Security update for libsndfile

SUSE Security Update: Security update for libsndfile
Announcement ID: SUSE-SU-2015:2000-1
Rating: moderate
References: #953516 #953519 #953521
Affected Products:
  • SUSE Linux Enterprise Software Development Kit 12
  • SUSE Linux Enterprise Server 12
  • SUSE Linux Enterprise Desktop 12

  • An update that fixes three vulnerabilities is now available.

    Description:

    The libsndfile package was updated to fix the following security issue:

    - CVE-2014-9756: Fixed a divide by zero problem that can lead to a Denial
    of Service (DoS) (bsc#953521).
    - CVE-2015-7805: Fixed heap overflow issue (bsc#953516).
    - CVE-2015-8075: Fixed heap overflow issue (bsc#953519).

    Patch Instructions:

    To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product:

    • SUSE Linux Enterprise Software Development Kit 12:
      zypper in -t patch SUSE-SLE-SDK-12-2015-846=1
    • SUSE Linux Enterprise Server 12:
      zypper in -t patch SUSE-SLE-SERVER-12-2015-846=1
    • SUSE Linux Enterprise Desktop 12:
      zypper in -t patch SUSE-SLE-DESKTOP-12-2015-846=1

    To bring your system up-to-date, use "zypper patch".

    Package List:

    • SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64):
      • libsndfile-debugsource-1.0.25-24.1
      • libsndfile-devel-1.0.25-24.1
    • SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64):
      • libsndfile-debugsource-1.0.25-24.1
      • libsndfile1-1.0.25-24.1
      • libsndfile1-debuginfo-1.0.25-24.1
    • SUSE Linux Enterprise Server 12 (s390x x86_64):
      • libsndfile1-32bit-1.0.25-24.1
      • libsndfile1-debuginfo-32bit-1.0.25-24.1
    • SUSE Linux Enterprise Desktop 12 (x86_64):
      • libsndfile-debugsource-1.0.25-24.1
      • libsndfile1-1.0.25-24.1
      • libsndfile1-32bit-1.0.25-24.1
      • libsndfile1-debuginfo-1.0.25-24.1
      • libsndfile1-debuginfo-32bit-1.0.25-24.1

    References: