{"affected":[{"ecosystem_specific":{"binaries":[{"audiofile":"0.3.6-10.1","libaudiofile1":"0.3.6-10.1","libaudiofile1-32bit":"0.3.6-10.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Desktop 12 SP1","name":"audiofile","purl":"pkg:rpm/suse/audiofile&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.3.6-10.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"audiofile":"0.3.6-10.1","libaudiofile1":"0.3.6-10.1","libaudiofile1-32bit":"0.3.6-10.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Desktop 12 SP2","name":"audiofile","purl":"pkg:rpm/suse/audiofile&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.3.6-10.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"audiofile":"0.3.6-10.1","libaudiofile1":"0.3.6-10.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for Raspberry Pi 12 SP2","name":"audiofile","purl":"pkg:rpm/suse/audiofile&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.3.6-10.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"audiofile-devel":"0.3.6-10.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Software Development Kit 12 SP1","name":"audiofile","purl":"pkg:rpm/suse/audiofile&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.3.6-10.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"audiofile-devel":"0.3.6-10.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Software Development Kit 12 SP2","name":"audiofile","purl":"pkg:rpm/suse/audiofile&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.3.6-10.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"audiofile":"0.3.6-10.1","libaudiofile1":"0.3.6-10.1","libaudiofile1-32bit":"0.3.6-10.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12 SP1","name":"audiofile","purl":"pkg:rpm/suse/audiofile&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.3.6-10.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"audiofile":"0.3.6-10.1","libaudiofile1":"0.3.6-10.1","libaudiofile1-32bit":"0.3.6-10.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12 SP1","name":"audiofile","purl":"pkg:rpm/suse/audiofile&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.3.6-10.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"audiofile":"0.3.6-10.1","libaudiofile1":"0.3.6-10.1","libaudiofile1-32bit":"0.3.6-10.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12 SP2","name":"audiofile","purl":"pkg:rpm/suse/audiofile&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.3.6-10.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"audiofile":"0.3.6-10.1","libaudiofile1":"0.3.6-10.1","libaudiofile1-32bit":"0.3.6-10.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12 SP2","name":"audiofile","purl":"pkg:rpm/suse/audiofile&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.3.6-10.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"\nThis audiofile update fixes the following issue:\n\nSecurity issues fixed:\n- CVE-2015-7747: Fixed buffer overflow issue when changing both number of channels and sample format. (bsc#949399)\n- CVE-2017-6827: heap-based buffer overflow in MSADPCM::initializeCoefficients (MSADPCM.cpp) (bsc#1026979)\n- CVE-2017-6828: heap-based buffer overflow in readValue (FileHandle.cpp) (bsc#1026980)\n- CVE-2017-6829: global buffer overflow in decodeSample (IMA.cpp) (bsc#1026981)\n- CVE-2017-6830: heap-based buffer overflow in alaw2linear_buf (G711.cpp) (bsc#1026982)\n- CVE-2017-6831: heap-based buffer overflow in IMA::decodeBlockWAVE (IMA.cpp) (bsc#1026983)\n- CVE-2017-6832: heap-based buffer overflow in MSADPCM::decodeBlock (MSADPCM.cpp) (bsc#1026984)\n- CVE-2017-6833: divide-by-zero in BlockCodec::runPull (BlockCodec.cpp) (bsc#1026985)\n- CVE-2017-6834: heap-based buffer overflow in ulaw2linear_buf (G711.cpp) (bsc#1026986)\n- CVE-2017-6835: divide-by-zero in BlockCodec::reset1 (BlockCodec.cpp) (bsc#1026988)\n- CVE-2017-6836: heap-based buffer overflow in Expand3To4Module::run (SimpleModule.h) (bsc#1026987)\n- CVE-2017-6837, CVE-2017-6838, CVE-2017-6839: multiple ubsan crashes (bsc#1026978)\n","id":"SUSE-SU-2017:0940-1","modified":"2017-04-05T12:26:41Z","published":"2017-04-05T12:26:41Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2017/suse-su-20170940-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1026978"},{"type":"REPORT","url":"https://bugzilla.suse.com/1026979"},{"type":"REPORT","url":"https://bugzilla.suse.com/1026980"},{"type":"REPORT","url":"https://bugzilla.suse.com/1026981"},{"type":"REPORT","url":"https://bugzilla.suse.com/1026982"},{"type":"REPORT","url":"https://bugzilla.suse.com/1026983"},{"type":"REPORT","url":"https://bugzilla.suse.com/1026984"},{"type":"REPORT","url":"https://bugzilla.suse.com/1026985"},{"type":"REPORT","url":"https://bugzilla.suse.com/1026986"},{"type":"REPORT","url":"https://bugzilla.suse.com/1026987"},{"type":"REPORT","url":"https://bugzilla.suse.com/1026988"},{"type":"REPORT","url":"https://bugzilla.suse.com/949399"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-7747"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-6827"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-6828"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-6829"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-6830"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-6831"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-6832"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-6833"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-6834"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-6835"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-6836"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-6837"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-6838"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-6839"}],"related":["CVE-2015-7747","CVE-2017-6827","CVE-2017-6828","CVE-2017-6829","CVE-2017-6830","CVE-2017-6831","CVE-2017-6832","CVE-2017-6833","CVE-2017-6834","CVE-2017-6835","CVE-2017-6836","CVE-2017-6837","CVE-2017-6838","CVE-2017-6839"],"summary":"Security update for audiofile","upstream":["CVE-2015-7747","CVE-2017-6827","CVE-2017-6828","CVE-2017-6829","CVE-2017-6830","CVE-2017-6831","CVE-2017-6832","CVE-2017-6833","CVE-2017-6834","CVE-2017-6835","CVE-2017-6836","CVE-2017-6837","CVE-2017-6838","CVE-2017-6839"]}