Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Fedora 28: 2018-17a97bb25b High: WavPack Out Of Bounds Issues

fedora
Calendar Grey May 26, 2018
Dist Fedora Esm H88
Investigate the recently published Fedora security patch that tackles several out of bounds vulnerabilities within WavPack, aimed at bolstering system security.
Security fix for CVE-2018-10536 CVE-2018-10537 CVE-2018-10538 CVE-2018-10539 CVE-2018-10540

Summary

WavPack is a completely open audio compression format providing lossless,

high-quality lossy, and a unique hybrid compression mode. Although the

technology is loosely based on previous versions of WavPack, the new

version 4 format has been designed from the ground up to offer unparalleled

performance and functionality.

Security fix for CVE-2018-10536 CVE-2018-10537 CVE-2018-10538 CVE-2018-10539

CVE-2018-10540

* Tue May 22 2018 Miroslav Lichvar - 5.1.0-8

- Fix for CVE-2018-10536, CVE-2018-10537, CVE-2018-10538, CVE-2018-10539,

CVE-2018-10540

[ 1 ] Bug #1574719 - CVE-2018-10536 wavpack: out of bounds write in ParseRiffHeaderConfig in riff.c

https://bugzilla.redhat.com/show_bug.cgi?id=1574719

[ 2 ] Bug #1574726 - CVE-2018-10537 wavpack: out of bounds write in ParseWave64HeaderConfig in wave64.c

https://bugzilla.redhat.com/show_bug.cgi?id=1574726

[ 3 ] Bug #1574728 - CVE-2018-10538 wavpack: out of bounds write in ParseRiffHeaderConfig in riff.c

https://bugzilla.redhat.com/show_bug.cgi?id=1574728

[ 4 ] Bug #1574729 - CVE-2018-10539 wavpack: out of bounds write in ParseDsdiffHeaderConfig in dsdiff.c

https://bugzilla.redhat.com/show_bug.cgi?id=1574729

[ 5 ] Bug #1574731 - CVE-2018-10540 wavpack: out of bounds write in ParseWave64HeaderConfig in wave64.c

https://bugzilla.redhat.com/show_bug.cgi?id=1574731

su -c 'dnf upgrade --advisory FEDORA-2018-17a97bb25b' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U2NXF2CRDIR3PAL3CTVE4B7AYNGIPTJN/

Topics%20covered

Topics Covered

security advisory high severity Fedora security fix out of bounds audio codec wavpack

Change Log

References

Update Instructions

Severity
important
Lowest
Low
Medium
High
Critical

Product: Fedora 28
Version: 5.1.0
Release: 8.fc28
URL: https://www.wavpack.com/
Summary: A completely open audiocodec

Topics%20covered

Topics Covered

security advisory high severity Fedora security fix out of bounds audio codec wavpack

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here