Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2022:8139: Red Hat Security Advisory: wavpack security update

An update for wavpack is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2021-44269: wavpack: Heap out-of-bounds read in WavpackPackSamples()
Red Hat Security Data
Open in Source
#vulnerability#web#linux#red_hat#nodejs#js#java#kubernetes#aws#ibm#ssl

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager

All Products

Issued:

2022-11-15

Updated:

2022-11-15

RHSA-2022:8139 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Low: wavpack security update

Type/Severity

Security Advisory: Low

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for wavpack is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

WavPack is a completely open audio compression format providing lossless, high-quality lossy, and a unique hybrid compression mode.

Security Fix(es):

  • wavpack: Heap out-of-bounds read in WavpackPackSamples() (CVE-2021-44269)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes linked from the References section.

Affected Products

  • Red Hat Enterprise Linux for x86_64 9 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 9 s390x
  • Red Hat Enterprise Linux for Power, little endian 9 ppc64le
  • Red Hat Enterprise Linux for ARM 64 9 aarch64
  • Red Hat CodeReady Linux Builder for x86_64 9 x86_64
  • Red Hat CodeReady Linux Builder for Power, little endian 9 ppc64le
  • Red Hat CodeReady Linux Builder for ARM 64 9 aarch64
  • Red Hat CodeReady Linux Builder for IBM z Systems 9 s390x

Fixes

  • BZ - 2064457 - CVE-2021-44269 wavpack: Heap out-of-bounds read in WavpackPackSamples()

References

  • https://access.redhat.com/security/updates/classification/#low
  • https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.1_release_notes/index

