Security update for espeak-ng SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2024:2632-1 Final 1 1 2024-07-30T07:13:18Z current 2024-07-30T07:13:18Z 2024-07-30T07:13:18Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for espeak-ng This update for espeak-ng fixes the following issues: - CVE-2023-49990: Fixed buffer overflow in SetUpPhonemeTable function at synthdata.c (bsc#1218010) - CVE-2023-49991: Fixed stack-buffer-underflow exists in the function CountVowelPosition in synthdata.c (bsc#1218006) - CVE-2023-49992: Fixed stack-buffer-overflow exists in the function RemoveEnding in dictionary.c (bsc#1218007) - CVE-2023-49993: Fixed buffer overflow in ReadClause function at readclause.c (bsc#1218008) - CVE-2023-49994: Fixed floating point exception in PeaksToHarmspect at wavegen.c (bsc#1218009) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2024-2632,SUSE-SLE-Module-Desktop-Applications-15-SP5-2024-2632,SUSE-SLE-Module-Desktop-Applications-15-SP6-2024-2632,openSUSE-SLE-15.5-2024-2632,openSUSE-SLE-15.6-2024-2632 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2024/suse-su-20242632-1/ Link for SUSE-SU-2024:2632-1 https://lists.suse.com/pipermail/sle-security-updates/2024-July/019042.html E-Mail link for SUSE-SU-2024:2632-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1218006 SUSE Bug 1218006 https://bugzilla.suse.com/1218007 SUSE Bug 1218007 https://bugzilla.suse.com/1218008 SUSE Bug 1218008 https://bugzilla.suse.com/1218009 SUSE Bug 1218009 https://bugzilla.suse.com/1218010 SUSE Bug 1218010 https://www.suse.com/security/cve/CVE-2023-49990/ SUSE CVE CVE-2023-49990 page https://www.suse.com/security/cve/CVE-2023-49991/ SUSE CVE CVE-2023-49991 page https://www.suse.com/security/cve/CVE-2023-49992/ SUSE CVE CVE-2023-49992 page https://www.suse.com/security/cve/CVE-2023-49993/ SUSE CVE CVE-2023-49993 page https://www.suse.com/security/cve/CVE-2023-49994/ SUSE CVE CVE-2023-49994 page SUSE Linux Enterprise Module for Desktop Applications 15 SP5 SUSE Linux Enterprise Module for Desktop Applications 15 SP6 openSUSE Leap 15.5 openSUSE Leap 15.6 espeak-ng-1.50-150300.3.3.1 espeak-ng-compat-1.50-150300.3.3.1 espeak-ng-compat-devel-1.50-150300.3.3.1 espeak-ng-devel-1.50-150300.3.3.1 libespeak-ng1-1.50-150300.3.3.1 espeak-ng-1.50-150300.3.3.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP5 espeak-ng-compat-1.50-150300.3.3.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP5 espeak-ng-compat-devel-1.50-150300.3.3.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP5 espeak-ng-devel-1.50-150300.3.3.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP5 libespeak-ng1-1.50-150300.3.3.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP5 espeak-ng-1.50-150300.3.3.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP6 espeak-ng-compat-1.50-150300.3.3.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP6 espeak-ng-compat-devel-1.50-150300.3.3.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP6 espeak-ng-devel-1.50-150300.3.3.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP6 libespeak-ng1-1.50-150300.3.3.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP6 espeak-ng-1.50-150300.3.3.1 as a component of openSUSE Leap 15.5 espeak-ng-compat-1.50-150300.3.3.1 as a component of openSUSE Leap 15.5 espeak-ng-compat-devel-1.50-150300.3.3.1 as a component of openSUSE Leap 15.5 espeak-ng-devel-1.50-150300.3.3.1 as a component of openSUSE Leap 15.5 libespeak-ng1-1.50-150300.3.3.1 as a component of openSUSE Leap 15.5 espeak-ng-1.50-150300.3.3.1 as a component of openSUSE Leap 15.6 espeak-ng-compat-1.50-150300.3.3.1 as a component of openSUSE Leap 15.6 espeak-ng-compat-devel-1.50-150300.3.3.1 as a component of openSUSE Leap 15.6 espeak-ng-devel-1.50-150300.3.3.1 as a component of openSUSE Leap 15.6 libespeak-ng1-1.50-150300.3.3.1 as a component of openSUSE Leap 15.6 Espeak-ng 1.52-dev was discovered to contain a buffer-overflow via the function SetUpPhonemeTable at synthdata.c. CVE-2023-49990 SUSE Linux Enterprise Module for Desktop Applications 15 SP5:espeak-ng-1.50-150300.3.3.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP5:espeak-ng-compat-1.50-150300.3.3.