Fedora 29: 2018-3058a87e60 Moderate: Audiofile DoS and Buffer Overflow

The Audio File library is an implementation of the Audio File Library

from SGI, which provides an API for accessing audio file formats like

AIFF/AIFF-C, WAVE, and NeXT/Sun .snd/.au files. This library is used

by the EsounD daemon.

Install audiofile if you are installing EsounD or you need an API for

any of the sound file formats it can handle.

Fixes for CVE-2018-13440 and CVE-2018-17095.

* Tue Oct 9 2018 Gwyn Ciesla - 1:0.3.6-21

- Fixes for CVE-2018-13440.

* Tue Oct 9 2018 Gwyn Ciesla - 1:0.3.6-20

- Fix for CVE-2018-17095.

[ 1 ] Bug #1600368 - CVE-2018-13440 audiofile: NULL pointer dereference in modules/ModuleState.cpp:ModuleState::setup() allows for denial of service via crafted file [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1600368

[ 2 ] Bug #1631089 - CVE-2018-17095 audiofile: Heap-based buffer overflow in Expand3To4Module::run when running sfconvert [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1631089

su -c 'dnf upgrade --advisory FEDORA-2018-3058a87e60' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/