Описание
Security update for libvorbis
This update for libvorbis fixes the following issues:
- CVE-2017-14633: out-of-bounds array read vulnerability exists in function mapping0_forward() could lead to remote denial of service (bsc#1059811)
- CVE-2017-14632: Remote Code Execution upon freeing uninitialized memory in function vorbis_analysis_headerout(bsc#1059809)
Список пакетов
SUSE Linux Enterprise Desktop 12 SP2
libvorbis0-1.3.3-10.3.1
libvorbis0-32bit-1.3.3-10.3.1
libvorbisenc2-1.3.3-10.3.1
libvorbisenc2-32bit-1.3.3-10.3.1
libvorbisfile3-1.3.3-10.3.1
libvorbisfile3-32bit-1.3.3-10.3.1
SUSE Linux Enterprise Desktop 12 SP3
libvorbis0-1.3.3-10.3.1
libvorbis0-32bit-1.3.3-10.3.1
libvorbisenc2-1.3.3-10.3.1
libvorbisenc2-32bit-1.3.3-10.3.1
libvorbisfile3-1.3.3-10.3.1
libvorbisfile3-32bit-1.3.3-10.3.1
SUSE Linux Enterprise Server 12 SP2
libvorbis-doc-1.3.3-10.3.1
libvorbis0-1.3.3-10.3.1
libvorbis0-32bit-1.3.3-10.3.1
libvorbisenc2-1.3.3-10.3.1
libvorbisenc2-32bit-1.3.3-10.3.1
libvorbisfile3-1.3.3-10.3.1
libvorbisfile3-32bit-1.3.3-10.3.1
SUSE Linux Enterprise Server 12 SP3
libvorbis-doc-1.3.3-10.3.1
libvorbis0-1.3.3-10.3.1
libvorbis0-32bit-1.3.3-10.3.1
libvorbisenc2-1.3.3-10.3.1
libvorbisenc2-32bit-1.3.3-10.3.1
libvorbisfile3-1.3.3-10.3.1
libvorbisfile3-32bit-1.3.3-10.3.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
libvorbis-doc-1.3.3-10.3.1
libvorbis0-1.3.3-10.3.1
libvorbisenc2-1.3.3-10.3.1
libvorbisfile3-1.3.3-10.3.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
libvorbis-doc-1.3.3-10.3.1
libvorbis0-1.3.3-10.3.1
libvorbis0-32bit-1.3.3-10.3.1
libvorbisenc2-1.3.3-10.3.1
libvorbisenc2-32bit-1.3.3-10.3.1
libvorbisfile3-1.3.3-10.3.1
libvorbisfile3-32bit-1.3.3-10.3.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
libvorbis-doc-1.3.3-10.3.1
libvorbis0-1.3.3-10.3.1
libvorbis0-32bit-1.3.3-10.3.1
libvorbisenc2-1.3.3-10.3.1
libvorbisenc2-32bit-1.3.3-10.3.1
libvorbisfile3-1.3.3-10.3.1
libvorbisfile3-32bit-1.3.3-10.3.1
SUSE Linux Enterprise Software Development Kit 12 SP2
libvorbis-devel-1.3.3-10.3.1
SUSE Linux Enterprise Software Development Kit 12 SP3
libvorbis-devel-1.3.3-10.3.1
Ссылки
- Link for SUSE-SU-2018:0015-1
- E-Mail link for SUSE-SU-2018:0015-1
- SUSE Security Ratings
- SUSE Bug 1059809
- SUSE Bug 1059811
- SUSE CVE CVE-2017-14632 page
- SUSE CVE CVE-2017-14633 page
Описание
Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbis_analysis_headerout() in info.c when vi->channels<=0, a similar issue to Mozilla bug 550184.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:libvorbis0-1.3.3-10.3.1
SUSE Linux Enterprise Desktop 12 SP2:libvorbis0-32bit-1.3.3-10.3.1
SUSE Linux Enterprise Desktop 12 SP2:libvorbisenc2-1.3.3-10.3.1
SUSE Linux Enterprise Desktop 12 SP2:libvorbisenc2-32bit-1.3.3-10.3.1
Ссылки
- CVE-2017-14632
- SUSE Bug 1059809
Описание
In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbis_analysis().
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:libvorbis0-1.3.3-10.3.1
SUSE Linux Enterprise Desktop 12 SP2:libvorbis0-32bit-1.3.3-10.3.1
SUSE Linux Enterprise Desktop 12 SP2:libvorbisenc2-1.3.3-10.3.1
SUSE Linux Enterprise Desktop 12 SP2:libvorbisenc2-32bit-1.3.3-10.3.1
Ссылки
- CVE-2017-14633
- SUSE Bug 1059811
- SUSE Bug 1081833