Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2018:0016-1

Опубликовано: 04 янв. 2018
Источник: suse-cvrf

Описание

Security update for libvorbis

This update for libvorbis fixes the following issues:

  • CVE-2017-14633: out-of-bounds array read vulnerability exists in function mapping0_forward() could lead to remote denial of service (bsc#1059811)
  • CVE-2017-14632: Remote Code Execution upon freeing uninitialized memory in function vorbis_analysis_headerout(bsc#1059809)

Список пакетов

SUSE Linux Enterprise Server 11 SP4
libvorbis-1.2.0-79.20.3.1
libvorbis-32bit-1.2.0-79.20.3.1
libvorbis-doc-1.2.0-79.20.3.1
libvorbis-x86-1.2.0-79.20.3.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4
libvorbis-1.2.0-79.20.3.1
libvorbis-32bit-1.2.0-79.20.3.1
libvorbis-doc-1.2.0-79.20.3.1
libvorbis-x86-1.2.0-79.20.3.1
SUSE Linux Enterprise Software Development Kit 11 SP4
libvorbis-devel-1.2.0-79.20.3.1

Ссылки

Описание

Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbis_analysis_headerout() in info.c when vi->channels<=0, a similar issue to Mozilla bug 550184.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:libvorbis-1.2.0-79.20.3.1
SUSE Linux Enterprise Server 11 SP4:libvorbis-32bit-1.2.0-79.20.3.1
SUSE Linux Enterprise Server 11 SP4:libvorbis-doc-1.2.0-79.20.3.1
SUSE Linux Enterprise Server 11 SP4:libvorbis-x86-1.2.0-79.20.3.1
Ссылки

Описание

In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbis_analysis().

Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:libvorbis-1.2.0-79.20.3.1
SUSE Linux Enterprise Server 11 SP4:libvorbis-32bit-1.2.0-79.20.3.1
SUSE Linux Enterprise Server 11 SP4:libvorbis-doc-1.2.0-79.20.3.1
SUSE Linux Enterprise Server 11 SP4:libvorbis-x86-1.2.0-79.20.3.1
Ссылки