Security update for libsndfile SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2022:0034-1 Final 1 1 2022-01-05T16:22:27Z current 2022-01-05T16:22:27Z 2022-01-05T16:22:27Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for libsndfile This update for libsndfile fixes the following issues: - CVE-2021-4156: Fixed heap buffer overflow in flac_buffer_copy that could potentially lead to heap exploitation (bsc#1194006). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). HPE-Helion-OpenStack-8-2022-34,SUSE-2022-34,SUSE-OpenStack-Cloud-8-2022-34,SUSE-OpenStack-Cloud-9-2022-34,SUSE-OpenStack-Cloud-Crowbar-8-2022-34,SUSE-OpenStack-Cloud-Crowbar-9-2022-34,SUSE-SLE-SAP-12-SP3-2022-34,SUSE-SLE-SAP-12-SP4-2022-34,SUSE-SLE-SDK-12-SP5-2022-34,SUSE-SLE-SERVER-12-SP2-BCL-2022-34,SUSE-SLE-SERVER-12-SP3-2022-34,SUSE-SLE-SERVER-12-SP3-BCL-2022-34,SUSE-SLE-SERVER-12-SP4-LTSS-2022-34,SUSE-SLE-SERVER-12-SP5-2022-34 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2022/suse-su-20220034-1/ Link for SUSE-SU-2022:0034-1 https://lists.suse.com/pipermail/sle-security-updates/2022-January/009971.html E-Mail link for SUSE-SU-2022:0034-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1194006 SUSE Bug 1194006 https://www.suse.com/security/cve/CVE-2021-4156/ SUSE CVE CVE-2021-4156 page HPE Helion OpenStack 8 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP4-LTSS SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SP3 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE Linux Enterprise Software Development Kit 12 SP5 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 libsndfile1-1.0.25-36.26.1 libsndfile1-32bit-1.0.25-36.26.1 libsndfile-devel-1.0.25-36.26.1 libsndfile-progs-1.0.25-36.26.1 libsndfile1-64bit-1.0.25-36.26.1 libsndfile1-1.0.25-36.26.1 as a component of HPE Helion OpenStack 8 libsndfile1-32bit-1.0.25-36.26.1 as a component of HPE Helion OpenStack 8 libsndfile1-1.0.25-36.26.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL libsndfile1-32bit-1.0.25-36.26.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL libsndfile1-1.0.25-36.26.1 as a component of SUSE Linux Enterprise Server 12 SP3-BCL libsndfile1-32bit-1.0.25-36.26.1 as a component of SUSE Linux Enterprise Server 12 SP3-BCL libsndfile1-1.0.25-36.26.1 as a component of SUSE Linux Enterprise Server 12 SP3-LTSS libsndfile1-32bit-1.0.25-36.26.1 as a component of SUSE Linux Enterprise Server 12 SP3-LTSS libsndfile1-1.0.25-36.26.1 as a component of SUSE Linux Enterprise Server 12 SP4-LTSS libsndfile1-32bit-1.0.25-36.26.1 as a component of SUSE Linux Enterprise Server 12 SP4-LTSS libsndfile1-1.0.25-36.26.1 as a component of SUSE Linux Enterprise Server 12 SP5 libsndfile1-32bit-1.0.25-36.26.1 as a component of SUSE Linux Enterprise Server 12 SP5 libsndfile1-1.0.25-36.26.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 libsndfile1-32bit-1.0.25-36.26.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 libsndfile1-1.0.25-36.26.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 libsndfile1-32bit-1.0.25-36.26.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 libsndfile1-1.0.25-36.26.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 libsndfile1-32bit-1.0.25-36.26.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 libsndfile-devel-1.0.25-36.26.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP5 libsndfile1-1.0.25-36.26.1 as a component of SUSE OpenStack Cloud 8 libsndfile1-32bit-1.0.25-36.26.1 as a component of SUSE OpenStack Cloud 8 libsndfile1-1.0.25-36.26.1 as a component of SUSE OpenStack Cloud 9 libsndfile1-32bit-1.0.25-36.26.1 as a component of SUSE OpenStack Cloud 9 libsndfile1-1.0.25-36.26.1 as a component of SUSE OpenStack Cloud Crowbar 8 libsndfile1-32bit-1.0.25-36.26.1 as a component of SUSE OpenStack Cloud Crowbar 8 libsndfile1-1.0.25-36.26.1 as a component of SUSE OpenStack Cloud Crowbar 9 libsndfile1-32bit-1.0.25-36.26.1 as a component of SUSE OpenStack Cloud Crowbar 9 An out-of-bounds read flaw was found in libsndfile's FLAC codec functionality. An attacker who is able to submit a specially crafted file (via tricking a user to open or otherwise) to an application linked with libsndfile and using the FLAC codec, could trigger an out-of-bounds read that would most likely cause a crash but could potentially leak memory information that could be used in further exploitation of other flaws. CVE-2021-4156 HPE Helion OpenStack 8:libsndfile1-1.0.25-36.26.1 HPE Helion OpenStack 8:libsndfile1-32bit-1.0.25-36.26.1 SUSE Linux Enterprise Server 12 SP2-BCL:libsndfile1-1.0.25-36.26.1 SUSE Linux Enterprise Server 12 SP2-BCL:libsndfile1-32bit-1.0.25-36.26.1 SUSE Linux Enterprise Server 12 SP3-BCL:libsndfile1-1.0.25-36.26.1 SUSE Linux Enterprise Server 12 SP3-BCL:libsndfile1-32bit-1.0.25-36.26.1 SUSE Linux Enterprise Server 12 SP3-LTSS:libsndfile1-1.0.25-36.26.1 SUSE Linux Enterprise Server 12 SP3-LTSS:libsndfile1-32bit-1.0.25-36.26.1 SUSE Linux Enterprise Server 12 SP4-LTSS:libsndfile1-1.0.25-36.26.1 SUSE Linux Enterprise Server 12 SP4-LTSS:libsndfile1-32bit-1.0.25-36.26.1 SUSE Linux Enterprise Server 12 SP5:libsndfile1-1.0.25-36.26.1 SUSE Linux Enterprise Server 12 SP5:libsndfile1-32bit-1.0.25-36.26.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libsndfile1-1.0.25-36.26.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libsndfile1-32bit-1.0.25-36.26.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:libsndfile1-1.0.25-36.26.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:libsndfile1-32bit-1.0.25-36.26.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libsndfile1-1.0.25-36.26.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libsndfile1-32bit-1.0.25-36.26.1 SUSE Linux Enterprise Software Development Kit 12 SP5:libsndfile-devel-1.0.25-36.26.1 SUSE OpenStack Cloud 8:libsndfile1-1.0.25-36.26.1 SUSE OpenStack Cloud 8:libsndfile1-32bit-1.0.25-36.26.1 SUSE OpenStack Cloud 9:libsndfile1-1.0.25-36.26.1 SUSE OpenStack Cloud 9:libsndfile1-32bit-1.0.25-36.26.1 SUSE OpenStack Cloud Crowbar 8:libsndfile1-1.0.25-36.26.1 SUSE OpenStack Cloud Crowbar 8:libsndfile1-32bit-1.0.25-36.26.1 SUSE OpenStack Cloud Crowbar 9:libsndfile1-1.0.25-36.26.1 SUSE OpenStack Cloud Crowbar 9:libsndfile1-32bit-1.0.25-36.26.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20220034-1/ https://www.suse.com/security/cve/CVE-2021-4156.html CVE-2021-4156 https://bugzilla.suse.com/1194006 SUSE Bug 1194006