Updated libsndfile packages fix security vulnerabilities
Publication date: 12 Aug 2018Modification date: 12 Aug 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2017-17456 , CVE-2017-17457 , CVE-2018-13139
Description
Updated libsndfile package fixes security vulnerabilities:
The function d2alaw_array() in alaw.c of libsndfile 1.0.29pre1 may lead
to a remote DoS attack (CVE-2017-17456).
The function d2ulaw_array() in ulaw.c of libsndfile 1.0.29pre1 may lead
to a remote DoS attack (CVE-2017-17457).
A stack-based buffer overflow in psf_memset in common.c in libsndfile
1.0.28 allows remote attackers to cause a denial of service (application
crash) or possibly have unspecified other impact via a crafted audio file
(CVE-2018-13139).
References
- https://bugs.mageia.org/show_bug.cgi?id=23382
- http://lists.suse.com/pipermail/sle-security-updates/2018-July/004311.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17456
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17457
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13139
SRPMS
6/core
- libsndfile-1.0.28-3.3.mga6