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP5:espeak-ng-compat-devel-1.50-150300.3.3.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP5:espeak-ng-devel-1.50-150300.3.3.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP5:libespeak-ng1-1.50-150300.3.3.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP6:espeak-ng-1.50-150300.3.3.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP6:espeak-ng-compat-1.50-150300.3.3.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP6:espeak-ng-compat-devel-1.50-150300.3.3.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP6:espeak-ng-devel-1.50-150300.3.3.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP6:libespeak-ng1-1.50-150300.3.3.1 openSUSE Leap 15.5:espeak-ng-1.50-150300.3.3.1 openSUSE Leap 15.5:espeak-ng-compat-1.50-150300.3.3.1 openSUSE Leap 15.5:espeak-ng-compat-devel-1.50-150300.3.3.1 openSUSE Leap 15.5:espeak-ng-devel-1.50-150300.3.3.1 openSUSE Leap 15.5:libespeak-ng1-1.50-150300.3.3.1 openSUSE Leap 15.6:espeak-ng-1.50-150300.3.3.1 openSUSE Leap 15.6:espeak-ng-compat-1.50-150300.3.3.1 openSUSE Leap 15.6:espeak-ng-compat-devel-1.50-150300.3.3.1 openSUSE Leap 15.6:espeak-ng-devel-1.50-150300.3.3.1 openSUSE Leap 15.6:libespeak-ng1-1.50-150300.3.3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20242632-1/ https://www.suse.com/security/cve/CVE-2023-49990.html CVE-2023-49990 https://bugzilla.suse.com/1218010 SUSE Bug 1218010 Espeak-ng 1.52-dev was discovered to contain a Stack Buffer Underflow via the function CountVowelPosition at synthdata.c. CVE-2023-49991 SUSE Linux Enterprise Module for Desktop Applications 15 SP5:espeak-ng-1.50-150300.3.3.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP5:espeak-ng-compat-1.50-150300.3.3.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP5:espeak-ng-compat-devel-1.50-150300.3.3.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP5:espeak-ng-devel-1.50-150300.3.3.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP5:libespeak-ng1-1.50-150300.3.3.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP6:espeak-ng-1.50-150300.3.3.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP6:espeak-ng-compat-1.50-150300.3.3.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP6:espeak-ng-compat-devel-1.50-150300.3.3.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP6:espeak-ng-devel-1.50-150300.3.3.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP6:libespeak-ng1-1.50-150300.3.3.1 openSUSE Leap 15.5:espeak-ng-1.50-150300.3.3.1 openSUSE Leap 15.5:espeak-ng-compat-1.50-150300.3.3.1 openSUSE Leap 15.5:espeak-ng-compat-devel-1.50-150300.3.3.1 openSUSE Leap 15.5:espeak-ng-devel-1.50-150300.3.3.1 openSUSE Leap 15.5:libespeak-ng1-1.50-150300.3.3.1 openSUSE Leap 15.6:espeak-ng-1.50-150300.3.3.1 openSUSE Leap 15.6:espeak-ng-compat-1.50-150300.3.3.1 openSUSE Leap 15.6:espeak-ng-compat-devel-1.50-150300.3.3.1 openSUSE Leap 15.6:espeak-ng-devel-1.50-150300.3.3.1 openSUSE Leap 15.6:libespeak-ng1-1.50-150300.3.3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20242632-1/ https://www.suse.com/security/cve/CVE-2023-49991.html CVE-2023-49991 https://bugzilla.suse.com/1218006 SUSE Bug 1218006 Espeak-ng 1.52-dev was discovered to contain a Stack Buffer Overflow via the function RemoveEnding at dictionary.c. CVE-2023-49992 SUSE Linux Enterprise Module for Desktop Applications 15 SP5:espeak-ng-1.50-150300.3.3.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP5:espeak-ng-compat-1.50-150300.3.3.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP5:espeak-ng-compat-devel-1.50-150300.3.3.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP5:espeak-ng-devel-1.50-150300.3.3.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP5:libespeak-ng1-1.50-150300.3.3.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP6:espeak-ng-1.50-150300.3.3.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP6:espeak-ng-compat-1.50-150300.3.3.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP6:espeak-ng-compat-devel-1.50-150300.3.3.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP6:espeak-ng-devel-1.50-150300.3.3.