You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa soundtouch

Sigurnosni nedostaci programskog paketa soundtouch

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LFE

Fedora Update Notification
2018-08-20 18:41:00.455946

Name : soundtouch
Product : Fedora 28
Version : 2.0.0
Release : 6.fc28
Summary : Audio Processing library for changing Tempo, Pitch and Playback Rates
Description :
SoundTouch is a LGPL-licensed open-source audio processing library for
changing the Tempo, Pitch and Playback Rates of audio streams or
files. The SoundTouch library is suited for application developers
writing sound processing tools that require tempo/pitch control
functionality, or just for playing around with the sound effects.

The SoundTouch library source kit includes an example utility
SoundStretch which allows processing .wav audio files from a
command-line interface.

Update Information:

Security fix for CVE-2018-14044, CVE-2018-14045 and CVE-2018-1000223

* Tue Aug 14 2018 Hans de Goede <> – 2.0.0-6
– The last round of security fixes also fixes CVE-2018-14044, CVE-2018-14045
(rhbz#1601618, rhbz#1601620, rhbz#1601624, rhbz#1601625)
* Tue Aug 14 2018 Hans de Goede <> – 2.0.0-5
– Security fix for CVE-2018-1000223 (rhbz#1609193, rhbz#1609194)
* Sat Jul 14 2018 Fedora Release Engineering <> – 2.0.0-4
– Rebuilt for
* Thu Jul 5 2018 Hans de Goede <> 2.0.0-3
– Security fix for CVE-2017-9258, CVE-2017-9259, CVE-2017-9260 (rhbz#1475759)

[ 1 ] Bug #1601624 – CVE-2018-14045 soundtouch: Reachable assertion in FIRFilter.cpp causing denial of service
[ 2 ] Bug #1601618 – CVE-2018-14044 soundtouch: Reachable assertion in RateTransposer::setChannels() causing denial of service
[ 3 ] Bug #1609193 – CVE-2018-1000223 soundtouch: Heap-based buffer overflow in SoundStretch/WavFile.cpp:WavInFile::readHeaderBlock() potentially leading to code execution

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2018-f4f75985b8’ at the command
line. For more information, refer to the dnf documentation available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list —
To unsubscribe send an email to
Fedora Code of Conduct:
List Guidelines:
List Archives:

AutorZvonimir Bosnjak
Cert idNCERT-REF-2018-08-0001-ADV
More in Preporuke
Sigurnosni nedostaci programskog paketa mutt

Otkriveni su sigurnosni nedostaci u programskom paketu mutt za operacijski sustav RHEL. Otkriveni nedostaci potencijalnim napadačima omogućuju izvršavanje proizvoljnog programskog...