Headline
RHSA-2022:7558: Red Hat Security Advisory: wavpack security update
An update for wavpack is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2021-44269: wavpack: Heap out-of-bounds read in WavpackPackSamples()
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2022-11-08
Updated:
2022-11-08
RHSA-2022:7558 - Security Advisory
- Overview
- Updated Packages
Synopsis
Low: wavpack security update
Type/Severity
Security Advisory: Low
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for wavpack is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
WavPack is a completely open audio compression format providing lossless, high-quality lossy and a unique hybrid compression mode.
Security Fix(es):
- wavpack: Heap out-of-bounds read in WavpackPackSamples() (CVE-2021-44269)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes linked from the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 8 x86_64
- Red Hat Enterprise Linux for IBM z Systems 8 s390x
- Red Hat Enterprise Linux for Power, little endian 8 ppc64le
- Red Hat Enterprise Linux for ARM 64 8 aarch64
- Red Hat CodeReady Linux Builder for x86_64 8 x86_64
- Red Hat CodeReady Linux Builder for Power, little endian 8 ppc64le
- Red Hat CodeReady Linux Builder for ARM 64 8 aarch64
- Red Hat CodeReady Linux Builder for IBM z Systems 8 s390x
Fixes
- BZ - 2064457 - CVE-2021-44269 wavpack: Heap out-of-bounds read in WavpackPackSamples()
References
- https://access.redhat.com/security/updates/classification/#low
- https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index
Red Hat Enterprise Linux for x86_64 8
SRPM
wavpack-5.1.0-16.el8.src.rpm
SHA-256: 7cbc8f885534a9679733e9d8b8f387fdad6ef6836ed0f7f3a2ac96903e7461bf
x86_64
wavpack-5.1.0-16.el8.i686.rpm
SHA-256: 3d4d5b147948d8db50107ce92b31426f79a77811fe529144a0815fd360dd83fe
wavpack-5.1.0-16.el8.x86_64.rpm
SHA-256: f5e5daf2859758a44819e22ff9ae3f68acd919648db7685a27c6f19de55776a9
wavpack-debuginfo-5.1.0-16.el8.i686.rpm
SHA-256: 8494ae44b057277ea6a0215255e0c7e694b3f0d8a7103c3ac5f64686cdfb7c74
wavpack-debuginfo-5.1.0-16.el8.x86_64.rpm
SHA-256: 5cd3c99b39a9b036661e7a4481a3309d3f32a5e3449d340bbdcca2bafd82ecc4
wavpack-debugsource-5.1.0-16.el8.i686.rpm
SHA-256: 31ffe5d611830ccc10d3fa5f91e996ed4c892c759e418f3678c8aeebc90d790a
wavpack-debugsource-5.1.0-16.el8.x86_64.rpm
SHA-256: 0202ea4e841917913fa314e056120060d3a4eb4e2f1ceb469eb9a69162dcfedc
Red Hat Enterprise Linux for IBM z Systems 8
SRPM
wavpack-5.1.0-16.el8.src.rpm
SHA-256: 7cbc8f885534a9679733e9d8b8f387fdad6ef6836ed0f7f3a2ac96903e7461bf
s390x
wavpack-5.1.0-16.el8.s390x.rpm
SHA-256: 92d1c61ad6883af19377bd4d717cb1b088528452089c99a2e158fa927b472bc1
wavpack-debuginfo-5.1.0-16.el8.s390x.rpm
SHA-256: 67d6b58b4e0becf2ce23e06daa30c2719678e4749c2526377c9762de70e572ba
wavpack-debugsource-5.1.0-16.el8.s390x.rpm
SHA-256: a6f794fff17e98b395550d89ec92bc31979a962cabb70cc8263e252364c13996
Red Hat Enterprise Linux for Power, little endian 8
SRPM
wavpack-5.1.0-16.el8.src.rpm
SHA-256: 7cbc8f885534a9679733e9d8b8f387fdad6ef6836ed0f7f3a2ac96903e7461bf
ppc64le
wavpack-5.1.0-16.el8.ppc64le.rpm
SHA-256: 2e6aa29de652a0d3fdad3f372ec4114d32c1d7fcb36908e8a440a1a7f4828be0
