Alerts This Week
Warning Icon 1 1,154
Alerts This Week
Warning Icon 1 1,154

openSUSE Leap 15.2: openSUSE-SU-2021:0153-1 Moderate Wavpack Fix

opensuse
Calendar Grey January 24, 2021
Dist Opensuse Esm H88
openSUSE Security Update: Security update for wavpack ______________________________________________
An update that fixes 13 vulnerabilities is now available

Description

This update for wavpack fixes the following issues:

- Update to version 5.4.0

* CVE-2020-35738: Fixed an out-of-bounds write in WavpackPackSamples

(bsc#1180414)

* fixed: disable A32 asm code when building for Apple silicon

* fixed: issues with Adobe-style floating-point WAV files

* added: --normalize-floats option to wvunpack for correctly exporting

un-normalized floating-point files

- Update to version 5.3.0

* fixed: OSS-Fuzz issues 19925, 19928, 20060, 20448

* fixed: trailing garbage characters on imported ID3v2 TXXX tags

* fixed: various minor undefined behavior and memory access issues

* fixed: sanitize tag extraction names for length and path inclusion

* improved: reformat wvunpack "help" and split into long + short versions

* added: regression testing to Travis CI for OSS-Fuzz crashers - Updated to version 5.2.0

*fixed: potential security issues including the following CVEs:

CVE-2018-19840,...

Read the Full Advisory

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.2:

zypper in -t patch openSUSE-2021-153=1

Package List

- openSUSE Leap 15.2 (i586 x86_64):

libwavpack1-5.4.0-lp152.7.3.1

libwavpack1-debuginfo-5.4.0-lp152.7.3.1

wavpack-5.4.0-lp152.7.3.1

wavpack-debuginfo-5.4.0-lp152.7.3.1

wavpack-debugsource-5.4.0-lp152.7.3.1

wavpack-devel-5.4.0-lp152.7.3.1

- openSUSE Leap 15.2 (x86_64):

libwavpack1-32bit-5.4.0-lp152.7.3.1

libwavpack1-32bit-debuginfo-5.4.0-lp152.7.3.1

References

https://www.suse.com/security/cve/CVE-2018-10536.html

https://www.suse.com/security/cve/CVE-2018-10537.html

https://www.suse.com/security/cve/CVE-2018-10538.html

https://www.suse.com/security/cve/CVE-2018-10539.html

https://www.suse.com/security/cve/CVE-2018-10540.html

https://www.suse.com/security/cve/CVE-2018-19840.html

https://www.suse.com/security/cve/CVE-2018-19841.html

https://www.suse.com/security/cve/CVE-2018-6767.html

https://www.suse.com/security/cve/CVE-2018-7253.html

https://www.suse.com/security/cve/CVE-2018-7254.html

https://www.suse.com/security/cve/CVE-2019-1010319.html

https://www.suse.com/security/cve/CVE-2019-11498.html

https://www.suse.com/security/cve/CVE-2020-35738.html

https://bugzilla.suse.com/1091340

https://bugzilla.suse.com/1091341

https://bugzilla.suse.com/1091342

https://bugzilla.suse.com/1091343

https://bugzilla.suse.com/1091344

https://bugzilla.suse.com/1180414

Announcement ID: openSUSE-SU-2021:0153-1
Rating: moderate
Affected Products: openSUSE Leap 15.2 .

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here