openSUSE-SU-2017:2682-1

Опубликовано: 10 окт. 2017

Источник: suse-cvrf

Описание

Security update for mpg123

This update for mpg123 to version 1.25.7 fixes the following issues:

CVE-2017-10683: Improvement over previous fix for xrpnt overflow problems (boo#1046766)

The following changes are also included in version 1.25.7:

Do not play with cursor and inverse video for progress bar when TERM=dumb
Fix parsing of host port for numerical IPv6 addresses

Список пакетов

openSUSE Leap 42.3

libmpg123-0-1.25.7-10.1

libmpg123-0-32bit-1.25.7-10.1

libout123-0-1.25.7-10.1

libout123-0-32bit-1.25.7-10.1

mpg123-1.25.7-10.1

mpg123-devel-1.25.7-10.1

mpg123-devel-32bit-1.25.7-10.1

mpg123-esound-1.25.7-10.1

mpg123-esound-32bit-1.25.7-10.1

mpg123-jack-1.25.7-10.1

mpg123-jack-32bit-1.25.7-10.1

mpg123-openal-1.25.7-10.1

mpg123-openal-32bit-1.25.7-10.1

mpg123-portaudio-1.25.7-10.1

mpg123-portaudio-32bit-1.25.7-10.1

mpg123-pulse-1.25.7-10.1

mpg123-pulse-32bit-1.25.7-10.1

mpg123-sdl-1.25.7-10.1

mpg123-sdl-32bit-1.25.7-10.1

Ссылки

https://lists.opensuse.org/opensuse-updates/2017-10/msg00028.html
E-Mail link for openSUSE-SU-2017:2682-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

In mpg123 1.25.0, there is a heap-based buffer over-read in the convert_latin1 function in libmpg123/id3.c. A crafted input will lead to a remote denial of service attack.

Затронутые продукты

openSUSE Leap 42.3:libmpg123-0-1.25.7-10.1

openSUSE Leap 42.3:libmpg123-0-32bit-1.25.7-10.1

openSUSE Leap 42.3:libout123-0-1.25.7-10.1

openSUSE Leap 42.3:libout123-0-32bit-1.25.7-10.1

Ссылки

https://www.suse.com/security/cve/CVE-2017-10683.html
CVE-2017-10683
https://bugzilla.suse.com/1046766
SUSE Bug 1046766

openSUSE-SU-2017:2682-1

Описание

Список пакетов

openSUSE Leap 42.3

Ссылки

Уязвимость: CVE-2017-10683

Описание

Затронутые продукты

Ссылки