wavpack-debuginfo-5.1.0-16.el8.ppc64le.rpm
SHA-256: 267e1ead7d4f94567076328ff4cf9cd5daab1acaf50d88d612631141cf33eb06
wavpack-debugsource-5.1.0-16.el8.ppc64le.rpm
SHA-256: 5c396fd1c36f238178aec58af66c13ed8c9f732a2b92fdf9da5e065a58bd0372
Red Hat Enterprise Linux for ARM 64 8
SRPM
wavpack-5.1.0-16.el8.src.rpm
SHA-256: 7cbc8f885534a9679733e9d8b8f387fdad6ef6836ed0f7f3a2ac96903e7461bf
aarch64
wavpack-5.1.0-16.el8.aarch64.rpm
SHA-256: 39c4cfa1643f44939f09e383f99367e8bb10ba82291aa68d3b6e2c6a9e1f303f
wavpack-debuginfo-5.1.0-16.el8.aarch64.rpm
SHA-256: 86a19fef88d6905e5cbc4765defec6ef920bdbbf386c6809409669dca0bff9ed
wavpack-debugsource-5.1.0-16.el8.aarch64.rpm
SHA-256: ad59b884b96db15d0f535748f7ca569839751113843b5fc7c7bfa8bd9d2dadae
Red Hat CodeReady Linux Builder for x86_64 8
SRPM
x86_64
wavpack-debuginfo-5.1.0-16.el8.i686.rpm
SHA-256: 8494ae44b057277ea6a0215255e0c7e694b3f0d8a7103c3ac5f64686cdfb7c74
wavpack-debuginfo-5.1.0-16.el8.x86_64.rpm
SHA-256: 5cd3c99b39a9b036661e7a4481a3309d3f32a5e3449d340bbdcca2bafd82ecc4
wavpack-debugsource-5.1.0-16.el8.i686.rpm
SHA-256: 31ffe5d611830ccc10d3fa5f91e996ed4c892c759e418f3678c8aeebc90d790a
wavpack-debugsource-5.1.0-16.el8.x86_64.rpm
SHA-256: 0202ea4e841917913fa314e056120060d3a4eb4e2f1ceb469eb9a69162dcfedc
wavpack-devel-5.1.0-16.el8.i686.rpm
SHA-256: ea1e740f20a4a281e60e2a3adf516725e1664d417f5bce8d0689e0cc9e835d07
wavpack-devel-5.1.0-16.el8.x86_64.rpm
SHA-256: 67816a427a0599d8f6e8ca06ae93def4bca8856ba21aa6e7807cad8db9342ca2
Red Hat CodeReady Linux Builder for Power, little endian 8
SRPM
ppc64le
wavpack-debuginfo-5.1.0-16.el8.ppc64le.rpm
SHA-256: 267e1ead7d4f94567076328ff4cf9cd5daab1acaf50d88d612631141cf33eb06
wavpack-debugsource-5.1.0-16.el8.ppc64le.rpm
SHA-256: 5c396fd1c36f238178aec58af66c13ed8c9f732a2b92fdf9da5e065a58bd0372
wavpack-devel-5.1.0-16.el8.ppc64le.rpm
SHA-256: 00552b3d2d1eb6aed450220da832f572a90cbfd5d211900f0fc0231ea99f8235
Red Hat CodeReady Linux Builder for ARM 64 8
SRPM
aarch64
wavpack-debuginfo-5.1.0-16.el8.aarch64.rpm
SHA-256: 86a19fef88d6905e5cbc4765defec6ef920bdbbf386c6809409669dca0bff9ed
wavpack-debugsource-5.1.0-16.el8.aarch64.rpm
SHA-256: ad59b884b96db15d0f535748f7ca569839751113843b5fc7c7bfa8bd9d2dadae
wavpack-devel-5.1.0-16.el8.aarch64.rpm
SHA-256: f604df0b738d84260a1d571caf190c4f7bdbc12228290fcc94d72202eb38141a
Red Hat CodeReady Linux Builder for IBM z Systems 8
SRPM
s390x
wavpack-debuginfo-5.1.0-16.el8.s390x.rpm
SHA-256: 67d6b58b4e0becf2ce23e06daa30c2719678e4749c2526377c9762de70e572ba
wavpack-debugsource-5.1.0-16.el8.s390x.rpm
SHA-256: a6f794fff17e98b395550d89ec92bc31979a962cabb70cc8263e252364c13996
wavpack-devel-5.1.0-16.el8.s390x.rpm
SHA-256: 472429fe2a7367d909bca334035a52da9bd18fac38fe86e5a53aca632d2842d3
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
An update for wavpack is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-44269: wavpack: Heap out-of-bounds read in WavpackPackSamples()
An out of bounds read was found in Wavpack 5.4.0 in processing *.WAV files. This issue triggered in function WavpackPackSamples of file src/pack_utils.c, tainted variable cnt is too large, that makes pointer sptr read beyond heap bound.