Updated wavpack packages fix security vulnerabilities
Publication date: 31 Aug 2019Modification date: 31 Aug 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2019-11498 , CVE-2019-1010315 , CVE-2019-1010317 , CVE-2019-1010318 , CVE-2019-1010319
Description
Updated wavpack packages fixes security vulnerabilities:
It was discovered that WavPack incorrectly handled certain DFF files.
An attacker could possibly use this issue to cause a denial of service
(CVE-2019-11498).
Rohan Padhye discovered that WavPack incorrectly handled certain WAV files.
An attacker could possibly use this issue to cause a denial of service
(CVE-2019-1010315, CVE-2019-1010317, CVE-2019-1010318, CVE-2019-1010319).
References
- https://bugs.mageia.org/show_bug.cgi?id=25265
- https://usn.ubuntu.com/3960-1/
- https://usn.ubuntu.com/4062-1/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11498
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010315
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010317
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010318
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010319
SRPMS
6/core
- wavpack-5.1.0-1.2.mga6