Updated wavpack packages fix security vulnerabilities
Publication date: 23 Jan 2019Modification date: 23 Jan 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-6767 , CVE-2018-7253 , CVE-2018-7254 , CVE-2018-10536 , CVE-2018-10537 , CVE-2018-10538 , CVE-2018-10539 , CVE-2018-10540 , CVE-2018-19840 , CVE-2018-19841
Description
Joonun Jang discovered that WavPack incorrectly handled certain RF64
files. An attacker could possibly use this to cause a denial of service
(CVE-2018-6767).
It was discovered that WavPack incorrectly handled certain DSDIFF files.
An attacker could possibly use this to execute arbitrary code or cause a
denial of service (CVE-2018-7253).
It was discovered that WavPack incorrectly handled certain CAF files. An
attacker could possibly use this to cause a denial of service
(CVE-2018-7254).
Thuan Pham, Marcel Böhme, Andrew Santosa and Alexandru Razvan Caciulescu
discovered that WavPack incorrectly handled certain .wav files. An
attacker could possibly use this to execute arbitrary code or cause a
denial of service (CVE-2018-10536, CVE-2018-10537).
Thuan Pham, Marcel Böhme, Andrew Santosa and Alexandru Razvan Caciulescu
discovered that WavPack incorrectly handled certain .wav files. An
attacker could possibly use this to cause a denial of service
(CVE-2018-10538, CVE-2018-10539, CVE-2018-10540).
It was discovered that WavPack incorrectly handled certain WAV files. An
attacker could possibly use this issue to cause a denial of service
(CVE-2018-19840, CVE-2018-19841).
References
- https://bugs.mageia.org/show_bug.cgi?id=22588
- https://usn.ubuntu.com/3568-1/
- https://usn.ubuntu.com/3578-1/
- https://usn.ubuntu.com/3637-1/
- https://usn.ubuntu.com/3839-1/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6767
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7253
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7254
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10536
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10537
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10538
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10539
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10540
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19840
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19841
SRPMS
6/core
- wavpack-5.1.0-1.1.mga6