Описание
Security update for libvorbis
This update for libvorbis fixes the following issues:
Security issues fixed:
- CVE-2018-10393: Fixed stack-based buffer over-read in bark_noise_hybridm (bsc#1091072).
- CVE-2017-14160: Fixed out-of-bounds access inside bark_noise_hybridmp function (bsc#1059812).
Список пакетов
SUSE Linux Enterprise Server 11 SP4
libvorbis-1.2.0-79.20.11.1
libvorbis-32bit-1.2.0-79.20.11.1
libvorbis-doc-1.2.0-79.20.11.1
libvorbis-x86-1.2.0-79.20.11.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4
libvorbis-1.2.0-79.20.11.1
libvorbis-32bit-1.2.0-79.20.11.1
libvorbis-doc-1.2.0-79.20.11.1
libvorbis-x86-1.2.0-79.20.11.1
SUSE Linux Enterprise Software Development Kit 11 SP4
libvorbis-devel-1.2.0-79.20.11.1
Ссылки
- Link for SUSE-SU-2018:1321-1
- E-Mail link for SUSE-SU-2018:1321-1
- SUSE Security Ratings
- SUSE Bug 1059812
- SUSE Bug 1091072
- SUSE CVE CVE-2017-14160 page
- SUSE CVE CVE-2018-10393 page
Описание
The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact via a crafted mp4 file.
Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:libvorbis-1.2.0-79.20.11.1
SUSE Linux Enterprise Server 11 SP4:libvorbis-32bit-1.2.0-79.20.11.1
SUSE Linux Enterprise Server 11 SP4:libvorbis-doc-1.2.0-79.20.11.1
SUSE Linux Enterprise Server 11 SP4:libvorbis-x86-1.2.0-79.20.11.1
Ссылки
- CVE-2017-14160
- SUSE Bug 1059812
- SUSE Bug 1091072
Описание
bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based buffer over-read.
Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:libvorbis-1.2.0-79.20.11.1
SUSE Linux Enterprise Server 11 SP4:libvorbis-32bit-1.2.0-79.20.11.1
SUSE Linux Enterprise Server 11 SP4:libvorbis-doc-1.2.0-79.20.11.1
SUSE Linux Enterprise Server 11 SP4:libvorbis-x86-1.2.0-79.20.11.1
Ссылки
- CVE-2018-10393
- SUSE Bug 1091072