Parent Directory | Revision Log
MGASA-2018-0294: libvorbis-1.3.5-2.4.mga6, libvorbis-1.3.5-1.4.mga5
1 | type: security |
2 | subject: Updated libvorbis packages fix security vulnerabilities |
3 | CVE: |
4 | - CVE-2017-14160 |
5 | - CVE-2018-10392 |
6 | - CVE-2018-10393 |
7 | src: |
8 | 5: |
9 | core: |
10 | - libvorbis-1.3.5-1.4.mga5 |
11 | 6: |
12 | core: |
13 | - libvorbis-1.3.5-2.4.mga6 |
14 | description: | |
15 | The updated packages fix security vulnerabilities: |
16 | |
17 | The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis 1.3.5 allows |
18 | remote attackers to cause a denial of service (out-of-bounds access and |
19 | application crash) or possibly have unspecified other impact via a crafted mp4 |
20 | file. (CVE-2017-14160) |
21 | |
22 | mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the |
23 | number of channels, which allows remote attackers to cause a denial of service |
24 | (heap-based buffer overflow or over-read) or possibly have unspecified other |
25 | impact via a crafted file. (CVE-2018-10392) |
26 | |
27 | bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based |
28 | buffer over-read. (CVE-2018-10393) |
29 | references: |
30 | - https://bugs.mageia.org/show_bug.cgi?id=23145 |
31 | - https://lists.opensuse.org/opensuse-updates/2018-05/msg00067.html |
32 | - http://lists.suse.com/pipermail/sle-security-updates/2018-June/004158.html |
33 | - https://lists.opensuse.org/opensuse-updates/2018-06/msg00047.html |
34 | ID: MGASA-2018-0294 |
ViewVC Help | |
Powered by ViewVC 1.1.30 |