[ALSA-2020:1581] Low: wavpack security update
Release date:
WavPack is a completely open audio compression format providing lossless, high-quality lossy, and a unique hybrid compression mode. Security Fix(es): * wawpack: Infinite loop in WavpackPackInit function lead to DoS (CVE-2018-19840) * wawpack: Out-of-bounds read in WavpackVerifySingleBlock function leads to DoS (CVE-2018-19841) * wavpack: Use of uninitialized variable in WavpackSetConfiguration64 leads to DoS (CVE-2019-11498) * wavpack: Divide by zero in ParseDsdiffHeaderConfig leads to crash (CVE-2019-1010315) * wavpack: Use of uninitialized variable in ParseCaffHeaderConfig leads to DoS (CVE-2019-1010317) * wavpack: Use of uninitialized variable in ParseWave64HeaderConfig leads to DoS (CVE-2019-1010319) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
Updated packages listed below:
Architecture Package Checksum
aarch64 wavpack-devel-5.1.0-15.el8.aarch64.rpm 443e33b00511a651e84d567bb5bc012980a457c94c5d8daea67e70921aff439d
aarch64 wavpack-5.1.0-15.el8.aarch64.rpm d2e6d2c7f2ec0e0c73cc646d5ef9d458c3640f39cb5b956878cfd290d40b382b
i686 wavpack-5.1.0-15.el8.i686.rpm 5c34b65c60ce590bb8b4d56e810aa992423e92c9713c106933a06e9f6c45abd6
i686 wavpack-devel-5.1.0-15.el8.i686.rpm e1da8e8de14d0bac64b96e6f3e600679f17f3c578f3770a42fa106181fd6c594
ppc64le wavpack-devel-5.1.0-15.el8.ppc64le.rpm 55b7dabc2ac75d689673d390eb860d1303fd07fd8880fd9f1bd06a8406431342
ppc64le wavpack-5.1.0-15.el8.ppc64le.rpm 81c78367352033f4df2179c318c9f431f39cef89af98640d90948a4d250f1c1b
x86_64 wavpack-devel-5.1.0-15.el8.x86_64.rpm 3a4a4200fbaaeaad7d4ba82a657d9e44dbe56b59c613ba16a9598870ca78faad
x86_64 wavpack-5.1.0-15.el8.x86_64.rpm 6d009b7238ec8861544d4215953fd5f6bcddab280525958d526121cd4289b500
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.