openSUSE-SU-2022:0052-1

Опубликовано: 11 янв. 2022

Источник: suse-cvrf

Описание

Security update for libsndfile

This update for libsndfile fixes the following issues:

CVE-2021-4156: Fixed heap buffer overflow in flac_buffer_copy that could potentially lead to heap exploitation (bsc#1194006).

Список пакетов

openSUSE Leap 15.3

libsndfile-devel-1.0.28-5.15.1

libsndfile-progs-1.0.28-5.15.1

libsndfile1-1.0.28-5.15.1

libsndfile1-32bit-1.0.28-5.15.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DAZJOOODJLFD53X2AQIEWTT3MS53WDSD/
E-Mail link for openSUSE-SU-2022:0052-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1194006
SUSE Bug 1194006
https://www.suse.com/security/cve/CVE-2021-4156/
SUSE CVE CVE-2021-4156 page

Описание

An out-of-bounds read flaw was found in libsndfile's FLAC codec functionality. An attacker who is able to submit a specially crafted file (via tricking a user to open or otherwise) to an application linked with libsndfile and using the FLAC codec, could trigger an out-of-bounds read that would most likely cause a crash but could potentially leak memory information that could be used in further exploitation of other flaws.

Затронутые продукты

openSUSE Leap 15.3:libsndfile-devel-1.0.28-5.15.1

openSUSE Leap 15.3:libsndfile-progs-1.0.28-5.15.1

openSUSE Leap 15.3:libsndfile1-1.0.28-5.15.1

openSUSE Leap 15.3:libsndfile1-32bit-1.0.28-5.15.1

Ссылки

https://www.suse.com/security/cve/CVE-2021-4156.html
CVE-2021-4156
https://bugzilla.suse.com/1194006
SUSE Bug 1194006

openSUSE-SU-2022:0052-1

Описание

Список пакетов

openSUSE Leap 15.3

Ссылки

Уязвимость: CVE-2021-4156

Описание

Затронутые продукты

Ссылки