SUSE Linux Enterprise Server update for libsndfile



Published: 2021-08-06 | Updated: 2022-03-28
Risk High
Patch available YES
Number of vulnerabilities 4
CVE-ID CVE-2018-13139
CVE-2018-19432
CVE-2018-19758
CVE-2021-3246
CWE-ID CWE-121
CWE-476
CWE-125
CWE-122
Exploitation vector Network
Public exploit Public exploit code for vulnerability #2 is available.
Public exploit code for vulnerability #3 is available.
Vulnerable software
Subscribe 		SUSE Linux Enterprise Server
Operating systems & Components / Operating system

SUSE OpenStack Cloud
Operating systems & Components / Operating system

Vendor SUSE

Security Bulletin

This security bulletin contains information about 4 vulnerabilities.

1) Stack-based buffer overflow

EUVDB-ID: #VU14198

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-13139

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.

The weakness exists due to stack-based buffer overflow in psf_memset in common.c. A remote attacker can send a specially crafted audio file, trick the victim into opening it, trigger memory corruption and cause the service to crash.

Mitigation

Install update from vendor's website.

  • SUSE OpenStack Cloud Crowbar 9 (x86_64):
    • libsndfile-debugsource-1.0.25-36.23.1
    • libsndfile1-1.0.25-36.23.1
    • libsndfile1-32bit-1.0.25-36.23.1
    • libsndfile1-debuginfo-1.0.25-36.23.1
    • libsndfile1-debuginfo-32bit-1.0.25-36.23.1
  • SUSE OpenStack Cloud 9 (x86_64):
    • libsndfile-debugsource-1.0.25-36.23.1
    • libsndfile1-1.0.25-36.23.1
    • libsndfile1-32bit-1.0.25-36.23.1
    • libsndfile1-debuginfo-1.0.25-36.23.1
    • libsndfile1-debuginfo-32bit-1.0.25-36.23.1
  • SUSE OpenStack Cloud 8 (x86_64):
    • libsndfile-debugsource-1.0.25-36.23.1
    • libsndfile1-1.0.25-36.23.1
    • libsndfile1-32bit-1.0.25-36.23.1
    • libsndfile1-debuginfo-1.0.25-36.23.1
    • libsndfile1-debuginfo-32bit-1.0.25-36.23.1
  • SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64):
    • libsndfile-debugsource-1.0.25-36.23.1
    • libsndfile-devel-1.0.25-36.23.1
  • SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64):
    • libsndfile-debugsource-1.0.25-36.23.1
    • libsndfile1-1.0.25-36.23.1
    • libsndfile1-debuginfo-1.0.25-36.23.1
  • SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64):
    • libsndfile1-32bit-1.0.25-36.23.1
    • libsndfile1-debuginfo-32bit-1.0.25-36.23.1
  • SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64):
    • libsndfile-debugsource-1.0.25-36.23.1
    • libsndfile1-1.0.25-36.23.1
    • libsndfile1-debuginfo-1.0.25-36.23.1
  • SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64):
    • libsndfile1-32bit-1.0.25-36.23.1
    • libsndfile1-debuginfo-32bit-1.0.25-36.23.1
  • SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):
    • libsndfile-debugsource-1.0.25-36.23.1
    • libsndfile1-1.0.25-36.23.1
    • libsndfile1-debuginfo-1.0.25-36.23.1
  • SUSE Linux Enterprise Server 12-SP5 (s390x x86_64):
    • libsndfile1-32bit-1.0.25-36.23.1
    • libsndfile1-debuginfo-32bit-1.0.25-36.23.1
  • SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64):
    • libsndfile-debugsource-1.0.25-36.23.1
    • libsndfile1-1.0.25-36.23.1
    • libsndfile1-debuginfo-1.0.25-36.23.1
  • SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64):
    • libsndfile1-32bit-1.0.25-36.23.1
    • libsndfile1-debuginfo-32bit-1.0.25-36.23.1
  • SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64):
    • libsndfile-debugsource-1.0.25-36.23.1
    • libsndfile1-1.0.25-36.23.1
    • libsndfile1-debuginfo-1.0.25-36.23.1
  • SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64):
    • libsndfile1-32bit-1.0.25-36.23.1
    • libsndfile1-debuginfo-32bit-1.0.25-36.23.1
  • SUSE Linux Enterprise Server 12-SP3-BCL (x86_64):
    • libsndfile-debugsource-1.0.25-36.23.1
    • libsndfile1-1.0.25-36.23.1
    • libsndfile1-32bit-1.0.25-36.23.1
    • libsndfile1-debuginfo-1.0.25-36.23.1
    • libsndfile1-debuginfo-32bit-1.0.25-36.23.1
  • SUSE Linux Enterprise Server 12-SP2-BCL (x86_64):
    • libsndfile-debugsource-1.0.25-36.23.1
    • libsndfile1-1.0.25-36.23.1
    • libsndfile1-32bit-1.0.25-36.23.1
    • libsndfile1-debuginfo-1.0.25-36.23.1
    • libsndfile1-debuginfo-32bit-1.0.25-36.23.1

