Описание
Recommended update for mpg123
This update for mpg123 fixes the following issues:
-
Update to version 1.25.6
- Hotfix for bug 255: Overflow reading frame data bits in layer II decoding. Now, all-zero data is returned if the frame data is exhausted. This might have a slight impact on performance, but not easily measurable so far.
-
Update to version 1.25.5
- Avoid another buffer read overflow in the ID3 parser on 32 bit platforms (bug 254). (CVE-2017-12797/boo#1056999)
-
Update to version 1.25.4 libmpg123:
- Prevent harmless call to memcpy(NULL, NULL, 0).
- More early checking of ID3v2 encoding values to avoid bogus text being stored.
Список пакетов
openSUSE Leap 42.3
libmpg123-0-1.25.6-7.1
libmpg123-0-32bit-1.25.6-7.1
libout123-0-1.25.6-7.1
libout123-0-32bit-1.25.6-7.1
mpg123-1.25.6-7.1
mpg123-devel-1.25.6-7.1
mpg123-devel-32bit-1.25.6-7.1
mpg123-esound-1.25.6-7.1
mpg123-esound-32bit-1.25.6-7.1
mpg123-jack-1.25.6-7.1
mpg123-jack-32bit-1.25.6-7.1
mpg123-openal-1.25.6-7.1
mpg123-openal-32bit-1.25.6-7.1
mpg123-portaudio-1.25.6-7.1
mpg123-portaudio-32bit-1.25.6-7.1
mpg123-pulse-1.25.6-7.1
mpg123-pulse-32bit-1.25.6-7.1
mpg123-sdl-1.25.6-7.1
mpg123-sdl-32bit-1.25.6-7.1
Ссылки
- E-Mail link for openSUSE-SU-2017:2409-1
- SUSE Security Ratings
Описание
Integer overflow in the INT123_parse_new_id3 function in the ID3 parser in mpg123 before 1.25.5 on 32-bit platforms allows remote attackers to cause a denial of service via a crafted file, which triggers a heap-based buffer overflow.
Затронутые продукты
openSUSE Leap 42.3:libmpg123-0-1.25.6-7.1
openSUSE Leap 42.3:libmpg123-0-32bit-1.25.6-7.1
openSUSE Leap 42.3:libout123-0-1.25.6-7.1
openSUSE Leap 42.3:libout123-0-32bit-1.25.6-7.1
Ссылки
- CVE-2017-12797
- SUSE Bug 1046766
- SUSE Bug 1056999