You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa soundtouch

Sigurnosni nedostaci programskog paketa soundtouch

——————————————————————————–
Fedora Update Notification
FEDORA-2018-f4f75985b8
2018-08-20 18:41:00.455946
——————————————————————————–

Name : soundtouch
Product : Fedora 28
Version : 2.0.0
Release : 6.fc28
URL : http://www.surina.net/soundtouch/
Summary : Audio Processing library for changing Tempo, Pitch and Playback Rates
Description :
SoundTouch is a LGPL-licensed open-source audio processing library for
changing the Tempo, Pitch and Playback Rates of audio streams or
files. The SoundTouch library is suited for application developers
writing sound processing tools that require tempo/pitch control
functionality, or just for playing around with the sound effects.

The SoundTouch library source kit includes an example utility
SoundStretch which allows processing .wav audio files from a
command-line interface.

——————————————————————————–
Update Information:

Security fix for CVE-2018-14044, CVE-2018-14045 and CVE-2018-1000223
——————————————————————————–
ChangeLog:

* Tue Aug 14 2018 Hans de Goede <hdegoede@redhat.com> – 2.0.0-6
– The last round of security fixes also fixes CVE-2018-14044, CVE-2018-14045
(rhbz#1601618, rhbz#1601620, rhbz#1601624, rhbz#1601625)
* Tue Aug 14 2018 Hans de Goede <hdegoede@redhat.com> – 2.0.0-5
– Security fix for CVE-2018-1000223 (rhbz#1609193, rhbz#1609194)
* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> – 2.0.0-4
– Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Thu Jul 5 2018 Hans de Goede <hdegoede@redhat.com> 2.0.0-3
– Security fix for CVE-2017-9258, CVE-2017-9259, CVE-2017-9260 (rhbz#1475759)
——————————————————————————–
References:

[ 1 ] Bug #1601624 – CVE-2018-14045 soundtouch: Reachable assertion in FIRFilter.cpp causing denial of service
https://bugzilla.redhat.com/show_bug.cgi?id=1601624
[ 2 ] Bug #1601618 – CVE-2018-14044 soundtouch: Reachable assertion in RateTransposer::setChannels() causing denial of service
https://bugzilla.redhat.com/show_bug.cgi?id=1601618
[ 3 ] Bug #1609193 – CVE-2018-1000223 soundtouch: Heap-based buffer overflow in SoundStretch/WavFile.cpp:WavInFile::readHeaderBlock() potentially leading to code execution
https://bugzilla.redhat.com/show_bug.cgi?id=1609193
——————————————————————————–

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2018-f4f75985b8’ at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PA4WRBGUOIUFQNNFWZ5NRQ6K7S63JU6G/

Top
More in Preporuke
Sigurnosni nedostaci programskog paketa mutt

Otkriveni su sigurnosni nedostaci u programskom paketu mutt za operacijski sustav RHEL. Otkriveni nedostaci potencijalnim napadačima omogućuju izvršavanje proizvoljnog programskog...

Close