Security update for libsndfile
This update for libsndfile fixes the following issues:
- CVE-2017-8361: Global buffer overflow in flac_buffer_copy. (bsc#1036946)
- CVE-2017-8362: Invalid memory read in flac_buffer_copy. (bsc#1036943)
- CVE-2017-8363: Heap-based buffer overflow in flac_buffer_copy. (bsc#1036945)
- CVE-2017-7585, CVE-2017-7741, CVE-2017-7742: Stack-based buffer overflows via specially
crafted FLAC files. (bsc#1033054)
This update was imported from the SUSE:SLE-12:Update update project.
-
Submitted by
Takashi Iwai (tiwai)
Fixed bugs
bnc#1036943
VUL-1: CVE-2017-8362: libsndfile: invalid memory read in flac_buffer_copy (flac.c)
bnc#1033914
VUL-0: CVE-2017-7742: libsndfile: versions before 1.0.28, function flac_buffer_copy() read memory access issue
bnc#1033915
VUL-0: CVE-2017-7741: libsndfile: versions before 1.0.28 have write memory access issue on function flac_buffer_copy()
bnc#1036946
VUL-0: CVE-2017-8365: libsndfile: global buffer overflow in i2les_array (pcm.c)
bnc#1036944
VUL-1: CVE-2017-8361: libsndfile: global buffer overflow in flac_buffer_copy (flac.c)
bnc#1036945
VUL-0: CVE-2017-8363: libsndfile: heap-based buffer overflow in flac_buffer_copy (flac.c)
bnc#1033054
VUL-1: CVE-2017-7585, CVE-2017-7741, CVE-2017-7742: libsndfile: stack-based buffer overflow via a specially crafted FLAC file (error in the "flac_buffer_copy()" function)
bnc#1038856
Memory leaks in libsndfile