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP6:libespeak-ng1-1.50-150300.3.3.1 openSUSE Leap 15.5:espeak-ng-1.50-150300.3.3.1 openSUSE Leap 15.5:espeak-ng-compat-1.50-150300.3.3.1 openSUSE Leap 15.5:espeak-ng-compat-devel-1.50-150300.3.3.1 openSUSE Leap 15.5:espeak-ng-devel-1.50-150300.3.3.1 openSUSE Leap 15.5:libespeak-ng1-1.50-150300.3.3.1 openSUSE Leap 15.6:espeak-ng-1.50-150300.3.3.1 openSUSE Leap 15.6:espeak-ng-compat-1.50-150300.3.3.1 openSUSE Leap 15.6:espeak-ng-compat-devel-1.50-150300.3.3.1 openSUSE Leap 15.6:espeak-ng-devel-1.50-150300.3.3.1 openSUSE Leap 15.6:libespeak-ng1-1.50-150300.3.3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20242632-1/ https://www.suse.com/security/cve/CVE-2023-49992.html CVE-2023-49992 https://bugzilla.suse.com/1218007 SUSE Bug 1218007 Espeak-ng 1.52-dev was discovered to contain a Buffer Overflow via the function ReadClause at readclause.c. CVE-2023-49993 SUSE Linux Enterprise Module for Desktop Applications 15 SP5:espeak-ng-1.50-150300.3.3.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP5:espeak-ng-compat-1.50-150300.3.3.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP5:espeak-ng-compat-devel-1.50-150300.3.3.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP5:espeak-ng-devel-1.50-150300.3.3.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP5:libespeak-ng1-1.50-150300.3.3.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP6:espeak-ng-1.50-150300.3.3.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP6:espeak-ng-compat-1.50-150300.3.3.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP6:espeak-ng-compat-devel-1.50-150300.3.3.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP6:espeak-ng-devel-1.50-150300.3.3.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP6:libespeak-ng1-1.50-150300.3.3.1 openSUSE Leap 15.5:espeak-ng-1.50-150300.3.3.1 openSUSE Leap 15.5:espeak-ng-compat-1.50-150300.3.3.1 openSUSE Leap 15.5:espeak-ng-compat-devel-1.50-150300.3.3.1 openSUSE Leap 15.5:espeak-ng-devel-1.50-150300.3.3.1 openSUSE Leap 15.5:libespeak-ng1-1.50-150300.3.3.1 openSUSE Leap 15.6:espeak-ng-1.50-150300.3.3.1 openSUSE Leap 15.6:espeak-ng-compat-1.50-150300.3.3.1 openSUSE Leap 15.6:espeak-ng-compat-devel-1.50-150300.3.3.1 openSUSE Leap 15.6:espeak-ng-devel-1.50-150300.3.3.1 openSUSE Leap 15.6:libespeak-ng1-1.50-150300.3.3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20242632-1/ https://www.suse.com/security/cve/CVE-2023-49993.html CVE-2023-49993 https://bugzilla.suse.com/1218008 SUSE Bug 1218008 Espeak-ng 1.52-dev was discovered to contain a Floating Point Exception via the function PeaksToHarmspect at wavegen.c. CVE-2023-49994 SUSE Linux Enterprise Module for Desktop Applications 15 SP5:espeak-ng-1.50-150300.3.3.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP5:espeak-ng-compat-1.50-150300.3.3.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP5:espeak-ng-compat-devel-1.50-150300.3.3.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP5:espeak-ng-devel-1.50-150300.3.3.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP5:libespeak-ng1-1.50-150300.3.3.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP6:espeak-ng-1.50-150300.3.3.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP6:espeak-ng-compat-1.50-150300.3.3.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP6:espeak-ng-compat-devel-1.50-150300.3.3.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP6:espeak-ng-devel-1.50-150300.3.3.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP6:libespeak-ng1-1.50-150300.3.3.1 openSUSE Leap 15.5:espeak-ng-1.50-150300.3.3.1 openSUSE Leap 15.5:espeak-ng-compat-1.50-150300.3.3.1 openSUSE Leap 15.5:espeak-ng-compat-devel-1.50-150300.3.3.1 openSUSE Leap 15.5:espeak-ng-devel-1.50-150300.3.3.1 openSUSE Leap 15.5:libespeak-ng1-1.50-150300.3.3.1 openSUSE Leap 15.6:espeak-ng-1.50-150300.3.3.1 openSUSE Leap 15.6:espeak-ng-compat-1.50-150300.3.3.1 openSUSE Leap 15.6:espeak-ng-compat-devel-1.50-150300.3.3.1 openSUSE Leap 15.6:espeak-ng-devel-1.50-150300.3.3.1 openSUSE Leap 15.6:libespeak-ng1-1.50-150300.3.3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20242632-1/ https://www.suse.com/security/cve/CVE-2023-49994.html CVE-2023-49994 https://bugzilla.suse.com/1218009 SUSE Bug 1218009