Vulnerable software versions

SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5

SUSE OpenStack Cloud: 9

External links

http://www.suse.com/support/update/announcement/2021/suse-su-20212615-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) NULL pointer dereference

EUVDB-ID: #VU16040

Risk: Low

CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2018-19432

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to NULL pointer dereference in the function sf_write_int in sndfile.c. A remote attacker can trigger NULL pointer dereference and cause the service to crash.

Mitigation

Install update from vendor's website.

  • SUSE OpenStack Cloud Crowbar 9 (x86_64):
    • libsndfile-debugsource-1.0.25-36.23.1
    • libsndfile1-1.0.25-36.23.1
    • libsndfile1-32bit-1.0.25-36.23.1
    • libsndfile1-debuginfo-1.0.25-36.23.1
    • libsndfile1-debuginfo-32bit-1.0.25-36.23.1
  • SUSE OpenStack Cloud 9 (x86_64):
    • libsndfile-debugsource-1.0.25-36.23.1
    • libsndfile1-1.0.25-36.23.1
    • libsndfile1-32bit-1.0.25-36.23.1
    • libsndfile1-debuginfo-1.0.25-36.23.1
    • libsndfile1-debuginfo-32bit-1.0.25-36.23.1
  • SUSE OpenStack Cloud 8 (x86_64):
    • libsndfile-debugsource-1.0.25-36.23.1
    • libsndfile1-1.0.25-36.23.1
    • libsndfile1-32bit-1.0.25-36.23.1
    • libsndfile1-debuginfo-1.0.25-36.23.1
    • libsndfile1-debuginfo-32bit-1.0.25-36.23.1
  • SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64):
    • libsndfile-debugsource-1.0.25-36.23.1
    • libsndfile-devel-1.0.25-36.23.1
  • SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64):
    • libsndfile-debugsource-1.0.25-36.23.1
    • libsndfile1-1.0.25-36.23.1
    • libsndfile1-debuginfo-1.0.25-36.23.1
  • SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64):
    • libsndfile1-32bit-1.0.25-36.23.1
    • libsndfile1-debuginfo-32bit-1.0.25-36.23.1
  • SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64):
    • libsndfile-debugsource-1.0.25-36.23.1
    • libsndfile1-1.0.25-36.23.1
    • libsndfile1-debuginfo-1.0.25-36.23.1
  • SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64):
    • libsndfile1-32bit-1.0.25-36.23.1
    • libsndfile1-debuginfo-32bit-1.0.25-36.23.1
  • SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):
    • libsndfile-debugsource-1.0.25-36.23.1
    • libsndfile1-1.0.25-36.23.1
    • libsndfile1-debuginfo-1.0.25-36.23.1
  • SUSE Linux Enterprise Server 12-SP5 (s390x x86_64):
    • libsndfile1-32bit-1.0.25-36.23.1
    • libsndfile1-debuginfo-32bit-1.0.25-36.23.1
  • SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64):
    • libsndfile-debugsource-1.0.25-36.23.1
    • libsndfile1-1.0.25-36.23.1
    • libsndfile1-debuginfo-1.0.25-36.23.1
  • SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64):
    • libsndfile1-32bit-1.0.25-36.23.1
    • libsndfile1-debuginfo-32bit-1.0.25-36.23.1
  • SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64):
    • libsndfile-debugsource-1.0.25-36.23.1
    • libsndfile1-1.0.25-36.23.1
    • libsndfile1-debuginfo-1.0.25-36.23.1
  • SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64):
    • libsndfile1-32bit-1.0.25-36.23.1
    • libsndfile1-debuginfo-32bit-1.0.25-36.23.1
  • SUSE Linux Enterprise Server 12-SP3-BCL (x86_64):
    • libsndfile-debugsource-1.0.25-36.23.1
    • libsndfile1-1.0.25-36.23.1
    • libsndfile1-32bit-1.0.25-36.23.1
    • libsndfile1-debuginfo-1.0.25-36.23.1
    • libsndfile1-debuginfo-32bit-1.0.25-36.23.1
  • SUSE Linux Enterprise Server 12-SP2-BCL (x86_64):
    • libsndfile-debugsource-1.0.25-36.23.1
    • libsndfile1-1.0.25-36.23.1
    • libsndfile1-32bit-1.0.25-36.23.1
    • libsndfile1-debuginfo-1.0.25-36.23.1
    • libsndfile1-debuginfo-32bit-1.0.25-36.23.1

