Описание
Security update for vorbis-tools
vorbis-tools was updated to fix a buffer overflow in aiff_open() that could be triggered by opening prepared malicious files. (CVE-2015-6749, bsc#943795).
Список пакетов
SUSE Linux Enterprise Desktop 12
vorbis-tools-1.4.0-26.1
vorbis-tools-lang-1.4.0-26.1
SUSE Linux Enterprise Server 12
vorbis-tools-1.4.0-26.1
vorbis-tools-lang-1.4.0-26.1
SUSE Linux Enterprise Server for SAP Applications 12
vorbis-tools-1.4.0-26.1
vorbis-tools-lang-1.4.0-26.1
Ссылки
- Link for SUSE-SU-2015:1765-1
- E-Mail link for SUSE-SU-2015:1765-1
- SUSE Security Ratings
- SUSE Bug 943795
- SUSE CVE CVE-2015-6749 page
Описание
Buffer overflow in the aiff_open function in oggenc/audio.c in vorbis-tools 1.4.0 and earlier allows remote attackers to cause a denial of service (crash) via a crafted AIFF file.
Затронутые продукты
SUSE Linux Enterprise Desktop 12:vorbis-tools-1.4.0-26.1
SUSE Linux Enterprise Desktop 12:vorbis-tools-lang-1.4.0-26.1
SUSE Linux Enterprise Server 12:vorbis-tools-1.4.0-26.1
SUSE Linux Enterprise Server 12:vorbis-tools-lang-1.4.0-26.1
Ссылки
- CVE-2015-6749
- SUSE Bug 943795