FERRAMENTAS LINUX: Critical Audiofile Security Update: Patch CVE-2019-13147 & CVE-2022-24599 Vulnerabilities

sexta-feira, 16 de maio de 2025

Critical Audiofile Security Update: Patch CVE-2019-13147 & CVE-2022-24599 Vulnerabilities

 

SUSE



Urgent SUSE Linux security update patches audiofile vulnerabilities CVE-2019-13147 (DoS risk) and CVE-2022-24599 (data leak). Learn how to protect your enterprise systems with the latest patches for openSUSE Leap 15.6, SLE 15 SP6, and more.


Why This Update Matters for Enterprise Security

A newly released SUSE Linux security patch addresses two critical vulnerabilities in the audiofile library, a core component for audio processing in enterprise environments.

 Rated moderate by SUSE, these flaws could lead to denial-of-service (DoS) attacks or sensitive data leaks if left unpatched.

Affected Products

  • SUSE Linux Enterprise Server 15 SP6 (including SAP variants)

  • openSUSE Leap 15.6

  • SUSE Linux Enterprise Desktop 15 SP6

  • Real-Time and Desktop Applications Module

Vulnerability Breakdown & Risk Assessment

1. CVE-2019-13147: NULL Pointer Dereference (DoS)

  • CVSS Score: 6.5 (NVD) | 3.3 (SUSE)

  • Impact: Attackers could crash systems via malicious audio files.

  • Patch Fixes: Resolves a buffer handling flaw in ulaw2linear_buf.

2. CVE-2022-24599: Unverified Input (Data Leak)

  • CVSS Score: 6.5 (NVD) | 4.4 (SUSE)

  • Impact: Exploitable to extract memory contents from vulnerable systems.

  • Patch Fixes: Validates user input in audio file processing.

How to Apply the Patch

Recommended Methods

  • YaST Online Update (GUI)

  • Terminal Command:

    bash
    Copy
    Download
    zypper patch

Manual Installation (Product-Specific)

  • openSUSE Leap 15.6:

    bash
    Copy
    Download
    zypper in -t patch openSUSE-SLE-15.6-2025-1559=1

  • SUSE Linux Enterprise 15 SP6:

    bash
    Copy
    Download
    zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP6-2025-1559=1

Package Updates & Debugging Tools

Patched versions include:

  • audiofile-0.3.6-150000.3.12.1

  • libaudiofile1 (32-bit/64-bit)

  • Debug symbols (-debuginfo) for troubleshooting.

Full package listSee original bulletin

Additional Resources

FAQ: Enterprise Security Best Practices

Q: Is this update mandatory for all systems?

A: Yes, if audiofile is installed—especially on servers processing user-uploaded files.

Q: How urgent is deployment?

A: Prioritize if your systems are internet-facing or handle sensitive data.

Q: Are containers affected?

A: Only if using vulnerable host-level audiofile libraries.


Cezar Henrique at
Marcadores: Linux, Android, Segurança , , ,

Nenhum comentário:

Postar um comentário

Assinar: Postar comentários (Atom)