Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 485
Alerts This Week
Warning Icon 1 485

SUSE: 2021:0186-1 Moderate: Wavpack Multiple Issues Security Advisory

suse
Calendar Grey January 21, 2021
Dist Suse Esm H88
Patch addresses several security flaws in WAVPack. Utilize Zypper or YaST for seamless installation and safeguard against potential risks.
An update that fixes 13 vulnerabilities is now available

Summary

This update for wavpack fixes the following issues: - Update to version 5.4.0 * CVE-2020-35738: Fixed an out-of-bounds write in WavpackPackSamples (bsc#1180414) * fixed: disable A32 asm code when building for Apple silicon * fixed: issues with Adobe-style floating-point WAV files * added: --normalize-floats option to wvunpack for correctly exporting un-normalized floating-point files - Update to version 5.3.0 * fixed: OSS-Fuzz issues 19925, 19928, 20060, 20448 * fixed: trailing garbage characters on imported ID3v2 TXXX tags * fixed: various minor undefined behavior and memory access issues * fixed: sanitize tag extraction names for length and path inclusion * improved: reformat wvunpack "help" and split into long + short versions

References

#1091340 #1091341 #1091342 #1091343 #1091344

#1180414

Cross- CVE-2018-10536 CVE-2018-10537 CVE-2018-10538

CVE-2018-10539 CVE-2018-10540 CVE-2018-19840

CVE-2018-19841 CVE-2018-6767 CVE-2018-7253

CVE-2018-7254 CVE-2019-1010319 CVE-2019-11498

CVE-2020-35738

Affected Products:

SUSE Manager Server 4.0

SUSE Manager Retail Branch Server 4.0

SUSE Manager Proxy 4.0

SUSE Linux Enterprise Server for SAP 15-SP1

SUSE Linux Enterprise Server for SAP 15

SUSE Linux Enterprise Server 15-SP1-LTSS

SUSE Linux Enterprise Server 15-SP1-BCL

SUSE Linux Enterprise Server 15-LTSS

SUSE Linux Enterprise Module for Desktop Applications 15-SP3

SUSE Linux Enterprise Module for Desktop Applications 15-SP2

...

Read the Full Advisory

Announcement ID: SUSE-SU-2021:0186-1
Rating: moderate

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.