Alerts This Week
Warning Icon 1 485
Alerts This Week
Warning Icon 1 485

SUSE: 2018:3606-2 Moderate: SoundTouch Denial of Service Issues

suse
Calendar Grey December 10, 2018
Dist Suse Esm H88
An important patch has been released for SUSE addressing several moderate vulnerabilities in soundtouch across different distributions. Ensure you upgrade immediately!
An update that fixes three vulnerabilities is now available

Summary

This update for soundtouch fixes the following issues: - CVE-2018-17098: The WavFileBase class allowed remote attackers to cause a denial of service (heap corruption from size inconsistency) or possibly have unspecified other impact, as demonstrated by SoundStretch. (bsc#1108632) - CVE-2018-17097: The WavFileBase class allowed remote attackers to cause a denial of service (double free) or possibly have unspecified other impact, as demonstrated by SoundStretch. (double free) (bsc#1108631) - CVE-2018-17096: The BPMDetect class allowed remote attackers to cause a denial of service (assertion failure and application exit), as demonstrated by SoundStretch. (bsc#1108630) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods

References

#1108630 #1108631 #1108632

Cross- CVE-2018-17096 CVE-2018-17097 CVE-2018-17098

Affected Products:

SUSE Linux Enterprise Workstation Extension 12-SP4

SUSE Linux Enterprise Software Development Kit 12-SP4

SUSE Linux Enterprise Server 12-SP4

SUSE Linux Enterprise Desktop 12-SP4

https://www.suse.com/security/cve/CVE-2018-17096.html

https://www.suse.com/security/cve/CVE-2018-17097.html

https://www.suse.com/security/cve/CVE-2018-17098.html

https://bugzilla.suse.com/1108630

https://bugzilla.suse.com/1108631

https://bugzilla.suse.com/1108632

Announcement ID: SUSE-SU-2018:3606-2
Rating: moderate

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here