Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2018-0236)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2018.0236

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2018-0236)

Resumen: The remote host is missing an update for the 'libsndfile' package(s) announced via the MGASA-2018-0236 advisory.

Descripción: Summary:
The remote host is missing an update for the 'libsndfile' package(s) announced via the MGASA-2018-0236 advisory.

Vulnerability Insight:
An out of bounds read in the function d2alaw_array() in alaw.c of
libsndfile 1.0.28 may lead to a remote DoS attack or information
disclosure, related to mishandling of the NAN and INFINITY
floating-point values (CVE-2017-14245).

An out of bounds read in the function d2ulaw_array() in ulaw.c of
libsndfile 1.0.28 may lead to a remote DoS attack or information
disclosure, related to mishandling of the NAN and INFINITY
floating-point values (CVE-2017-14246).

In libsndfile 1.0.28, a divide-by-zero error exists in the function
double64_init() in double64.c, which may lead to DoS when playing a
crafted audio file (CVE-2017-14634).

Divide-by-zero in the function wav_w64_read_fmt_chunk(), which may lead
to Denial of service (CVE-2017-16942).

Note that CVE-2017-16942 only affected Mageia 5.

Affected Software/OS:
'libsndfile' package(s) on Mageia 5, Mageia 6.

Solution:
Please install the updated package(s).

CVSS Score:
5.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2017-14245
https://security.gentoo.org/glsa/202007-65
https://github.com/erikd/libsndfile/issues/317
https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html
https://lists.debian.org/debian-lts-announce/2020/10/msg00030.html
https://usn.ubuntu.com/4013-1/
Common Vulnerability Exposure (CVE) ID: CVE-2017-14246
Common Vulnerability Exposure (CVE) ID: CVE-2017-14634
https://security.gentoo.org/glsa/201811-23
https://github.com/erikd/libsndfile/issues/318
Common Vulnerability Exposure (CVE) ID: CVE-2017-16942
https://github.com/erikd/libsndfile/issues/341

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2018.0236
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2018-0236)
Resumen:	The remote host is missing an update for the 'libsndfile' package(s) announced via the MGASA-2018-0236 advisory.
Descripción:	Summary: The remote host is missing an update for the 'libsndfile' package(s) announced via the MGASA-2018-0236 advisory. Vulnerability Insight: An out of bounds read in the function d2alaw_array() in alaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values (CVE-2017-14245). An out of bounds read in the function d2ulaw_array() in ulaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values (CVE-2017-14246). In libsndfile 1.0.28, a divide-by-zero error exists in the function double64_init() in double64.c, which may lead to DoS when playing a crafted audio file (CVE-2017-14634). Divide-by-zero in the function wav_w64_read_fmt_chunk(), which may lead to Denial of service (CVE-2017-16942). Note that CVE-2017-16942 only affected Mageia 5. Affected Software/OS: 'libsndfile' package(s) on Mageia 5, Mageia 6. Solution: Please install the updated package(s). CVSS Score: 5.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2017-14245 https://security.gentoo.org/glsa/202007-65 https://github.com/erikd/libsndfile/issues/317 https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html https://lists.debian.org/debian-lts-announce/2020/10/msg00030.html https://usn.ubuntu.com/4013-1/ Common Vulnerability Exposure (CVE) ID: CVE-2017-14246 Common Vulnerability Exposure (CVE) ID: CVE-2017-14634 https://security.gentoo.org/glsa/201811-23 https://github.com/erikd/libsndfile/issues/318 Common Vulnerability Exposure (CVE) ID: CVE-2017-16942 https://github.com/erikd/libsndfile/issues/341
Copyright	Copyright (C) 2022 Greenbone AG