SUSE-SU-2017:0940-1

Source
https://www.suse.com/support/update/announcement/2017/suse-su-20170940-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2017:0940-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2017:0940-1
Related
Published
2017-04-05T12:26:41Z
Modified
2017-04-05T12:26:41Z
Summary
Security update for audiofile
Details

This audiofile update fixes the following issue:

Security issues fixed: - CVE-2015-7747: Fixed buffer overflow issue when changing both number of channels and sample format. (bsc#949399) - CVE-2017-6827: heap-based buffer overflow in MSADPCM::initializeCoefficients (MSADPCM.cpp) (bsc#1026979) - CVE-2017-6828: heap-based buffer overflow in readValue (FileHandle.cpp) (bsc#1026980) - CVE-2017-6829: global buffer overflow in decodeSample (IMA.cpp) (bsc#1026981) - CVE-2017-6830: heap-based buffer overflow in alaw2linearbuf (G711.cpp) (bsc#1026982) - CVE-2017-6831: heap-based buffer overflow in IMA::decodeBlockWAVE (IMA.cpp) (bsc#1026983) - CVE-2017-6832: heap-based buffer overflow in MSADPCM::decodeBlock (MSADPCM.cpp) (bsc#1026984) - CVE-2017-6833: divide-by-zero in BlockCodec::runPull (BlockCodec.cpp) (bsc#1026985) - CVE-2017-6834: heap-based buffer overflow in ulaw2linearbuf (G711.cpp) (bsc#1026986) - CVE-2017-6835: divide-by-zero in BlockCodec::reset1 (BlockCodec.cpp) (bsc#1026988) - CVE-2017-6836: heap-based buffer overflow in Expand3To4Module::run (SimpleModule.h) (bsc#1026987) - CVE-2017-6837, CVE-2017-6838, CVE-2017-6839: multiple ubsan crashes (bsc#1026978)

References

Affected packages

SUSE:Linux Enterprise Desktop 12 SP1 / audiofile

Package

Name
audiofile
Purl
pkg:rpm/suse/audiofile&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.3.6-10.1

Ecosystem specific

{
    "binaries": [
        {
            "libaudiofile1": "0.3.6-10.1",
            "libaudiofile1-32bit": "0.3.6-10.1",
            "audiofile": "0.3.6-10.1"
        }
    ]
}

SUSE:Linux Enterprise Desktop 12 SP2 / audiofile

Package

Name
audiofile
Purl
pkg:rpm/suse/audiofile&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.3.6-10.1

Ecosystem specific

{
    "binaries": [
        {
            "libaudiofile1": "0.3.6-10.1",
            "libaudiofile1-32bit": "0.3.6-10.1",
            "audiofile": "0.3.6-10.1"
        }
    ]
}

SUSE:Linux Enterprise Server for Raspberry Pi 12 SP2 / audiofile

Package

Name
audiofile
Purl
pkg:rpm/suse/audiofile&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.3.6-10.1

Ecosystem specific

{
    "binaries": [
        {
            "libaudiofile1": "0.3.6-10.1",
            "audiofile": "0.3.6-10.1"
        }
    ]
}

SUSE:Linux Enterprise Software Development Kit 12 SP1 / audiofile

Package

Name
audiofile
Purl
pkg:rpm/suse/audiofile&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.3.6-10.1

Ecosystem specific

{
    "binaries": [
        {
            "audiofile-devel": "0.3.6-10.1"
        }
    ]
}

SUSE:Linux Enterprise Software Development Kit 12 SP2 / audiofile

Package

Name
audiofile
Purl
pkg:rpm/suse/audiofile&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.3.6-10.1

Ecosystem specific

{
    "binaries": [
        {
            "audiofile-devel": "0.3.6-10.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP1 / audiofile

Package

Name
audiofile
Purl
pkg:rpm/suse/audiofile&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.3.6-10.1

Ecosystem specific

{
    "binaries": [
        {
            "libaudiofile1": "0.3.6-10.1",
            "libaudiofile1-32bit": "0.3.6-10.1",
            "audiofile": "0.3.6-10.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP1 / audiofile

Package

Name
audiofile
Purl
pkg:rpm/suse/audiofile&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.3.6-10.1

Ecosystem specific

{
    "binaries": [
        {
            "libaudiofile1": "0.3.6-10.1",
            "libaudiofile1-32bit": "0.3.6-10.1",
            "audiofile": "0.3.6-10.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP2 / audiofile

Package

Name
audiofile
Purl
pkg:rpm/suse/audiofile&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.3.6-10.1

Ecosystem specific

{
    "binaries": [
        {
            "libaudiofile1": "0.3.6-10.1",
            "libaudiofile1-32bit": "0.3.6-10.1",
            "audiofile": "0.3.6-10.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP2 / audiofile

Package

Name
audiofile
Purl
pkg:rpm/suse/audiofile&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.3.6-10.1

Ecosystem specific

{
    "binaries": [
        {
            "libaudiofile1": "0.3.6-10.1",
            "libaudiofile1-32bit": "0.3.6-10.1",
            "audiofile": "0.3.6-10.1"
        }
    ]
}