What Are You Looking For?

Sign Up
MGASA-2018-0385 - Updated soundtouch packages fix security vulnerability

Publication date: 21 Sep 2018
URL: https://advisories.mageia.org/MGASA-2018-0385.html
Type: security
Affected Mageia releases: 6
CVE: CVE-2018-14044,
     CVE-2018-14045,
     CVE-2018-1000223

Updated soundtouch package fixes security vulnerabilities:
- Reachable assertion in FIRFilter.cpp causing denial of service
  (CVE-2018-14045).
- Reachable assertion in RateTransposer::setChannels() causing denial of
  service (CVE-2018-14044).
- Heap-based buffer overflow in SoundStretch/WavFile.cpp:WavInFile::readHeaderBlock()
  potentially leading to code execution (CVE-2018-1000223).

References:
- https://bugs.mageia.org/show_bug.cgi?id=23500
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/PA4WRBGUOIUFQNNFWZ5NRQ6K7S63JU6G/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14044
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14045
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000223

SRPMS:
- 6/core/soundtouch-1.9.2-2.2.mga6

Mageia 2018-0385: soundtouch security update

Updated soundtouch package fixes security vulnerabilities: - Reachable assertion in FIRFilter.cpp causing denial of service (CVE-2018-14045)

Summary

Updated soundtouch package fixes security vulnerabilities: - Reachable assertion in FIRFilter.cpp causing denial of service (CVE-2018-14045). - Reachable assertion in RateTransposer::setChannels() causing denial of service (CVE-2018-14044). - Heap-based buffer overflow in SoundStretch/WavFile.cpp:WavInFile::readHeaderBlock() potentially leading to code execution (CVE-2018-1000223).

References

- https://bugs.mageia.org/show_bug.cgi?id=23500

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/PA4WRBGUOIUFQNNFWZ5NRQ6K7S63JU6G/

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14044

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14045

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000223

Resolution

MGASA-2018-0385 - Updated soundtouch packages fix security vulnerability

SRPMS

- 6/core/soundtouch-1.9.2-2.2.mga6

Severity
Publication date: 21 Sep 2018
URL: https://advisories.mageia.org/MGASA-2018-0385.html
Type: security
CVE: CVE-2018-14044, CVE-2018-14045, CVE-2018-1000223

Related News

Kali Linux 2023.4 Released With New Hacking Tools

Dec 6, 2023

Krasue RAT Malware Hides on Linux Servers Using Embedded Rootkits

Dec 7, 2023

Nitrux 3.2.0 Linux Distro Released with Enhanced Security and New Features

Nov 28, 2023

Severe Firefox, Thunderbird Bugs Could Lead to System Takeover

Dec 2, 2023

News

Advisories

HOWTOs

Features

Password Guessing as an Attack Vector
Using Open Source to Ensure Compliance & Data Integrity through Data Governance
Critical Linux Kernel Bugs Lead to DoS, Privilege Escalation - Patch Now!
Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management

About Us

Powered By

Footer Logo