The alsa-lib is a library to interface with ALSA in the Linux kernel and virtual devices using a plugin system. More detail: https://alsa.opensrc.org/Alsa-lib
Security Fix(es):
The Advanced Linux Sound Architecture (ALSA) library before 1.2.16.1 contains a double-free vulnerability in parsedef() in src/conf.c that allows attackers to corrupt memory by supplying maliciously crafted ALSA configuration text. When parsing nested compound or array configuration blocks, parsedef() fails to check return values before continuing, causing sndconfigdelete() to be called twice on the same already-freed node, resulting in a NULL-pointer write or invalid memory read.(CVE-2026-56109)
{
"severity": "Medium"
}{
"x86_64": [
"alsa-lib-1.2.10-5.oe2403sp1.x86_64.rpm",
"alsa-lib-debuginfo-1.2.10-5.oe2403sp1.x86_64.rpm",
"alsa-lib-debugsource-1.2.10-5.oe2403sp1.x86_64.rpm",
"alsa-lib-devel-1.2.10-5.oe2403sp1.x86_64.rpm"
],
"aarch64": [
"alsa-lib-1.2.10-5.oe2403sp1.aarch64.rpm",
"alsa-lib-debuginfo-1.2.10-5.oe2403sp1.aarch64.rpm",
"alsa-lib-debugsource-1.2.10-5.oe2403sp1.aarch64.rpm",
"alsa-lib-devel-1.2.10-5.oe2403sp1.aarch64.rpm"
],
"noarch": [
"alsa-topology-1.2.10-5.oe2403sp1.noarch.rpm",
"alsa-ucm-1.2.10-5.oe2403sp1.noarch.rpm"
],
"src": [
"alsa-lib-1.2.10-5.oe2403sp1.src.rpm"
]
}