Описание
Security update for vorbis-tools
Vorbis tools was updated to fix division by zero and integer overflows by crafted WAV files (CVE-2014-9638, CVE-2014-9639, bnc#914439, bnc#914441), that would allow attackers to crash the vorbis tools processes.
Список пакетов
SUSE Linux Enterprise Desktop 12
vorbis-tools-1.4.0-23.1
vorbis-tools-lang-1.4.0-23.1
SUSE Linux Enterprise Server 12
vorbis-tools-1.4.0-23.1
vorbis-tools-lang-1.4.0-23.1
SUSE Linux Enterprise Server for SAP Applications 12
vorbis-tools-1.4.0-23.1
vorbis-tools-lang-1.4.0-23.1
Ссылки
- Link for SUSE-SU-2015:1014-1
- E-Mail link for SUSE-SU-2015:1014-1
- SUSE Security Ratings
- SUSE Bug 914439
- SUSE Bug 914441
- SUSE CVE CVE-2014-9638 page
- SUSE CVE CVE-2014-9639 page
Описание
oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a WAV file with the number of channels set to zero.
Затронутые продукты
SUSE Linux Enterprise Desktop 12:vorbis-tools-1.4.0-23.1
SUSE Linux Enterprise Desktop 12:vorbis-tools-lang-1.4.0-23.1
SUSE Linux Enterprise Server 12:vorbis-tools-1.4.0-23.1
SUSE Linux Enterprise Server 12:vorbis-tools-lang-1.4.0-23.1
Ссылки
- CVE-2014-9638
- SUSE Bug 914439
- SUSE Bug 914441
Описание
Integer overflow in oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (crash) via a crafted number of channels in a WAV file, which triggers an out-of-bounds memory access.
Затронутые продукты
SUSE Linux Enterprise Desktop 12:vorbis-tools-1.4.0-23.1
SUSE Linux Enterprise Desktop 12:vorbis-tools-lang-1.4.0-23.1
SUSE Linux Enterprise Server 12:vorbis-tools-1.4.0-23.1
SUSE Linux Enterprise Server 12:vorbis-tools-lang-1.4.0-23.1
Ссылки
- CVE-2014-9639
- SUSE Bug 1081744
- SUSE Bug 914439
- SUSE Bug 914441