Overview

File _patchinfo of Package patchinfo.6778

<patchinfo incident="6778">
  <issue id="1036943" tracker="bnc">VUL-1: CVE-2017-8362: libsndfile: invalid memory read in flac_buffer_copy (flac.c)</issue>
  <issue id="1033914" tracker="bnc">VUL-0: CVE-2017-7742: libsndfile: versions before 1.0.28, function flac_buffer_copy() read memory access issue</issue>
  <issue id="1033915" tracker="bnc">VUL-0: CVE-2017-7741: libsndfile: versions before 1.0.28 have write memory access issue on function flac_buffer_copy()</issue>
  <issue id="1036946" tracker="bnc">VUL-0: CVE-2017-8365: libsndfile: global buffer overflow in i2les_array (pcm.c)</issue>
  <issue id="1036944" tracker="bnc">VUL-1: CVE-2017-8361: libsndfile: global buffer overflow in flac_buffer_copy (flac.c)</issue>
  <issue id="1036945" tracker="bnc">VUL-0: CVE-2017-8363: libsndfile: heap-based buffer overflow in flac_buffer_copy (flac.c)</issue>
  <issue id="1033054" tracker="bnc">VUL-1: CVE-2017-7585, CVE-2017-7741, CVE-2017-7742: libsndfile: stack-based buffer overflow via a specially crafted FLAC file (error in the "flac_buffer_copy()" function)</issue>
  <issue id="1038856" tracker="bnc">Memory leaks in libsndfile</issue>
  <issue id="2017-8365" tracker="cve" />
  <issue id="2017-8363" tracker="cve" />
  <issue id="2017-8362" tracker="cve" />
  <issue id="2017-8361" tracker="cve" />
  <issue id="2017-7741" tracker="cve" />
  <issue id="2017-7742" tracker="cve" />
  <issue id="2017-7585" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>tiwai</packager>
  <summary>Security update for libsndfile</summary>
  <description>This update for libsndfile fixes the following issues:

- CVE-2017-8361: Global buffer overflow in flac_buffer_copy. (bsc#1036946)
- CVE-2017-8362: Invalid memory read in flac_buffer_copy. (bsc#1036943)
- CVE-2017-8363: Heap-based buffer overflow in flac_buffer_copy. (bsc#1036945)
- CVE-2017-7585, CVE-2017-7741, CVE-2017-7742: Stack-based buffer overflows via specially
  crafted FLAC files. (bsc#1033054)

This update was imported from the SUSE:SLE-12:Update update project.</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places