libsndfile-1.0.25-11.el7

エラータID: AXSA:2020-4553:01

Release date: 
Thursday, April 2, 2020 - 06:51
Subject: 
libsndfile-1.0.25-11.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Moderate
Description: 

libsndfile is a C library for reading and writing files containing sampled sound, such as AIFF, AU, or WAV.

Security Fix(es):

* libsndfile: stack-based buffer overflow in sndfile-deinterleave utility (CVE-2018-13139)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Asianux Server 7.8 Release Notes linked from the References section.

CVE-2018-13139
A stack-based buffer overflow in psf_memset in common.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted audio file. The vulnerability can be triggered by the executable sndfile-deinterleave.

Solution: 

Update packages.

CVEs: 
CVE-2018-13139
A stack-based buffer overflow in psf_memset in common.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted audio file. The vulnerability can be triggered by the executable sndfile-deinterleave.
Additional Info: 

N/A

Download: 

SRPMS
  1. libsndfile-1.0.25-11.el7.src.rpm
    MD5: eac1f539c354f8b560e82d7649e2071f
    SHA-256: 9232861d61433ffb2bb967f0cd772a32c685563ec85c4fe19f9d3790b34482b6
    Size: 1.02 MB

Asianux Server 7 for x86_64
  1. libsndfile-1.0.25-11.el7.x86_64.rpm
    MD5: 5f7bfe7aecf2043ae6cdbf39ec7562a1
    SHA-256: 1f7060e54977f4584a92435332b549ac3b1ba5944df48aaad3dff4c512731e0d
    Size: 148.28 kB
  2. libsndfile-1.0.25-11.el7.i686.rpm
    MD5: fee35c7a9f36cf07d0d6b07cc919aa61
    SHA-256: 37d3d8ce0d56716c4f03d8859de146112a56d02939bdf646bfbf2d7c14535c7f
    Size: 158.57 kB