wavpack-5.1.0-16.el8

エラータID: AXSA:2022-4221:01

Release date: 
Tuesday, November 29, 2022 - 09:34
Subject: 
wavpack-5.1.0-16.el8
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Low
Description: 

WavPack is a completely open audio compression format providing lossless, high-quality lossy and a unique hybrid compression mode.

Security Fix(es):

* wavpack: Heap out-of-bounds read in WavpackPackSamples() (CVE-2021-44269)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Asianux Server 8.7 Release Notes linked from the References section.

CVE-2021-44269
An out of bounds read was found in Wavpack 5.4.0 in processing *.WAV files. This issue triggered in function WavpackPackSamples of file src/pack_utils.c, tainted variable cnt is too large, that makes pointer sptr read beyond heap bound.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. wavpack-5.1.0-16.el8.src.rpm
    MD5: 13a7712822a63f64b16e56e2d381760d
    SHA-256: e5f7754a8f87ac3a53e16f2f2dc821858ba18ddc92806c8544569a549a27c46c
    Size: 828.21 kB

Asianux Server 8 for x86_64
  1. wavpack-5.1.0-16.el8.x86_64.rpm
    MD5: 68e59e42cdac981416b351dada99b6bb
    SHA-256: a041f9f2e8272138f6e4f81c06458c316465908f0ff9dd74bd2b7fca05caf1e4
    Size: 189.46 kB
  2. wavpack-devel-5.1.0-16.el8.x86_64.rpm
    MD5: f6fff3b97d6ff9d25e5a8f03956962ec
    SHA-256: 17b3fe5efbb60168671aaa0d8f71068776d89cd27e3271013c3f09b1300730d5
    Size: 27.57 kB
  3. wavpack-5.1.0-16.el8.i686.rpm
    MD5: fb34436a4d144137313d9a8e112acd5e
    SHA-256: b35339445fff5dd241360b69e7a0e158e500a9894503e23f7193764180659f01
    Size: 200.28 kB
  4. wavpack-devel-5.1.0-16.el8.i686.rpm
    MD5: b32d58aa9452ea0e1fd5e2057084f2c1
    SHA-256: 7955410248f7436777757d3ca5e67f210cdb44b37a09e3556a3e5f9d21bf9fd9
    Size: 27.59 kB