Security update for aubio SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:2343-1 Final 1 1 2018-08-16T06:04:01Z current 2018-08-16T06:04:01Z 2018-08-16T06:04:01Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for aubio This update for aubio fixes the following issues: - CVE-2018-14522: Fixed a crash in aubio_pitch_set_unit (bsc#1102359) - CVE-2018-14523: Fixed a buffer overrread resulting in crash or information leakage in new_aubio_pitchyinfft (bsc#1102364) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) http://lists.opensuse.org/opensuse-security-announce/2018-08/msg00052.html E-Mail link for openSUSE-SU-2018:2343-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.3 aubio-0.4.1-9.9.1 aubio-tools-0.4.1-9.9.1 libaubio-devel-0.4.1-9.9.1 libaubio4-0.4.1-9.9.1 libaubio4-32bit-0.4.1-9.9.1 aubio-0.4.1-9.9.1 as a component of openSUSE Leap 42.3 aubio-tools-0.4.1-9.9.1 as a component of openSUSE Leap 42.3 libaubio-devel-0.4.1-9.9.1 as a component of openSUSE Leap 42.3 libaubio4-0.4.1-9.9.1 as a component of openSUSE Leap 42.3 libaubio4-32bit-0.4.1-9.9.1 as a component of openSUSE Leap 42.3 An issue was discovered in aubio 0.4.6. A SEGV signal can occur in aubio_pitch_set_unit in pitch/pitch.c, as demonstrated by aubionotes. CVE-2018-14522 openSUSE Leap 42.3:aubio-0.4.1-9.9.1 openSUSE Leap 42.3:aubio-tools-0.4.1-9.9.1 openSUSE Leap 42.3:libaubio-devel-0.4.1-9.9.1 openSUSE Leap 42.3:libaubio4-0.4.1-9.9.1 openSUSE Leap 42.3:libaubio4-32bit-0.4.1-9.9.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-08/msg00052.html https://www.suse.com/security/cve/CVE-2018-14522.html CVE-2018-14522 https://bugzilla.suse.com/1102359 SUSE Bug 1102359 An issue was discovered in aubio 0.4.6. A buffer over-read can occur in new_aubio_pitchyinfft in pitch/pitchyinfft.c, as demonstrated by aubionotes. CVE-2018-14523 openSUSE Leap 42.3:aubio-0.4.1-9.9.1 openSUSE Leap 42.3:aubio-tools-0.4.1-9.9.1 openSUSE Leap 42.3:libaubio-devel-0.4.1-9.9.1 openSUSE Leap 42.3:libaubio4-0.4.1-9.9.1 openSUSE Leap 42.3:libaubio4-32bit-0.4.1-9.9.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-08/msg00052.html https://www.suse.com/security/cve/CVE-2018-14523.html CVE-2018-14523 https://bugzilla.suse.com/1102364 SUSE Bug 1102364