Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

openSUSE Leap 15.2: openSUSE-SU-2021:0153-1 Moderate Wavpack Fix

opensuse
Calendar Grey January 24, 2021
Dist Opensuse Esm H88
Strengthen your system's security by addressing the 13 identified vulnerabilities in wavpack for openSUSE. Make sure to apply the latest updates
An update that fixes 13 vulnerabilities is now available

Description

This update for wavpack fixes the following issues:

- Update to version 5.4.0

* CVE-2020-35738: Fixed an out-of-bounds write in WavpackPackSamples

(bsc#1180414)

* fixed: disable A32 asm code when building for Apple silicon

* fixed: issues with Adobe-style floating-point WAV files

* added: --normalize-floats option to wvunpack for correctly exporting

un-normalized floating-point files

- Update to version 5.3.0

* fixed: OSS-Fuzz issues 19925, 19928, 20060, 20448

* fixed: trailing garbage characters on imported ID3v2 TXXX tags

* fixed: various minor undefined behavior and memory access issues

* fixed: sanitize tag extraction names for length and path inclusion

* improved: reformat wvunpack "help" and split into long + short versions

* added: regression testing to Travis CI for OSS-Fuzz crashers - Updated to version 5.2.0

*fixed: potential security issues including the following CVEs:

CVE-2018-19840,...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory moderate software update moderate severity software fix update instructions openSUSE patch instructions wavpack

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.2:

zypper in -t patch openSUSE-2021-153=1

Package List

- openSUSE Leap 15.2 (i586 x86_64):

libwavpack1-5.4.0-lp152.7.3.1

libwavpack1-debuginfo-5.4.0-lp152.7.3.1

wavpack-5.4.0-lp152.7.3.1

wavpack-debuginfo-5.4.0-lp152.7.3.1

wavpack-debugsource-5.4.0-lp152.7.3.1

wavpack-devel-5.4.0-lp152.7.3.1

- openSUSE Leap 15.2 (x86_64):

libwavpack1-32bit-5.4.0-lp152.7.3.1

libwavpack1-32bit-debuginfo-5.4.0-lp152.7.3.1

References

https://www.suse.com/security/cve/CVE-2018-10536.html

https://www.suse.com/security/cve/CVE-2018-10537.html

https://www.suse.com/security/cve/CVE-2018-10538.html

https://www.suse.com/security/cve/CVE-2018-10539.html

https://www.suse.com/security/cve/CVE-2018-10540.html

https://www.suse.com/security/cve/CVE-2018-19840.html

https://www.suse.com/security/cve/CVE-2018-19841.html

https://www.suse.com/security/cve/CVE-2018-6767.html

https://www.suse.com/security/cve/CVE-2018-7253.html

https://www.suse.com/security/cve/CVE-2018-7254.html

https://www.suse.com/security/cve/CVE-2019-1010319.html

https://www.suse.com/security/cve/CVE-2019-11498.html

https://www.suse.com/security/cve/CVE-2020-35738.html

https://bugzilla.suse.com/1091340

https://bugzilla.suse.com/1091341

https://bugzilla.suse.com/1091342

https://bugzilla.suse.com/1091343

https://bugzilla.suse.com/1091344

https://bugzilla.suse.com/1180414

Announcement ID: openSUSE-SU-2021:0153-1
Rating: moderate
Affected Products: openSUSE Leap 15.2 .

Topics%20covered

Topics Covered

security advisory moderate software update moderate severity software fix update instructions openSUSE patch instructions wavpack

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here