-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: libsndfile security update Advisory ID: RHSA-2021:3297-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:3297 Issue date: 2021-08-30 CVE Names: CVE-2021-3246 ===================================================================== 1. Summary: An update for libsndfile is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat CodeReady Linux Builder EUS (v. 8.1) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux AppStream EUS (v. 8.1) - aarch64, ppc64le, s390x, x86_64 3. Description: libsndfile is a C library for reading and writing files containing sampled sound, such as AIFF, AU, or WAV. Security Fix(es): * libsndfile: Heap buffer overflow via crafted WAV file allows arbitrary code execution (CVE-2021-3246) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1984319 - CVE-2021-3246 libsndfile: Heap buffer overflow via crafted WAV file allows arbitrary code execution 6. Package List: Red Hat Enterprise Linux AppStream EUS (v. 8.1): Source: libsndfile-1.0.28-8.el8_1.1.src.rpm aarch64: libsndfile-1.0.28-8.el8_1.1.aarch64.rpm libsndfile-debuginfo-1.0.28-8.el8_1.1.aarch64.rpm libsndfile-debugsource-1.0.28-8.el8_1.1.aarch64.rpm libsndfile-utils-debuginfo-1.0.28-8.el8_1.1.aarch64.rpm ppc64le: libsndfile-1.0.28-8.el8_1.1.ppc64le.rpm libsndfile-debuginfo-1.0.28-8.el8_1.1.ppc64le.rpm libsndfile-debugsource-1.0.28-8.el8_1.1.ppc64le.rpm libsndfile-utils-debuginfo-1.0.28-8.el8_1.1.ppc64le.rpm s390x: libsndfile-1.0.28-8.el8_1.1.s390x.rpm libsndfile-debuginfo-1.0.28-8.el8_1.1.s390x.rpm libsndfile-debugsource-1.0.28-8.el8_1.1.s390x.rpm libsndfile-utils-debuginfo-1.0.28-8.el8_1.1.s390x.rpm x86_64: libsndfile-1.0.28-8.el8_1.1.i686.rpm libsndfile-1.0.28-8.el8_1.1.x86_64.rpm libsndfile-debuginfo-1.0.28-8.el8_1.1.i686.rpm libsndfile-debuginfo-1.0.28-8.el8_1.1.x86_64.rpm libsndfile-debugsource-1.0.28-8.el8_1.1.i686.rpm libsndfile-debugsource-1.0.28-8.el8_1.1.x86_64.rpm libsndfile-utils-debuginfo-1.0.28-8.el8_1.1.i686.rpm libsndfile-utils-debuginfo-1.0.28-8.el8_1.1.x86_64.rpm Red Hat CodeReady Linux Builder EUS (v. 8.1): aarch64: libsndfile-debuginfo-1.0.28-8.el8_1.1.aarch64.rpm libsndfile-debugsource-1.0.28-8.el8_1.1.aarch64.rpm libsndfile-devel-1.0.28-8.el8_1.1.aarch64.rpm libsndfile-utils-debuginfo-1.0.28-8.el8_1.1.aarch64.rpm ppc64le: libsndfile-debuginfo-1.0.28-8.el8_1.1.ppc64le.rpm libsndfile-debugsource-1.0.28-8.el8_1.1.ppc64le.rpm libsndfile-devel-1.0.28-8.el8_1.1.ppc64le.rpm libsndfile-utils-debuginfo-1.0.28-8.el8_1.1.ppc64le.rpm s390x: libsndfile-debuginfo-1.0.28-8.el8_1.1.s390x.rpm libsndfile-debugsource-1.0.28-8.el8_1.1.s390x.rpm libsndfile-devel-1.0.28-8.el8_1.1.s390x.rpm libsndfile-utils-debuginfo-1.0.28-8.el8_1.1.s390x.rpm x86_64: libsndfile-debuginfo-1.0.28-8.el8_1.1.i686.rpm libsndfile-debuginfo-1.0.28-8.el8_1.1.x86_64.rpm libsndfile-debugsource-1.0.28-8.el8_1.1.i686.rpm libsndfile-debugsource-1.0.28-8.el8_1.1.x86_64.rpm libsndfile-devel-1.0.28-8.el8_1.1.i686.rpm libsndfile-devel-1.0.28-8.el8_1.1.x86_64.rpm libsndfile-utils-debuginfo-1.0.28-8.el8_1.1.i686.rpm libsndfile-utils-debuginfo-1.0.28-8.el8_1.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-3246 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYSyTS9zjgjWX9erEAQg/VQ/+KMoXuKcGMjY0X9EsLJFLbnAaOtdHRGp0 DyS6UGZH+2SGTHid5Mp0DMXP2HfChrG2MMgbWNe79HqlMozLIB/FU+ebp4Xc7bdg gieCAlSMjUWBcrcpWYPbkE420sVhuSOiEACMRMQOsvAj5+JH1Z7ZibAoELNhrJHO SBGnSrmoqwwDzqG+oqxa3UDwL8MJac/CzhsjiDrSlyfGTgbtPG/h0+bmUAZo9MiO NlA3KunpoI4Yycp9JAklY/0O9NWFa+g/b/dJNmQ/BGZcu52VLcw4vQ8PcqSBO18q eV93zd+1veg7PT8KhubLBXD2ossthJBvenXp7RnesBTepn+4jvrsYDmgzM24zMfh 2UeOiTLuz+aPO4OzOIXiLwz3BPIlXsgfEP282dSaId8Y87e8k1SCexgqRJ5wNxCw iuNRowmz+mEc1ArM/qdsJaZ2JEB9jOYZXuiRXCIzTlyrTI0k/lhuWTHdj9bbfbSv 1/O2nSPIXiEr2DwfUiUvSUAh6phD27BNn7DdN7HiT+HDZAlS1BZxsYMGCw+Jj0yw TwxX/G5g0ur4Wyiw26if2377p1w5LcFvqZO2jweqnXRhLzLs/vb+7zaBZ13skMJ8 fc+yiB9AQclsxEa6HW6qDJjdVl8x42GAv5AoCI60ae5n5oYXjBG+OcJmZPVCyEwy TwipvCnksnU= =3vVA -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce