Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 3 articles for you...
100
security advisorySuSEDoSSUSE: Taglib Low Severity Application Crash Vulnerability 2025:4501-1
An update that solves one vulnerability can now be installed.. # Security update for taglib Announcement ID: SUSE-SU-2025:4501-1 Release Date: 2025-12-19T17:00:38Z Rating: low References: * bsc#1243499 Cross-References: * CVE-2023-47466 CVSS scores: * CVE-2023-47466 ( SUSE ): 1.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2023-47466 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2023-47466 ( NVD ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-47466 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H Affected Products: * Basesystem Module 15-SP7 * Desktop Applications Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves one vulnerability can now be installed. ## Description: This update for taglib fixes the following issues: * CVE-2023-47466: application crash when processing specially crafted WAV files during tag writing operations (bsc#1243499). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2025-4501=1 openSUSE-SLE-15.6-2025-4501=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2025-4501=1 * Desktop Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2025-4501=1 * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-4501=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * taglib-debugsource-1.13.1-150600.3.3.1 * libtag_c0-1.13.1-150600.3.3.1 *libtag1-debuginfo-1.13.1-150600.3.3.1 * libtag_c0-debuginfo-1.13.1-150600.3.3.1 * taglib-1.13.1-150600.3.3.1 * libtag-devel-1.13.1-150600.3.3.1 * taglib-debuginfo-1.13.1-150600.3.3.1 * libtag1-1.13.1-150600.3.3.1 * openSUSE Leap 15.6 (x86_64) * libtag1-32bit-1.13.1-150600.3.3.1 * libtag_c0-32bit-1.13.1-150600.3.3.1 * libtag1-32bit-debuginfo-1.13.1-150600.3.3.1 * libtag_c0-32bit-debuginfo-1.13.1-150600.3.3.1 * openSUSE Leap 15.6 (noarch) * libtag-doc-1.13.1-150600.3.3.1 * openSUSE Leap 15.6 (aarch64_ilp32) * libtag_c0-64bit-1.13.1-150600.3.3.1 * libtag_c0-64bit-debuginfo-1.13.1-150600.3.3.1 * libtag1-64bit-1.13.1-150600.3.3.1 * libtag1-64bit-debuginfo-1.13.1-150600.3.3.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * taglib-debugsource-1.13.1-150600.3.3.1 * libtag1-debuginfo-1.13.1-150600.3.3.1 * libtag1-1.13.1-150600.3.3.1 * taglib-debuginfo-1.13.1-150600.3.3.1 * Desktop Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64) * taglib-debugsource-1.13.1-150600.3.3.1 * libtag_c0-1.13.1-150600.3.3.1 * libtag-devel-1.13.1-150600.3.3.1 * taglib-debuginfo-1.13.1-150600.3.3.1 * libtag_c0-debuginfo-1.13.1-150600.3.3.1 * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64) * taglib-debugsource-1.13.1-150600.3.3.1 * taglib-debuginfo-1.13.1-150600.3.3.1 * taglib-1.13.1-150600.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-47466.html * https://bugzilla.suse.com/show_bug.cgi?id=1243499 . Update resolves a crash vulnerability in Taglib for SUSE systems. Installation is recommended for affected systems.. Security Update, SUSE, Taglib, Application Crash, Cybersecurity. . Severity: Low. LinuxSecurity.com Team
Dec 22, 2025
•Low
SuSE
202
security advisoryapplication crashlowopenSUSE: taglib Low Crash Issue Fix Advisory 2025:4501-1 CVE-2023-47466
An update that solves one vulnerability can now be installed.. # Security update for taglib Announcement ID: SUSE-SU-2025:4501-1 Release Date: 2025-12-19T17:00:38Z Rating: low References: * bsc#1243499 Cross-References: * CVE-2023-47466 CVSS scores: * CVE-2023-47466 ( SUSE ): 1.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2023-47466 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2023-47466 ( NVD ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-47466 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H Affected Products: * Basesystem Module 15-SP7 * Desktop Applications Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves one vulnerability can now be installed. ## Description: This update for taglib fixes the following issues: * CVE-2023-47466: application crash when processing specially crafted WAV files during tag writing operations (bsc#1243499). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2025-4501=1 openSUSE-SLE-15.6-2025-4501=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2025-4501=1 * Desktop Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2025-4501=1 * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-4501=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * taglib-debugsource-1.13.1-150600.3.3.1 * libtag_c0-1.13.1-150600.3.3.1 *libtag1-debuginfo-1.13.1-150600.3.3.1 * libtag_c0-debuginfo-1.13.1-150600.3.3.1 * taglib-1.13.1-150600.3.3.1 * libtag-devel-1.13.1-150600.3.3.1 * taglib-debuginfo-1.13.1-150600.3.3.1 * libtag1-1.13.1-150600.3.3.1 * openSUSE Leap 15.6 (x86_64) * libtag1-32bit-1.13.1-150600.3.3.1 * libtag_c0-32bit-1.13.1-150600.3.3.1 * libtag1-32bit-debuginfo-1.13.1-150600.3.3.1 * libtag_c0-32bit-debuginfo-1.13.1-150600.3.3.1 * openSUSE Leap 15.6 (noarch) * libtag-doc-1.13.1-150600.3.3.1 * openSUSE Leap 15.6 (aarch64_ilp32) * libtag_c0-64bit-1.13.1-150600.3.3.1 * libtag_c0-64bit-debuginfo-1.13.1-150600.3.3.1 * libtag1-64bit-1.13.1-150600.3.3.1 * libtag1-64bit-debuginfo-1.13.1-150600.3.3.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * taglib-debugsource-1.13.1-150600.3.3.1 * libtag1-debuginfo-1.13.1-150600.3.3.1 * libtag1-1.13.1-150600.3.3.1 * taglib-debuginfo-1.13.1-150600.3.3.1 * Desktop Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64) * taglib-debugsource-1.13.1-150600.3.3.1 * libtag_c0-1.13.1-150600.3.3.1 * libtag-devel-1.13.1-150600.3.3.1 * taglib-debuginfo-1.13.1-150600.3.3.1 * libtag_c0-debuginfo-1.13.1-150600.3.3.1 * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64) * taglib-debugsource-1.13.1-150600.3.3.1 * taglib-debuginfo-1.13.1-150600.3.3.1 * taglib-1.13.1-150600.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-47466.html * https://bugzilla.suse.com/show_bug.cgi?id=1243499 . Update for taglib addresses application crash from crafted WAV files; rated low severity for openSUSE systems.. taglib update, openSUSE taglib, application crash fix, SUSE patch, CVE-2023-47466. . Severity: Low. LinuxSecurity.com Team
Dec 22, 2025
•Low
OpenSUSE
197
security advisorycriticaldebianDebian: DLA-2772-1 Critical: TagLib Crashes and Data Leaks
Several problems were corrected in TagLib, a library for reading and editing audio meta data. CVE-2017-12678 . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2772-1
Sep 30, 2021
•Critical
Debian LTS
100
security advisoryremote attacklow severitySUSE: 2020:2968-1 Low: Taglib Information Disclosure Risk
