You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa soundtouch

Sigurnosni nedostaci programskog paketa soundtouch

openSUSE Security Update: Security update for soundtouch
______________________________________________________________________________

Announcement ID: openSUSE-SU-2018:3692-1
Rating: important
References: #1103676 #1108630 #1108631 #1108632
Cross-References: CVE-2018-1000223 CVE-2018-17096 CVE-2018-17097
CVE-2018-17098
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________

An update that fixes four vulnerabilities is now available.

Description:

This update for soundtouch fixes the following issues:

– CVE-2018-17098: The WavFileBase class allowed remote attackers to cause
a denial of service (heap corruption from size inconsistency) or
possibly have unspecified other impact, as demonstrated by SoundStretch.
(bsc#1108632)
– CVE-2018-17097: The WavFileBase class allowed remote attackers to cause
a denial of service (double free) or possibly have unspecified other
impact, as demonstrated by SoundStretch. (double free) (bsc#1108631)
– CVE-2018-17096: The BPMDetect class allowed remote attackers to cause a
denial of service (assertion failure and application exit), as
demonstrated by SoundStretch. (bsc#1108630)
– CVE-2018-1000223: soundtouch contained a Buffer Overflow vulnerability
in SoundStretch/WavFile.cpp:WavInFile::readHeaderBlock() that can result
in arbitrary code execution. This attack appear to be exploitable via
victim must open maliocius file in soundstretch utility. (boo#1103676)

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

– openSUSE Leap 42.3:

zypper in -t patch openSUSE-2018-1361=1

Package List:

– openSUSE Leap 42.3 (i586 x86_64):

libSoundTouch0-1.8.0-6.3.1
libSoundTouch0-debuginfo-1.8.0-6.3.1
soundtouch-1.8.0-6.3.1
soundtouch-debuginfo-1.8.0-6.3.1
soundtouch-debugsource-1.8.0-6.3.1
soundtouch-devel-1.8.0-6.3.1

– openSUSE Leap 42.3 (x86_64):

libSoundTouch0-32bit-1.8.0-6.3.1
libSoundTouch0-debuginfo-32bit-1.8.0-6.3.1

References:

https://www.suse.com/security/cve/CVE-2018-1000223.html
https://www.suse.com/security/cve/CVE-2018-17096.html
https://www.suse.com/security/cve/CVE-2018-17097.html
https://www.suse.com/security/cve/CVE-2018-17098.html
https://bugzilla.suse.com/1103676
https://bugzilla.suse.com/1108630
https://bugzilla.suse.com/1108631
https://bugzilla.suse.com/1108632


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

openSUSE Security Update: Security update for soundtouch
______________________________________________________________________________

Announcement ID: openSUSE-SU-2018:3691-1
Rating: moderate
References: #1108630 #1108631 #1108632
Cross-References: CVE-2018-17096 CVE-2018-17097 CVE-2018-17098

Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________

An update that fixes three vulnerabilities is now available.

Description:

This update for soundtouch fixes the following issues:

– CVE-2018-17098: The WavFileBase class allowed remote attackers to cause
a denial of service (heap corruption from size inconsistency) or
possibly have unspecified other impact, as demonstrated by SoundStretch.
(bsc#1108632)
– CVE-2018-17097: The WavFileBase class allowed remote attackers to cause
a denial of service (double free) or possibly have unspecified other
impact, as demonstrated by SoundStretch. (double free) (bsc#1108631)
– CVE-2018-17096: The BPMDetect class allowed remote attackers to cause a
denial of service (assertion failure and application exit), as
demonstrated by SoundStretch. (bsc#1108630)

This update was imported from the SUSE:SLE-15:Update update project.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

– openSUSE Leap 15.0:

zypper in -t patch openSUSE-2018-1362=1

Package List:

– openSUSE Leap 15.0 (i586 x86_64):

libSoundTouch0-1.8.0-lp150.2.6.1
libSoundTouch0-debuginfo-1.8.0-lp150.2.6.1
soundtouch-1.8.0-lp150.2.6.1
soundtouch-debuginfo-1.8.0-lp150.2.6.1
soundtouch-debugsource-1.8.0-lp150.2.6.1
soundtouch-devel-1.8.0-lp150.2.6.1

– openSUSE Leap 15.0 (x86_64):

libSoundTouch0-32bit-1.8.0-lp150.2.6.1
libSoundTouch0-32bit-debuginfo-1.8.0-lp150.2.6.1

References:

https://www.suse.com/security/cve/CVE-2018-17096.html
https://www.suse.com/security/cve/CVE-2018-17097.html
https://www.suse.com/security/cve/CVE-2018-17098.html
https://bugzilla.suse.com/1108630
https://bugzilla.suse.com/1108631
https://bugzilla.suse.com/1108632


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

Top
More in Preporuke
Sigurnosni nedostaci programske biblioteke libarchive

Otkriveni su sigurnosni nedostaci programske biblioteke libarchive za operacijski sustav openSUSE. Otkriveni nedostaci potencijalnim napadačima omogućuju izazivanje DoS stanja, izvršavanje...

Close