Alerts This Week
Warning Icon 1 646
Alerts This Week
Warning Icon 1 646

Fedora 29 WavPack: 2019-29b87bc56 Critical: Buffer Overflow Detected

fedora
Calendar Grey May 26, 2018
Dist Fedora Esm H88
The recent WavPack patch for Fedora resolves several security vulnerabilities ranging from CVE-2018-10536 through CVE-2018-10540. Implement the update immediately.
Security fix for CVE-2018-10536 CVE-2018-10537 CVE-2018-10538 CVE-2018-10539 CVE-2018-10540

Summary

WavPack is a completely open audio compression format providing lossless,

high-quality lossy, and a unique hybrid compression mode. Although the

technology is loosely based on previous versions of WavPack, the new

version 4 format has been designed from the ground up to offer unparalleled

performance and functionality.

Security fix for CVE-2018-10536 CVE-2018-10537 CVE-2018-10538 CVE-2018-10539

CVE-2018-10540

* Tue May 22 2018 Miroslav Lichvar - 5.1.0-8

- Fix for CVE-2018-10536, CVE-2018-10537, CVE-2018-10538, CVE-2018-10539,

CVE-2018-10540

[ 1 ] Bug #1574719 - CVE-2018-10536 wavpack: out of bounds write in ParseRiffHeaderConfig in riff.c

https://bugzilla.redhat.com/show_bug.cgi?id=1574719

[ 2 ] Bug #1574726 - CVE-2018-10537 wavpack: out of bounds write in ParseWave64HeaderConfig in wave64.c

https://bugzilla.redhat.com/show_bug.cgi?id=1574726

[ 3 ] Bug #1574728 - CVE-2018-10538 wavpack: out of bounds write in ParseRiffHeaderConfig in riff.c

https://bugzilla.redhat.com/show_bug.cgi?id=1574728

[ 4 ] Bug #1574729 - CVE-2018-10539 wavpack: out of bounds write in ParseDsdiffHeaderConfig in dsdiff.c

https://bugzilla.redhat.com/show_bug.cgi?id=1574729

[ 5 ] Bug #1574731 - CVE-2018-10540 wavpack: out of bounds write in ParseWave64HeaderConfig in wave64.c

https://bugzilla.redhat.com/show_bug.cgi?id=1574731

su -c 'dnf upgrade --advisory FEDORA-2018-17a97bb25b' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U2NXF2CRDIR3PAL3CTVE4B7AYNGIPTJN/

Topics%20covered

Topics Covered

security advisory security issue fedora critical software update out of bounds write wavpack

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 28
Version: 5.1.0
Release: 8.fc28
URL: https://www.wavpack.com/
Summary: A completely open audiocodec

Topics%20covered

Topics Covered

security advisory security issue fedora critical software update out of bounds write wavpack

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here