Gentoo Archives: gentoo-announce

From: Sam James <sam@g.o>
To: gentoo-announce@l.g.o
Subject: [gentoo-announce] [ GLSA 202007-65 ] libsndfile: Multiple vulnerabilities
Date: Sun, 02 Aug 2020 03:08:41
Message-Id: 2C7C545E-1DE0-490D-861E-2E2C50D3DE83@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 202007-65
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 https://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: libsndfile: Multiple vulnerabilities
9 Date: July 31, 2020
10 Bugs: #631674, #671834
11 ID: 202007-65
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been found in libsndfile, the worst of
19 which could result in a Denial of Service condition.
20
21 Background
22 ==========
23
24 libsndfile is a C library for reading and writing files containing
25 sampled sound.
26
27 Affected packages
28 =================
29
30 -------------------------------------------------------------------
31 Package / Vulnerable / Unaffected
32 -------------------------------------------------------------------
33 1 media-libs/libsndfile < 1.0.29_pre2_p20191024>= 1.0.29_pre2_p20191024
34
35 Description
36 ===========
37
38 Multiple vulnerabilities have been discovered in libsndfile. Please
39 review the CVE identifiers referenced below for details.
40
41 Impact
42 ======
43
44 Please review the referenced CVE identifiers for details.
45
46 Workaround
47 ==========
48
49 There is no known workaround at this time.
50
51 Resolution
52 ==========
53
54 All libsndfile users should upgrade to the latest version:
55
56 # emerge --sync
57 # emerge -a -1 -v ">=media-libs/libsndfile-1.0.29_pre2_p20191024"
58
59 References
60 ==========
61
62 [ 1 ] CVE-2017-14245
63 https://nvd.nist.gov/vuln/detail/CVE-2017-14245
64 [ 2 ] CVE-2017-14246
65 https://nvd.nist.gov/vuln/detail/CVE-2017-14246
66 [ 3 ] CVE-2019-3832
67 https://nvd.nist.gov/vuln/detail/CVE-2019-3832
68
69 Availability
70 ============
71
72 This GLSA and any updates to it are available for viewing at
73 the Gentoo Security Website:
74
75 https://security.gentoo.org/glsa/202007-65
76
77 Concerns?
78 =========
79
80 Security is a primary focus of Gentoo Linux and ensuring the
81 confidentiality and security of our users' machines is of utmost
82 importance to us. Any security concerns should be addressed to
83 security@g.o or alternatively, you may file a bug at
84 https://bugs.gentoo.org.
85
86 License
87 =======
88
89 Copyright 2020 Gentoo Foundation, Inc; referenced text
90 belongs to its owner(s).
91
92 The contents of this document are licensed under the
93 Creative Commons - Attribution / Share Alike license.
94
95 https://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature