libsndfile-devel-1.0.26-2.4 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10148-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z libsndfile-devel-1.0.26-2.4 on GA media These are all security issues fixed in the libsndfile-devel-1.0.26-2.4 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10148 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2009-0186/ SUSE CVE CVE-2009-0186 page https://www.suse.com/security/cve/CVE-2011-2696/ SUSE CVE CVE-2011-2696 page https://www.suse.com/security/cve/CVE-2014-9496/ SUSE CVE CVE-2014-9496 page https://www.suse.com/security/cve/CVE-2014-9756/ SUSE CVE CVE-2014-9756 page https://www.suse.com/security/cve/CVE-2015-7805/ SUSE CVE CVE-2015-7805 page https://www.suse.com/security/cve/CVE-2015-8075/ SUSE CVE CVE-2015-8075 page openSUSE Tumbleweed libsndfile-devel-1.0.26-2.4 libsndfile1-1.0.26-2.4 libsndfile1-32bit-1.0.26-2.4 libsndfile-devel-1.0.26-2.4 as a component of openSUSE Tumbleweed libsndfile1-1.0.26-2.4 as a component of openSUSE Tumbleweed libsndfile1-32bit-1.0.26-2.4 as a component of openSUSE Tumbleweed Integer overflow in libsndfile 1.0.18, as used in Winamp and other products, allows context-dependent attackers to execute arbitrary code via crafted description chunks in a CAF audio file, leading to a heap-based buffer overflow. CVE-2009-0186 openSUSE Tumbleweed:libsndfile-devel-1.0.26-2.4 openSUSE Tumbleweed:libsndfile1-1.0.26-2.4 openSUSE Tumbleweed:libsndfile1-32bit-1.0.26-2.4 moderate 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2009-0186.html CVE-2009-0186 https://bugzilla.suse.com/481769 SUSE Bug 481769 Integer overflow in libsndfile before 1.0.25 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PARIS Audio Format (PAF) file that triggers a heap-based buffer overflow. CVE-2011-2696 openSUSE Tumbleweed:libsndfile-devel-1.0.26-2.4 openSUSE Tumbleweed:libsndfile1-1.0.26-2.4 openSUSE Tumbleweed:libsndfile1-32bit-1.0.26-2.4 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-2696.html CVE-2011-2696 https://bugzilla.suse.com/705681 SUSE Bug 705681 The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows attackers to have unspecified impact via vectors related to a (1) map offset or (2) rsrc marker, which triggers an out-of-bounds read. CVE-2014-9496 openSUSE Tumbleweed:libsndfile-devel-1.0.26-2.4 openSUSE Tumbleweed:libsndfile1-1.0.26-2.4 openSUSE Tumbleweed:libsndfile1-32bit-1.0.26-2.4 moderate 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-9496.html CVE-2014-9496 https://bugzilla.suse.com/911796 SUSE Bug 911796 The psf_fwrite function in file_io.c in libsndfile allows attackers to cause a denial of service (divide-by-zero error and application crash) via unspecified vectors related to the headindex variable. CVE-2014-9756 openSUSE Tumbleweed:libsndfile-devel-1.0.26-2.4 openSUSE Tumbleweed:libsndfile1-1.0.26-2.4 openSUSE Tumbleweed:libsndfile1-32bit-1.0.26-2.4 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-9756.html CVE-2014-9756 https://bugzilla.suse.com/953516 SUSE Bug 953516 https://bugzilla.suse.com/953519 SUSE Bug 953519 https://bugzilla.suse.com/953521 SUSE Bug 953521 Heap-based buffer overflow in libsndfile 1.0.25 allows remote attackers to have unspecified impact via the headindex value in the header in an AIFF file. CVE-2015-7805 openSUSE Tumbleweed:libsndfile-devel-1.0.26-2.4 openSUSE Tumbleweed:libsndfile1-1.0.26-2.4 openSUSE Tumbleweed:libsndfile1-32bit-1.0.26-2.4 moderate 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-7805.html CVE-2015-7805 https://bugzilla.suse.com/953516 SUSE Bug 953516 https://bugzilla.suse.com/953519 SUSE Bug 953519 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. CVE-2015-8075 openSUSE Tumbleweed:libsndfile-devel-1.0.26-2.4 openSUSE Tumbleweed:libsndfile1-1.0.26-2.4 openSUSE Tumbleweed:libsndfile1-32bit-1.0.26-2.4 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-8075.html CVE-2015-8075 https://bugzilla.suse.com/953516 SUSE Bug 953516 https://bugzilla.suse.com/953519 SUSE Bug 953519