Overview

File _patchinfo of Package patchinfo.7698

<patchinfo incident="7698">
  <issue tracker="bnc" id="1071767">VUL-1: CVE-2017-17457: libsndfile: d2ulaw_array() in ulaw.c may lead to a remote DoS attack</issue>
  <issue tracker="bnc" id="1071777">VUL-1: CVE-2017-17456: libsndfile: d2alaw_array() in alaw.c may lead to a remote DoS attack</issue>
  <issue id="1100167" tracker="bnc">VUL-0: CVE-2018-13139: libsndfile: A stack-based buffer overflow in psf_memset in common.c in libsndfile 1.0.28allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact</issue>
  <issue id="2018-13139" tracker="cve" />
  <issue tracker="cve" id="2017-17456"/>
  <issue tracker="cve" id="2017-17457"/>
  <category>security</category>
  <rating>moderate</rating>
  <packager>tiwai</packager>
  <description>This update for libsndfile fixes the following issues:

Security issues fixed:

- CVE-2018-13139: Fix a stack-based buffer overflow in psf_memset in common.c that allows remote attackers to cause a denial of service (bsc#1100167).
- CVE-2017-17456: Prevent segmentation fault in the function d2alaw_array() that may have lead to a remote DoS (bsc#1071777)
- CVE-2017-17457: Prevent segmentation fault in the function d2ulaw_array() that may have lead to a remote DoS, a different vulnerability than CVE-2017-14246 (bsc#1071767)
</description>
  <summary>Security update for libsndfile</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places