Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Fedora 28: FEDORA-2019-b12c4a123d High: libexample Security Flaw

fedora
Calendar Grey October 18, 2018
Dist Fedora Esm H88
Essential revisions for Fedora 27 tackling significant security flaws in the audiofile library which impact various audio formats.
Fixes for CVE-2018-13440 and CVE-2018-17095.

Summary

The Audio File library is an implementation of the Audio File Library

from SGI, which provides an API for accessing audio file formats like

AIFF/AIFF-C, WAVE, and NeXT/Sun .snd/.au files. This library is used

by the EsounD daemon.

Install audiofile if you are installing EsounD or you need an API for

any of the sound file formats it can handle.

Fixes for CVE-2018-13440 and CVE-2018-17095.

* Tue Oct 9 2018 Gwyn Ciesla - 1:0.3.6-21

- Fixes for CVE-2018-13440.

* Tue Oct 9 2018 Gwyn Ciesla - 1:0.3.6-20

- Fix for CVE-2018-17095.

* Mon Aug 13 2018 Leigh Scott - 1:0.3.6-19

- Fix build

* Thu Jul 12 2018 Fedora Release Engineering - 1:0.3.6-18

- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild

* Fri Feb 9 2018 Igor Gnatenko - 1:0.3.6-17

- Escape macros in %changelog

* Wed Feb 7 2018 Fedora Release Engineering - 1:0.3.6-16

- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild

[ 1 ] Bug #1600368 - CVE-2018-13440 audiofile: NULL pointer dereference in modules/ModuleState.cpp:ModuleState::setup() allows for denial of service via crafted file [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1600368

[ 2 ] Bug #1631089 - CVE-2018-17095 audiofile: Heap-based buffer overflow in Expand3To4Module::run when running sfconvert [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1631089

su -c 'dnf upgrade --advisory FEDORA-2018-b967b5592e' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Topics%20covered

Topics Covered

security advisory buffer overflow Fedora moderate severity Denial of Service audiofile

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 27
Version: 0.3.6
Release: 21.fc27
URL: https://audiofile.68k.org/
Summary: Library for accessing various audio file formats

Topics%20covered

Topics Covered

security advisory buffer overflow Fedora moderate severity Denial of Service audiofile

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here