An update that fixes one vulnerability is now available. . SUSE Security Update: Security update for taglib ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2968-1 Rating: low References: #1096180 Cross-References: CVE-2018-11439 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for taglib fixes the following issues: - CVE-2018-11439: The TagLib::Ogg::FLAC::File::scan function allowed remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted audio file (bsc#1096180). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2020-2968=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2968=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2968=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): libtag1-32bit-1.9.1-3.4.18 libtag1-debuginfo-32bit-1.9.1-3.4.18 libtag_c0-32bit-1.9.1-3.4.18 libtag_c0-debuginfo-32bit-1.9.1-3.4.18 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libtag-devel-1.9.1-3.4.18 taglib-debuginfo-1.9.1-3.4.18 taglib-debugsource-1.9.1-3.4.18 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libtag1-1.9.1-3.4.18 libtag1-debuginfo-1.9.1-3.4.18 libtag_c0-1.9.1-3.4.18 libtag_c0-debuginfo-1.9.1-3.4.18 taglib-1.9.1-3.4.18 taglib-debuginfo-1.9.1-3.4.18 taglib-debugsource-1.9.1-3.4.18 References: https://www.suse.com/security/cve/CVE-2018-11439.html https://bugzilla.suse.com/1096180 . SUSE Security Patch for TagLib resolves potential information leakage issue marked as low severity.. SUSE Security Update, TagLib Security Fix, Information Disclosure, Remote Attack, Low Severity Advisory. . Severity: Low. LinuxSecurity.com Team
Oct 20, 2020
•Low
SuSE
200
security advisorylow severitybuffer over-readScientific Linux SL7: SLSA-2020-1175-1 Low: Taglib Buffer Over-Read
taglib: heap-based buffer over-read via a crafted audio file SL7 x86_64 taglib-1.8-8.20130218git.el7.x86_64.rpm taglib-1.8-8.20130218git.el7.i686.rpm taglib-debuginfo-1.8-8.20130218git.el7.i686.rpm taglib-debuginfo-1.8-8.20130218git.el7.x86_64.rpm taglib-devel-1.8-8.20130218git.el7.i686.rpm taglib-devel-1.8-8.20130218git.el7.x86_64.rpm noarch taglib-doc-1.8-8.20 [More...]. Synopsis: Low: taglib security update Advisory ID: SLSA-2020:1175-1 Issue Date: 2020-04-07 CVE Numbers: CVE-2018-11439 -- * taglib: heap-based buffer over-read via a crafted audio file -- SL7 x86_64 taglib-1.8-8.20130218git.el7.x86_64.rpm taglib-1.8-8.20130218git.el7.i686.rpm taglib-debuginfo-1.8-8.20130218git.el7.i686.rpm taglib-debuginfo-1.8-8.20130218git.el7.x86_64.rpm taglib-devel-1.8-8.20130218git.el7.i686.rpm taglib-devel-1.8-8.20130218git.el7.x86_64.rpm noarch taglib-doc-1.8-8.20130218git.el7.noarch.rpm - Scientific Linux Development Team . Critical: taglib vulnerability patch for Scientific Linux SL7 correcting buffer overflow issues triggered by specially designed audio files.. taglib update, SL7 security, audio file exploit. . Severity: Low. LinuxSecurity.com Team
Apr 20, 2020
•Low
Scientific Linux
98
security advisoryRed Hatlow severityRed Hat Enterprise Linux 7: RHSA-2020-1175 Low: Taglib Buffer Over-Read
An update for taglib is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Low: taglib security update Advisory ID: RHSA-2020:1175-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:1175 Issue date: 2020-03-31 CVE Names: CVE-2018-11439 ==================================================================== 1. Summary: An update for taglib is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64 3. Description: TagLib is a library for reading and editing the meta-data of different audio formats. Security Fix(es): * taglib: heap-based buffer over-read via a crafted audio file (CVE-2018-11439) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to theCVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1584868 - CVE-2018-11439 taglib: heap-based buffer over-read via a crafted audio file 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: taglib-1.8-8.20130218git.el7.src.rpm x86_64: taglib-1.8-8.20130218git.el7.i686.rpm taglib-1.8-8.20130218git.el7.x86_64.rpm taglib-debuginfo-1.8-8.20130218git.el7.i686.rpm taglib-debuginfo-1.8-8.20130218git.