Parent Directory
| 
Revision Log
MGASA-2018-0294: libvorbis-1.3.5-2.4.mga6, libvorbis-1.3.5-1.4.mga5
| 1 | type: security |
| 2 | subject: Updated libvorbis packages fix security vulnerabilities |
| 3 | CVE: |
| 4 | - CVE-2017-14160 |
| 5 | - CVE-2018-10392 |
| 6 | - CVE-2018-10393 |
| 7 | src: |
| 8 | 5: |
| 9 | core: |
| 10 | - libvorbis-1.3.5-1.4.mga5 |
| 11 | 6: |
| 12 | core: |
| 13 | - libvorbis-1.3.5-2.4.mga6 |
| 14 | description: | |
| 15 | The updated packages fix security vulnerabilities: |
| 16 | |
| 17 | The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis 1.3.5 allows |
| 18 | remote attackers to cause a denial of service (out-of-bounds access and |
| 19 | application crash) or possibly have unspecified other impact via a crafted mp4 |
| 20 | file. (CVE-2017-14160) |
| 21 | |
| 22 | mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the |
| 23 | number of channels, which allows remote attackers to cause a denial of service |
| 24 | (heap-based buffer overflow or over-read) or possibly have unspecified other |
| 25 | impact via a crafted file. (CVE-2018-10392) |
| 26 | |
| 27 | bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based |
| 28 | buffer over-read. (CVE-2018-10393) |
| 29 | references: |
| 30 | - https://bugs.mageia.org/show_bug.cgi?id=23145 |
| 31 | - https://lists.opensuse.org/opensuse-updates/2018-05/msg00067.html |
| 32 | - http://lists.suse.com/pipermail/sle-security-updates/2018-June/004158.html |
| 33 | - https://lists.opensuse.org/opensuse-updates/2018-06/msg00047.html |
| 34 | ID: MGASA-2018-0294 |
| ViewVC Help | |
| Powered by ViewVC 1.1.30 |