aubio-tools-0.4.9-5.3 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10638 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z aubio-tools-0.4.9-5.3 on GA media These are all security issues fixed in the aubio-tools-0.4.9-5.3 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10638 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:10638 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2017-17054/ SUSE CVE CVE-2017-17054 page https://www.suse.com/security/cve/CVE-2017-17554/ SUSE CVE CVE-2017-17554 page https://www.suse.com/security/cve/CVE-2018-14522/ SUSE CVE CVE-2018-14522 page openSUSE Tumbleweed aubio-tools-0.4.9-5.3 libaubio-devel-0.4.9-5.3 libaubio5-0.4.9-5.3 libaubio5-32bit-0.4.9-5.3 aubio-tools-0.4.9-5.3 as a component of openSUSE Tumbleweed libaubio-devel-0.4.9-5.3 as a component of openSUSE Tumbleweed libaubio5-0.4.9-5.3 as a component of openSUSE Tumbleweed libaubio5-32bit-0.4.9-5.3 as a component of openSUSE Tumbleweed In aubio 0.4.6, a divide-by-zero error exists in the function new_aubio_source_wavread() in source_wavread.c, which may lead to DoS when playing a crafted audio file. CVE-2017-17054 openSUSE Tumbleweed:aubio-tools-0.4.9-5.3 openSUSE Tumbleweed:libaubio-devel-0.4.9-5.3 openSUSE Tumbleweed:libaubio5-0.4.9-5.3 openSUSE Tumbleweed:libaubio5-32bit-0.4.9-5.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-17054.html CVE-2017-17054 https://bugzilla.suse.com/1070399 SUSE Bug 1070399 A NULL pointer dereference (DoS) Vulnerability was found in the function aubio_source_avcodec_readframe in io/source_avcodec.c of aubio 0.4.6, which may lead to DoS when playing a crafted audio file. CVE-2017-17554 openSUSE Tumbleweed:aubio-tools-0.4.9-5.3 openSUSE Tumbleweed:libaubio-devel-0.4.9-5.3 openSUSE Tumbleweed:libaubio5-0.4.9-5.3 openSUSE Tumbleweed:libaubio5-32bit-0.4.9-5.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-17554.html CVE-2017-17554 https://bugzilla.suse.com/1072317 SUSE Bug 1072317 https://bugzilla.suse.com/1102352 SUSE Bug 1102352 An issue was discovered in aubio 0.4.6. A SEGV signal can occur in aubio_pitch_set_unit in pitch/pitch.c, as demonstrated by aubionotes. CVE-2018-14522 openSUSE Tumbleweed:aubio-tools-0.4.9-5.3 openSUSE Tumbleweed:libaubio-devel-0.4.9-5.3 openSUSE Tumbleweed:libaubio5-0.4.9-5.3 openSUSE Tumbleweed:libaubio5-32bit-0.4.9-5.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-14522.html CVE-2018-14522 https://bugzilla.suse.com/1102359 SUSE Bug 1102359