Vulnerable software versions

SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5

SUSE OpenStack Cloud: 9

External links

http://www.suse.com/support/update/announcement/2021/suse-su-20212615-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

3) Out-of-bounds read

EUVDB-ID: #VU16205

Risk: Low

CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2018-19758

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to heap-based buffer overread condition in the wav_write_headerfunction, as defined in the wav.c source code file. A remote attacker can trick the victim into following a custom link or opening a crafted audio file that submits malicious input, trigger memory corruption and perform a denial of service attack.

Mitigation

Install update from vendor's website.

  • SUSE OpenStack Cloud Crowbar 9 (x86_64):
    • libsndfile-debugsource-1.0.25-36.23.1
    • libsndfile1-1.0.25-36.23.1
    • libsndfile1-32bit-1.0.25-36.23.1
    • libsndfile1-debuginfo-1.0.25-36.23.1
    • libsndfile1-debuginfo-32bit-1.0.25-36.23.1
  • SUSE OpenStack Cloud 9 (x86_64):
    • libsndfile-debugsource-1.0.25-36.23.1
    • libsndfile1-1.0.25-36.23.1
    • libsndfile1-32bit-1.0.25-36.23.1
    • libsndfile1-debuginfo-1.0.25-36.23.1
    • libsndfile1-debuginfo-32bit-1.0.25-36.23.1
  • SUSE OpenStack Cloud 8 (x86_64):
    • libsndfile-debugsource-1.0.25-36.23.1
    • libsndfile1-1.0.25-36.23.1
    • libsndfile1-32bit-1.0.25-36.23.1
    • libsndfile1-debuginfo-1.0.25-36.23.1
    • libsndfile1-debuginfo-32bit-1.0.25-36.23.1
  • SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64):
    • libsndfile-debugsource-1.0.25-36.23.1
    • libsndfile-devel-1.0.25-36.23.1
  • SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64):
    • libsndfile-debugsource-1.0.25-36.23.1
    • libsndfile1-1.0.25-36.23.1
    • libsndfile1-debuginfo-1.0.25-36.23.1
  • SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64):
    • libsndfile1-32bit-1.0.25-36.23.1
    • libsndfile1-debuginfo-32bit-1.0.25-36.23.1
  • SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64):
    • libsndfile-debugsource-1.0.25-36.23.1
    • libsndfile1-1.0.25-36.23.1
    • libsndfile1-debuginfo-1.0.25-36.23.1
  • SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64):
    • libsndfile1-32bit-1.0.25-36.23.1
    • libsndfile1-debuginfo-32bit-1.0.25-36.23.1
  • SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):
    • libsndfile-debugsource-1.0.25-36.23.1
    • libsndfile1-1.0.25-36.23.1
    • libsndfile1-debuginfo-1.0.25-36.23.1
  • SUSE Linux Enterprise Server 12-SP5 (s390x x86_64):
    • libsndfile1-32bit-1.0.25-36.23.1
    • libsndfile1-debuginfo-32bit-1.0.25-36.23.1
  • SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64):
    • libsndfile-debugsource-1.0.25-36.23.1
    • libsndfile1-1.0.25-36.23.1
    • libsndfile1-debuginfo-1.0.25-36.23.1
  • SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64):
    • libsndfile1-32bit-1.0.25-36.23.1
    • libsndfile1-debuginfo-32bit-1.0.25-36.23.1
  • SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64):
    • libsndfile-debugsource-1.0.25-36.23.1
    • libsndfile1-1.0.25-36.23.1
    • libsndfile1-debuginfo-1.0.25-36.23.1
  • SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64):
    • libsndfile1-32bit-1.0.25-36.23.1
    • libsndfile1-debuginfo-32bit-1.0.25-36.23.1
  • SUSE Linux Enterprise Server 12-SP3-BCL (x86_64):
    • libsndfile-debugsource-1.0.25-36.23.1
    • libsndfile1-1.0.25-36.23.1
    • libsndfile1-32bit-1.0.25-36.23.1
    • libsndfile1-debuginfo-1.0.25-36.23.1
    • libsndfile1-debuginfo-32bit-1.0.25-36.23.1
  • SUSE Linux Enterprise Server 12-SP2-BCL (x86_64):
    • libsndfile-debugsource-1.0.25-36.23.1
    • libsndfile1-1.0.25-36.23.1
    • libsndfile1-32bit-1.0.25-36.23.1
    • libsndfile1-debuginfo-1.0.25-36.23.1
    • libsndfile1-debuginfo-32bit-1.0.25-36.23.1

