SUSE-SU-2017:1367-1

Details

Description of the patch:

This update for libsndfile fixes the following issues:

CVE-2017-8361: Global buffer overflow in flac_buffer_copy. (bsc#1036946)
CVE-2017-8362: Invalid memory read in flac_buffer_copy. (bsc#1036943)
CVE-2017-8363: Heap-based buffer overflow in flac_buffer_copy. (bsc#1036945)
CVE-2017-7585, CVE-2017-7741, CVE-2017-7742: Stack-based buffer overflows via specially crafted FLAC files. (bsc#1033054)

Affected Packages

libsndfile1

SUSE Linux Enterprise Desktop 12 SP1SUSE Linux Enterprise Desktop 12 SP2SUSE Linux Enterprise Server 12 SP1SUSE Linux Enterprise Server 12 SP2SUSE Linux Enterprise Server for Raspberry Pi 12 SP2

Fixed in:

1.0.25-35.1

libsndfile1-32bit

SUSE Linux Enterprise Desktop 12 SP1SUSE Linux Enterprise Desktop 12 SP2SUSE Linux Enterprise Server 12 SP1SUSE Linux Enterprise Server 12 SP2SUSE Linux Enterprise Server for SAP Applications 12 SP1

Fixed in:

1.0.25-35.1

libsndfile-devel

SUSE Linux Enterprise Software Development Kit 12 SP1SUSE Linux Enterprise Software Development Kit 12 SP2

Fixed in:

1.0.25-35.1

References