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: taglib-doc-1.8-8.20130218git.el7.noarch.rpm x86_64: taglib-debuginfo-1.8-8.20130218git.el7.i686.rpm taglib-debuginfo-1.8-8.20130218git.el7.x86_64.rpm taglib-devel-1.8-8.20130218git.el7.i686.rpm taglib-devel-1.8-8.20130218git.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: taglib-1.8-8.20130218git.el7.src.rpm x86_64: taglib-1.8-8.20130218git.el7.i686.rpm taglib-1.8-8.20130218git.el7.x86_64.rpm taglib-debuginfo-1.8-8.20130218git.el7.i686.rpm taglib-debuginfo-1.8-8.20130218git.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): noarch: taglib-doc-1.8-8.20130218git.el7.noarch.rpm x86_64: taglib-debuginfo-1.8-8.20130218git.el7.i686.rpm taglib-debuginfo-1.8-8.20130218git.el7.x86_64.rpm taglib-devel-1.8-8.20130218git.el7.i686.rpm taglib-devel-1.8-8.20130218git.el7.x86_64.rpm Red Hat Enterprise Linux Server (v.7): Source: taglib-1.8-8.20130218git.el7.src.rpm ppc64: taglib-1.8-8.20130218git.el7.ppc.rpm taglib-1.8-8.20130218git.el7.ppc64.rpm taglib-debuginfo-1.8-8.20130218git.el7.ppc.rpm taglib-debuginfo-1.8-8.20130218git.el7.ppc64.rpm ppc64le: taglib-1.8-8.20130218git.el7.ppc64le.rpm taglib-debuginfo-1.8-8.20130218git.el7.ppc64le.rpm s390x: taglib-1.8-8.20130218git.el7.s390.rpm taglib-1.8-8.20130218git.el7.s390x.rpm taglib-debuginfo-1.8-8.20130218git.el7.s390.rpm taglib-debuginfo-1.8-8.20130218git.el7.s390x.rpm x86_64: taglib-1.8-8.20130218git.el7.i686.rpm taglib-1.8-8.20130218git.el7.x86_64.rpm taglib-debuginfo-1.8-8.20130218git.el7.i686.rpm taglib-debuginfo-1.8-8.20130218git.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): noarch: taglib-doc-1.8-8.20130218git.el7.noarch.rpm ppc64: taglib-debuginfo-1.8-8.20130218git.el7.ppc.rpm taglib-debuginfo-1.8-8.20130218git.el7.ppc64.rpm taglib-devel-1.8-8.20130218git.el7.ppc.rpm taglib-devel-1.8-8.20130218git.el7.ppc64.rpm ppc64le: taglib-debuginfo-1.8-8.20130218git.el7.ppc64le.rpm taglib-devel-1.8-8.20130218git.el7.ppc64le.rpm s390x: taglib-debuginfo-1.8-8.20130218git.el7.s390.rpm taglib-debuginfo-1.8-8.20130218git.el7.s390x.rpm taglib-devel-1.8-8.20130218git.el7.s390.rpm taglib-devel-1.8-8.20130218git.el7.s390x.rpm x86_64: taglib-debuginfo-1.8-8.20130218git.el7.i686.rpm taglib-debuginfo-1.8-8.20130218git.el7.x86_64.rpm taglib-devel-1.8-8.20130218git.el7.i686.rpm taglib-devel-1.8-8.20130218git.el7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: taglib-1.8-8.20130218git.el7.src.rpm x86_64: taglib-1.8-8.20130218git.el7.i686.rpm taglib-1.8-8.20130218git.el7.x86_64.rpm taglib-debuginfo-1.8-8.20130218git.el7.i686.rpm taglib-debuginfo-1.8-8.20130218git.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v.7): noarch: taglib-doc-1.8-8.20130218git.el7.noarch.rpm x86_64: taglib-debuginfo-1.8-8.20130218git.el7.i686.rpm taglib-debuginfo-1.8-8.20130218git.el7.x86_64.rpm taglib-devel-1.8-8.20130218git.el7.i686.rpm taglib-devel-1.8-8.20130218git.