Vulnerable software versions

SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5

SUSE OpenStack Cloud: 9

External links

http://www.suse.com/support/update/announcement/2021/suse-su-20212615-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

4) Heap-based buffer overflow

EUVDB-ID: #VU55455

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-3246

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error msadpcm_decode_block() function of libsndfile. A remote attacker can trick the victim to open a specially crafted WAV file, trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

  • SUSE OpenStack Cloud Crowbar 9 (x86_64):
    • libsndfile-debugsource-1.0.25-36.23.1
    • libsndfile1-1.0.25-36.23.1
    • libsndfile1-32bit-1.0.25-36.23.1
    • libsndfile1-debuginfo-1.0.25-36.23.1
    • libsndfile1-debuginfo-32bit-1.0.25-36.23.1
  • SUSE OpenStack Cloud 9 (x86_64):
    • libsndfile-debugsource-1.0.25-36.23.1
    • libsndfile1-1.0.25-36.23.1
    • libsndfile1-32bit-1.0.25-36.23.1
    • libsndfile1-debuginfo-1.0.25-36.23.1
    • libsndfile1-debuginfo-32bit-1.0.25-36.23.1
  • SUSE OpenStack Cloud 8 (x86_64):
    • libsndfile-debugsource-1.0.25-36.23.1
    • libsndfile1-1.0.25-36.23.1
    • libsndfile1-32bit-1.0.25-36.23.1
    • libsndfile1-debuginfo-1.0.25-36.23.1
    • libsndfile1-debuginfo-32bit-1.0.25-36.23.1
  • SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64):
    • libsndfile-debugsource-1.0.25-36.23.1
    • libsndfile-devel-1.0.25-36.23.1
  • SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64):
    • libsndfile-debugsource-1.0.25-36.23.1
    • libsndfile1-1.0.25-36.23.1
    • libsndfile1-debuginfo-1.0.25-36.23.1
  • SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64):
    • libsndfile1-32bit-1.0.25-36.23.1
    • libsndfile1-debuginfo-32bit-1.0.25-36.23.1
  • SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64):
    • libsndfile-debugsource-1.0.25-36.23.1
    • libsndfile1-1.0.25-36.23.1
    • libsndfile1-debuginfo-1.0.25-36.23.1
  • SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64):
    • libsndfile1-32bit-1.0.25-36.23.1
    • libsndfile1-debuginfo-32bit-1.0.25-36.23.1
  • SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):
    • libsndfile-debugsource-1.0.25-36.23.1
    • libsndfile1-1.0.25-36.23.1
    • libsndfile1-debuginfo-1.0.25-36.23.1
  • SUSE Linux Enterprise Server 12-SP5 (s390x x86_64):
    • libsndfile1-32bit-1.0.25-36.23.1
    • libsndfile1-debuginfo-32bit-1.0.25-36.23.1
  • SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64):
    • libsndfile-debugsource-1.0.25-36.23.1
    • libsndfile1-1.0.25-36.23.1
    • libsndfile1-debuginfo-1.0.25-36.23.1
  • SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64):
    • libsndfile1-32bit-1.0.25-36.23.1
    • libsndfile1-debuginfo-32bit-1.0.25-36.23.1
  • SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64):
    • libsndfile-debugsource-1.0.25-36.23.1
    • libsndfile1-1.0.25-36.23.1
    • libsndfile1-debuginfo-1.0.25-36.23.1
  • SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64):
    • libsndfile1-32bit-1.0.25-36.23.1
    • libsndfile1-debuginfo-32bit-1.0.25-36.23.1
  • SUSE Linux Enterprise Server 12-SP3-BCL (x86_64):
    • libsndfile-debugsource-1.0.25-36.23.1
    • libsndfile1-1.0.25-36.23.1
    • libsndfile1-32bit-1.0.25-36.23.1
    • libsndfile1-debuginfo-1.0.25-36.23.1
    • libsndfile1-debuginfo-32bit-1.0.25-36.23.1
  • SUSE Linux Enterprise Server 12-SP2-BCL (x86_64):
    • libsndfile-debugsource-1.0.25-36.23.1
    • libsndfile1-1.0.25-36.23.1
    • libsndfile1-32bit-1.0.25-36.23.1
    • libsndfile1-debuginfo-1.0.25-36.23.1
    • libsndfile1-debuginfo-32bit-1.0.25-36.23.1

Vulnerable software versions

SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5

SUSE OpenStack Cloud: 9

External links

http://www.suse.com/support/update/announcement/2021/suse-su-20212615-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###