Red Hat Enterprise Linux for x86_64 9

SRPM

wavpack-5.4.0-5.el9.src.rpm

SHA-256: 9077486dc7a88f84533026be4e3a47a43b6e7d3dbb1f619dc602c2846cce5c6d

x86_64

wavpack-5.4.0-5.el9.i686.rpm

SHA-256: 2c36d7cfd11923d7e854ca5e34ff03f8f726029cf33feed373133699da3f26f6

wavpack-5.4.0-5.el9.x86_64.rpm

SHA-256: 4456a861128281a6a1a1cebbfe08059f5fd33fa447d26bca1f0be0627ffd9d2a

wavpack-debuginfo-5.4.0-5.el9.i686.rpm

SHA-256: cea7fa129d6246819357c34ab90adf45990b9e30bb0d6dc586c1df41a8167173

wavpack-debuginfo-5.4.0-5.el9.x86_64.rpm

SHA-256: 7f86f2b82629e7c5a1b47245d5fdcc594560f47615a9c6b242f6b6ac8b49c55b

wavpack-debugsource-5.4.0-5.el9.i686.rpm

SHA-256: 28053e76ba58123530fbce32ced1c2dbdb9b4249bcfe014b4c87fc97a2eafd12

wavpack-debugsource-5.4.0-5.el9.x86_64.rpm

SHA-256: 653e32fe833db6e64c712315db7b0ebc13c03370ba66f339161b931667636aaa

Red Hat Enterprise Linux for IBM z Systems 9

SRPM

wavpack-5.4.0-5.el9.src.rpm

SHA-256: 9077486dc7a88f84533026be4e3a47a43b6e7d3dbb1f619dc602c2846cce5c6d

s390x

wavpack-5.4.0-5.el9.s390x.rpm

SHA-256: aa699fb7302567bb9ff7ae9b06d6df380dded1686d35a6d410f5f5d36f31b323

wavpack-debuginfo-5.4.0-5.el9.s390x.rpm

SHA-256: 4e7816eafa0e8527d60c6001861e262d90d9e6e1fd858f4b51fb8b0f4d5b4548

wavpack-debugsource-5.4.0-5.el9.s390x.rpm

SHA-256: 78e0b1b6abe9253e9fd048daa2b6e20b457f1526a37c805b3b52d6681ade8363

Red Hat Enterprise Linux for Power, little endian 9

SRPM

wavpack-5.4.0-5.el9.src.rpm

SHA-256: 9077486dc7a88f84533026be4e3a47a43b6e7d3dbb1f619dc602c2846cce5c6d

ppc64le

wavpack-5.4.0-5.el9.ppc64le.rpm

SHA-256: ead0440281e7d59724e17b79f26e16c14e41579342f6f20c481d74fe772632dc

wavpack-debuginfo-5.4.0-5.el9.ppc64le.rpm

SHA-256: 8817d340402ca598954e831ae00f9dc1d4ec69e0a88875bf078d9b6d5509f181

wavpack-debugsource-5.4.0-5.el9.ppc64le.rpm

SHA-256: a8f101db1d5be62aef9773405ba792e6a48760bd0d0e0bb45d7b0b8fb3747d4c

Red Hat Enterprise Linux for ARM 64 9

SRPM

wavpack-5.4.0-5.el9.src.rpm

SHA-256: 9077486dc7a88f84533026be4e3a47a43b6e7d3dbb1f619dc602c2846cce5c6d

aarch64

wavpack-5.4.0-5.el9.aarch64.rpm

SHA-256: a30acd396c2536e71738eeba5ea56fb7b5f45cf264bad36b2a0ed5563d249ef4

wavpack-debuginfo-5.4.0-5.el9.aarch64.rpm

SHA-256: 771dc49f51d16d7d25e4dbd124226697311b7e601ae40e366f9e81ca50e71a19

wavpack-debugsource-5.4.0-5.el9.aarch64.rpm

SHA-256: e655645b8d0c76054eb82c5ea509019253220f7214fdfbb679e049ea05626935

Red Hat CodeReady Linux Builder for x86_64 9

SRPM

x86_64

wavpack-debuginfo-5.4.0-5.el9.i686.rpm

SHA-256: cea7fa129d6246819357c34ab90adf45990b9e30bb0d6dc586c1df41a8167173

wavpack-debuginfo-5.4.0-5.el9.x86_64.rpm

SHA-256: 7f86f2b82629e7c5a1b47245d5fdcc594560f47615a9c6b242f6b6ac8b49c55b

wavpack-debugsource-5.4.0-5.el9.i686.rpm

SHA-256: 28053e76ba58123530fbce32ced1c2dbdb9b4249bcfe014b4c87fc97a2eafd12

wavpack-debugsource-5.4.0-5.el9.x86_64.rpm

SHA-256: 653e32fe833db6e64c712315db7b0ebc13c03370ba66f339161b931667636aaa

wavpack-devel-5.4.0-5.el9.i686.rpm

SHA-256: d41c483127d01c3704e48eea61c60672047b6acffb82c419c4aeb4f8dc188bc1

wavpack-devel-5.4.0-5.el9.x86_64.rpm

SHA-256: fd9f13f3662d1963382b8ff9e7f70ab3a1e693511752d8a55f839033bf8da86a

Red Hat CodeReady Linux Builder for Power, little endian 9

SRPM

ppc64le

wavpack-debuginfo-5.4.0-5.el9.ppc64le.rpm

SHA-256: 8817d340402ca598954e831ae00f9dc1d4ec69e0a88875bf078d9b6d5509f181

wavpack-debugsource-5.4.0-5.el9.ppc64le.rpm

SHA-256: a8f101db1d5be62aef9773405ba792e6a48760bd0d0e0bb45d7b0b8fb3747d4c

wavpack-devel-5.4.0-5.el9.ppc64le.rpm

SHA-256: c9c711ecc53657d2e9d7574142fbc28faa2e20a5e6b3c6cbf1d391185b29487c

Red Hat CodeReady Linux Builder for ARM 64 9

SRPM

aarch64

wavpack-debuginfo-5.4.0-5.el9.aarch64.rpm

SHA-256: 771dc49f51d16d7d25e4dbd124226697311b7e601ae40e366f9e81ca50e71a19

wavpack-debugsource-5.4.0-5.el9.aarch64.rpm

SHA-256: e655645b8d0c76054eb82c5ea509019253220f7214fdfbb679e049ea05626935

wavpack-devel-5.4.0-5.el9.aarch64.rpm

SHA-256: 4e67a3fe07b0bef7a8214aaef548b8e09213af042f91aef2fb9b37185a054c74

Red Hat CodeReady Linux Builder for IBM z Systems 9

SRPM

s390x

wavpack-debuginfo-5.4.0-5.el9.s390x.rpm

SHA-256: 4e7816eafa0e8527d60c6001861e262d90d9e6e1fd858f4b51fb8b0f4d5b4548

wavpack-debugsource-5.4.0-5.el9.s390x.rpm

SHA-256: 78e0b1b6abe9253e9fd048daa2b6e20b457f1526a37c805b3b52d6681ade8363

wavpack-devel-5.4.0-5.el9.s390x.rpm

SHA-256: dbcbd2fa5b9ca5345e5406bfb648ac5d77c1fde8fc981d7d91711f54c17353af

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

RHSA-2022:7558: Red Hat Security Advisory: wavpack security update

An update for wavpack is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-44269: wavpack: Heap out-of-bounds read in WavpackPackSamples()

CVE-2021-44269: A heap Out-of-bounds Read in WavpackPackSamples (src/pack_utils.c) · Issue #110 · dbry/WavPack

An out of bounds read was found in Wavpack 5.4.0 in processing *.WAV files. This issue triggered in function WavpackPackSamples of file src/pack_utils.c, tainted variable cnt is too large, that makes pointer sptr read beyond heap bound.

Red Hat Security Data: Latest News

RHSA-2023:5627: Red Hat Security Advisory: kernel security, bug fix, and enhancement update
Red Hat Security Data