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2018-11439 https://access.redhat.com/security/updates/classification#low https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/7/html/7.8_release_notes/index 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXoOcL9zjgjWX9erEAQgpGQ//WIoD4MZ7HQoKLX1UuNZ2NVo38GL5mJCM W4xUxOPCl9jnsu8SUXjKbAgj2shd9Qr079reHUmhaq3rZM6flPpMvZMX+ijZl+XP Lx8nY4+BkbeKcVLBpQwmYrJfayr93hAidvBreHRJKpsX9oWrGEmaJzl/hAYZtH29 nwtJ8Xdm0G7UJsK5DANGw0lCQ9JxFxhLZx3h9Ily6lJOPy2bLA8W5a5BJX/moEUU /HhjRgXGqeEJpCZVUJnA6yjZrDpt10BvsvYHLIhvQL0sc2QXIBEMRk+cfC4A8fFH 7DLhuNBh6ZYVriu9buFE6tfv1otPt1mYb5HN3PJ5WVoJLiPZbLs6feCXmiAh8dac qFqMFUnprzK/gmOxR8VXIYjAjBtq/8zbF3SqZK0Fr5azdtAnVrW5Iu672/fhyBoS 64Kzm9pDsyy20gQQgPBCqtpJlBDIRTAZpNaFT1dvDmCthoN4mr6CGcNc9lgQ+thV tixUPOf4wH2co6mzPCnANHhOox6tlm/v0AHJETPHL4Kem9QJe4eK//wzNYekpgIG GbhNev39k+oZGSVE5gfQXBe6xamRh+jxhp9/fQxo8nTxmc0ZD+2X+qITV0yEARaj FQ1/tdsbXN0gHDGNmlRLMISeW2MgzYNMF9INtCANa19NTvw3IeKqOOXUhpL9xlqa OijehLSmRz8=2x/s -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Mar 31, 2020
•Low
Red Hat
197
security advisorycriticaldebianDebian 9: DLA-1520-2 Important: Libarchive Memory Leak Patch
CVE-2018-11439 Fix for a heap-based buffer over-read via a crafted audio file. . Package : taglib Version : 1.9.1-2.1+deb8u1 CVE ID : CVE-2018-11439 CVE-2018-11439 Fix for a heap-based buffer over-read via a crafted audio file. For Debian 8 "Jessie", these problems have been fixed in version 1.9.1-2.1+deb8u1. We recommend that you upgrade your taglib packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Major taglib security patch for Debian 8 addresses a heap-related buffer read vulnerability triggered by specially crafted video files.. Debian LTS, Taglib Update, Buffer Over-Read Fix. . Severity: Important. LinuxSecurity.com Team
Jul 18, 2018
•Important
Debian LTS
202
security advisoryremote accesslow severityopenSUSE Leap 42.3 & 15.0: 2018:1686-1 Low: Taglib Information Disclosure
An update that fixes one vulnerability is now available.. openSUSE Security Update: Security update for taglib ______________________________________________________________________________ Announcement ID: openSUSE-SU-2018:1686-1 Rating: low References: #1096180 Cross-References: CVE-2018-11439 Affected Products: openSUSE Leap 42.3 openSUSE Leap 15.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for taglib fixes this security issues: - CVE-2018-11439: The TagLib::Ogg::FLAC::File::scan function allowed remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted audio file (bsc#1096180). Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 42.3: zypper in -t patch openSUSE-2018-627=1 - openSUSE Leap 15.0: zypper in -t patch openSUSE-2018-627=1 Package List: - openSUSE Leap 42.3 (i586 x86_64): libtag-devel-1.11-8.1 libtag1-1.11-8.1 libtag1-debuginfo-1.11-8.1 libtag_c0-1.11-8.1 libtag_c0-debuginfo-1.11-8.1 taglib-1.11-8.1 taglib-debuginfo-1.11-8.1 taglib-debugsource-1.11-8.1 - openSUSE Leap 42.3 (x86_64): libtag1-32bit-1.11-8.1 libtag1-debuginfo-32bit-1.11-8.1 libtag_c0-32bit-1.11-8.1 libtag_c0-debuginfo-32bit-1.11-8.1 - openSUSE Leap 15.0 (i586 x86_64): libtag-devel-1.11.1-lp150.3.3.1 libtag1-1.11.1-lp150.3.3.1 libtag1-debuginfo-1.11.1-lp150.3.3.1 libtag_c0-1.11.1-lp150.3.3.1 libtag_c0-debuginfo-1.11.1-lp150.3.3.1 taglib-1.11.1-lp150.3.3.1 taglib-debuginfo-1.11.1-lp150.3.3.1 taglib-debugsource-1.11.1-lp150.3.3.1 - openSUSE Leap15.0 (x86_64): libtag1-32bit-1.11.1-lp150.3.3.1 libtag1-32bit-debuginfo-1.11.1-lp150.3.3.1 libtag_c0-32bit-1.11.1-lp150.3.3.1 libtag_c0-32bit-debuginfo-1.11.1-lp150.3.3.1 References: https://www.suse.com/security/cve/CVE-2018-11439.html https://bugzilla.suse.com/1096180 -- . A patch for taglib has been released in openSUSE, resolving a minor security issue that could lead to information leakage via a specially crafted audio file.. openSUSE Security, taglib update, information disclosure. . Severity: Low. LinuxSecurity.com Team
Jun 13, 2018
•Low
OpenSUSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!