Security update for wavpack SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:0623-1 Final 1 1 2018-03-06T19:26:03Z current 2018-03-06T19:26:03Z 2018-03-06T19:26:03Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for wavpack This update for wavpack fixes the following issues: - CVE-2016-10169 CVE-2016-10170 CVE-2016-10171 CVE-2016-10172: Make sure upper and lower boundaries make sense, to avoid out of bounds memory reads that could lead to crashes or disclosing memory. (bsc#1021483) This update was imported from the SUSE:SLE-12:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2018-03/msg00017.html E-Mail link for openSUSE-SU-2018:0623-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.3 libwavpack1-4.60.99-9.3.1 libwavpack1-32bit-4.60.99-9.3.1 wavpack-4.60.99-9.3.1 wavpack-devel-4.60.99-9.3.1 libwavpack1-4.60.99-9.3.1 as a component of openSUSE Leap 42.3 libwavpack1-32bit-4.60.99-9.3.1 as a component of openSUSE Leap 42.3 wavpack-4.60.99-9.3.1 as a component of openSUSE Leap 42.3 wavpack-devel-4.60.99-9.3.1 as a component of openSUSE Leap 42.3 The read_code function in read_words.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WV file. CVE-2016-10169 openSUSE Leap 42.3:libwavpack1-32bit-4.60.99-9.3.1 openSUSE Leap 42.3:libwavpack1-4.60.99-9.3.1 openSUSE Leap 42.3:wavpack-4.60.99-9.3.1 openSUSE Leap 42.3:wavpack-devel-4.60.99-9.3.1 low Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-03/msg00017.html https://www.suse.com/security/cve/CVE-2016-10169.html CVE-2016-10169 https://bugzilla.suse.com/1021483 SUSE Bug 1021483 The WriteCaffHeader function in cli/caff.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WV file. CVE-2016-10170 openSUSE Leap 42.3:libwavpack1-32bit-4.60.99-9.3.1 openSUSE Leap 42.3:libwavpack1-4.60.99-9.3.1 openSUSE Leap 42.3:wavpack-4.60.99-9.3.1 openSUSE Leap 42.3:wavpack-devel-4.60.99-9.3.1 low Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-03/msg00017.html https://www.suse.com/security/cve/CVE-2016-10170.html CVE-2016-10170 https://bugzilla.suse.com/1021483 SUSE Bug 1021483 The unreorder_channels function in cli/wvunpack.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WV file. CVE-2016-10171 openSUSE Leap 42.3:libwavpack1-32bit-4.60.99-9.3.1 openSUSE Leap 42.3:libwavpack1-4.60.99-9.3.1 openSUSE Leap 42.3:wavpack-4.60.99-9.3.1 openSUSE Leap 42.3:wavpack-devel-4.60.99-9.3.1 low Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-03/msg00017.html https://www.suse.com/security/cve/CVE-2016-10171.html CVE-2016-10171 https://bugzilla.suse.com/1021483 SUSE Bug 1021483 The read_new_config_info function in open_utils.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WV file. CVE-2016-10172 openSUSE Leap 42.3:libwavpack1-32bit-4.60.99-9.3.1 openSUSE Leap 42.3:libwavpack1-4.60.99-9.3.1 openSUSE Leap 42.3:wavpack-4.60.99-9.3.1 openSUSE Leap 42.3:wavpack-devel-4.60.99-9.3.1 low Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-03/msg00017.html https://www.suse.com/security/cve/CVE-2016-10172.html CVE-2016-10172 https://bugzilla.suse.com/1021483 SUSE Bug 1021483