-2020-36149 - boo#1181980 gh#hoene/libmysofa#134 - CVE-2020-36151 - boo#1181978 gh#hoene/libmysofa#135 - CVE-2020-36150 - boo#1181979 gh#hoene/libmysofa#96 - CVE-2020-6860 - boo#1182883

Update to version 0.9.1

  • Extended angular neighbor search to 'close the sphere'
  • Added and exposed mysofa_getfilter_float_nointerp method
  • Fixed various security issues CVE-2019-16091 - boo#1149919 CVE-2019-16092 - boo#1149920 CVE-2019-16093 - boo#1149922 CVE-2019-16094 - boo#1149924 CVE-2019-16095 - boo#1149926 CVE-2019-20016 - boo#1159839 CVE-2019-20063 - boo#1160040

Список пакетов

openSUSE Leap 15.2
libmysofa-devel-0.9.1-lp152.3.3.1
libmysofa0-0.9.1-lp152.3.3.1

Ссылки

Описание

Symonics libmysofa 0.7 has an out-of-bounds read in directblockRead in hdf/fractalhead.c.

Затронутые продукты
openSUSE Leap 15.2:libmysofa-devel-0.9.1-lp152.3.3.1
openSUSE Leap 15.2:libmysofa0-0.9.1-lp152.3.3.1
Ссылки

Описание

Symonics libmysofa 0.7 has a NULL pointer dereference in getHrtf in hrtf/reader.c.

Затронутые продукты
openSUSE Leap 15.2:libmysofa-devel-0.9.1-lp152.3.3.1
openSUSE Leap 15.2:libmysofa0-0.9.1-lp152.3.3.1
Ссылки

Описание

Symonics libmysofa 0.7 has an invalid write in readOHDRHeaderMessageDataLayout in hdf/dataobject.c.

Затронутые продукты
openSUSE Leap 15.2:libmysofa-devel-0.9.1-lp152.3.3.1
openSUSE Leap 15.2:libmysofa0-0.9.1-lp152.3.3.1
Ссылки

Описание

Symonics libmysofa 0.7 has an invalid read in readOHDRHeaderMessageDataLayout in hdf/dataobject.c.

Затронутые продукты
openSUSE Leap 15.2:libmysofa-devel-0.9.1-lp152.3.3.1
openSUSE Leap 15.2:libmysofa0-0.9.1-lp152.3.3.1
Ссылки

Описание

Symonics libmysofa 0.7 has an invalid read in getDimension in hrtf/reader.c.

Затронутые продукты
openSUSE Leap 15.2:libmysofa-devel-0.9.1-lp152.3.3.1
openSUSE Leap 15.2:libmysofa0-0.9.1-lp152.3.3.1
Ссылки

Описание

libmysofa before 2019-11-24 does not properly restrict recursive function calls, as demonstrated by reports of stack consumption in readOHDRHeaderMessageDatatype in dataobject.c and directblockRead in fractalhead.c. NOTE: a download of v0.9 after 2019-12-06 should fully remediate this issue.

Затронутые продукты
openSUSE Leap 15.2:libmysofa-devel-0.9.1-lp152.3.3.1
openSUSE Leap 15.2:libmysofa0-0.9.1-lp152.3.3.1
Ссылки

Описание

hdf/dataobject.c in libmysofa before 0.8 has an uninitialized use of memory, as demonstrated by mysofa2json.

Затронутые продукты
openSUSE Leap 15.2:libmysofa-devel-0.9.1-lp152.3.3.1
openSUSE Leap 15.2:libmysofa0-0.9.1-lp152.3.3.1
Ссылки

Описание

Incorrect handling of input data in verifyAttribute function in the libmysofa library 0.5 - 1.1 will lead to NULL pointer dereference and segmentation fault error in case of restrictive memory protection or near NULL pointer overwrite in case of no memory restrictions (e.g. in embedded environments).

Затронутые продукты
openSUSE Leap 15.2:libmysofa-devel-0.9.1-lp152.3.3.1
openSUSE Leap 15.2:libmysofa0-0.9.1-lp152.3.3.1
Ссылки

Описание

Incorrect handling of input data in changeAttribute function in the libmysofa library 0.5 - 1.1 will lead to NULL pointer dereference and segmentation fault error in case of restrictive memory protection or near NULL pointer overwrite in case of no memory restrictions (e.g. in embedded environments).

Затронутые продукты
openSUSE Leap 15.2:libmysofa-devel-0.9.1-lp152.3.3.1
openSUSE Leap 15.2:libmysofa0-0.9.1-lp152.3.3.1
Ссылки

Описание

Incorrect handling of input data in loudness function in the libmysofa library 0.5 - 1.1 will lead to heap buffer overflow and access to unallocated memory block.

Затронутые продукты
openSUSE Leap 15.2:libmysofa-devel-0.9.1-lp152.3.3.1
openSUSE Leap 15.2:libmysofa0-0.9.1-lp152.3.3.1
Ссылки

Описание

Incorrect handling of input data in mysofa_resampler_reset_mem function in the libmysofa library 0.5 - 1.1 will lead to heap buffer overflow and overwriting large memory block.

Затронутые продукты
openSUSE Leap 15.2:libmysofa-devel-0.9.1-lp152.3.3.1
openSUSE Leap 15.2:libmysofa0-0.9.1-lp152.3.3.1
Ссылки

Описание

Buffer overflow in readDataVar in hdf/dataobject.c in Symonics libmysofa 0.5 - 1.1 allows attackers to execute arbitrary code via a crafted SOFA.

Затронутые продукты
openSUSE Leap 15.2:libmysofa-devel-0.9.1-lp152.3.3.1
openSUSE Leap 15.2:libmysofa0-0.9.1-lp152.3.3.1
Ссылки

Описание

libmysofa 0.9.1 has a stack-based buffer overflow in readDataVar in hdf/dataobject.c during the reading of a header message attribute.

Затронутые продукты
openSUSE Leap 15.2:libmysofa-devel-0.9.1-lp152.3.3.1
openSUSE Leap 15.2:libmysofa0-0.9.1-lp152.3.3.1
Ссылки