Security update for libsndfile
Announcement ID: | SUSE-SU-2018:0352-1 |
---|---|
Rating: | moderate |
References: | |
Cross-References: | |
CVSS scores: |
|
Affected Products: |
|
An update that solves five vulnerabilities can now be installed.
Description:
This update for libsndfile fixes the following issues:
- CVE-2017-16942: Divide-by-zero in the function wav_w64_read_fmt_chunk(), which may lead to Denial of service (bsc#1069874).
- CVE-2017-6892: Fixed an out-of-bounds read memory access in the aiff_read_chanmap() (bsc#1043978).
- CVE-2017-14634: In libsndfile 1.0.28, a divide-by-zero error exists in the function double64_init() in double64.c, which may lead to DoS when playing a crafted audio file. (bsc#1059911)
- CVE-2017-14245: An out of bounds read in the function d2alaw_array() in alaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values. (bsc#1059912)
- CVE-2017-14246: An out of bounds read in the function d2ulaw_array() in ulaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values.(bsc#1059913)
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
SUSE Linux Enterprise Desktop 12 SP2
zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2018-247=1
-
SUSE Linux Enterprise Desktop 12 SP3
zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-247=1
-
SUSE Linux Enterprise Server for the Raspberry Pi 12-SP2
zypper in -t patch SUSE-SLE-RPI-12-SP2-2018-247=1
-
SUSE Linux Enterprise Software Development Kit 12 12-SP2
zypper in -t patch SUSE-SLE-SDK-12-SP2-2018-247=1
-
SUSE Linux Enterprise Software Development Kit 12 SP3
zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-247=1
-
SUSE Linux Enterprise High Performance Computing 12 SP2
zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-247=1
-
SUSE Linux Enterprise Server 12 SP2
zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-247=1
-
SUSE Linux Enterprise Server for SAP Applications 12 SP2
zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-247=1
-
SUSE Linux Enterprise Server 12 SP3
zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-247=1
-
SUSE Linux Enterprise High Performance Computing 12 SP3
zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-247=1
-
SUSE Linux Enterprise Server for SAP Applications 12 SP3
zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-247=1
Package List:
-
SUSE Linux Enterprise Desktop 12 SP2 (x86_64)
- libsndfile1-1.0.25-36.7.2
- libsndfile1-32bit-1.0.25-36.7.2
- libsndfile-debugsource-1.0.25-36.7.2
- libsndfile1-debuginfo-32bit-1.0.25-36.7.2
- libsndfile1-debuginfo-1.0.25-36.7.2
-
SUSE Linux Enterprise Desktop 12 SP3 (x86_64)
- libsndfile1-1.0.25-36.7.2
- libsndfile1-32bit-1.0.25-36.7.2
- libsndfile-debugsource-1.0.25-36.7.2
- libsndfile1-debuginfo-32bit-1.0.25-36.7.2
- libsndfile1-debuginfo-1.0.25-36.7.2
-
SUSE Linux Enterprise Server for the Raspberry Pi 12-SP2 (aarch64)
- libsndfile1-1.0.25-36.7.2
- libsndfile1-debuginfo-1.0.25-36.7.2
- libsndfile-debugsource-1.0.25-36.7.2
-
SUSE Linux Enterprise Software Development Kit 12 12-SP2 (aarch64 ppc64le s390x x86_64)
- libsndfile-devel-1.0.25-36.7.2
- libsndfile-debugsource-1.0.25-36.7.2
-
SUSE Linux Enterprise Software Development Kit 12 SP3 (aarch64 ppc64le s390x x86_64)
- libsndfile-devel-1.0.25-36.7.2
- libsndfile-debugsource-1.0.25-36.7.2
-
SUSE Linux Enterprise High Performance Computing 12 SP2 (aarch64 x86_64)
- libsndfile1-1.0.25-36.7.2
- libsndfile1-debuginfo-1.0.25-36.7.2
- libsndfile-debugsource-1.0.25-36.7.2
-
SUSE Linux Enterprise High Performance Computing 12 SP2 (x86_64)
- libsndfile1-32bit-1.0.25-36.7.2
- libsndfile1-debuginfo-32bit-1.0.25-36.7.2
-
SUSE Linux Enterprise Server 12 SP2 (aarch64 ppc64le s390x x86_64)
- libsndfile1-1.0.25-36.7.2
- libsndfile1-debuginfo-1.0.25-36.7.2
- libsndfile-debugsource-1.0.25-36.7.2
-
SUSE Linux Enterprise Server 12 SP2 (s390x x86_64)
- libsndfile1-32bit-1.0.25-36.7.2
- libsndfile1-debuginfo-32bit-1.0.25-36.7.2
-
SUSE Linux Enterprise Server for SAP Applications 12 SP2 (ppc64le x86_64)
- libsndfile1-1.0.25-36.7.2
- libsndfile1-debuginfo-1.0.25-36.7.2
- libsndfile-debugsource-1.0.25-36.7.2
-
SUSE Linux Enterprise Server for SAP Applications 12 SP2 (x86_64)
- libsndfile1-32bit-1.0.25-36.7.2
- libsndfile1-debuginfo-32bit-1.0.25-36.7.2
-
SUSE Linux Enterprise Server 12 SP3 (aarch64 ppc64le s390x x86_64)
- libsndfile1-1.0.25-36.7.2
- libsndfile1-debuginfo-1.0.25-36.7.2
- libsndfile-debugsource-1.0.25-36.7.2
-
SUSE Linux Enterprise Server 12 SP3 (s390x x86_64)
- libsndfile1-32bit-1.0.25-36.7.2
- libsndfile1-debuginfo-32bit-1.0.25-36.7.2
-
SUSE Linux Enterprise High Performance Computing 12 SP3 (aarch64 x86_64)
- libsndfile1-1.0.25-36.7.2
- libsndfile1-debuginfo-1.0.25-36.7.2
- libsndfile-debugsource-1.0.25-36.7.2
-
SUSE Linux Enterprise High Performance Computing 12 SP3 (x86_64)
- libsndfile1-32bit-1.0.25-36.7.2
- libsndfile1-debuginfo-32bit-1.0.25-36.7.2
-
SUSE Linux Enterprise Server for SAP Applications 12 SP3 (ppc64le x86_64)
- libsndfile1-1.0.25-36.7.2
- libsndfile1-debuginfo-1.0.25-36.7.2
- libsndfile-debugsource-1.0.25-36.7.2
-
SUSE Linux Enterprise Server for SAP Applications 12 SP3 (x86_64)
- libsndfile1-32bit-1.0.25-36.7.2
- libsndfile1-debuginfo-32bit-1.0.25-36.7.2
References:
- https://www.suse.com/security/cve/CVE-2017-14245.html
- https://www.suse.com/security/cve/CVE-2017-14246.html
- https://www.suse.com/security/cve/CVE-2017-14634.html
- https://www.suse.com/security/cve/CVE-2017-16942.html
- https://www.suse.com/security/cve/CVE-2017-6892.html
- https://bugzilla.suse.com/show_bug.cgi?id=1043978
- https://bugzilla.suse.com/show_bug.cgi?id=1059911
- https://bugzilla.suse.com/show_bug.cgi?id=1059912
- https://bugzilla.suse.com/show_bug.cgi?id=1059913
- https://bugzilla.suse.com/show_bug.cgi?id=1069874