Описание
Security update for libvorbis
This update for libvorbis fixes the following issues:
- CVE-2017-14633: out-of-bounds array read vulnerability exists in function mapping0_forward() could lead to remote denial of service (bsc#1059811)
- CVE-2017-14632: Remote Code Execution upon freeing uninitialized memory in function vorbis_analysis_headerout(bsc#1059809)
This update was imported from the SUSE:SLE-12:Update update project.
Список пакетов
openSUSE Leap 42.2
libvorbis-1.3.3-8.1
libvorbis-devel-1.3.3-8.1
libvorbis-doc-1.3.3-8.1
libvorbis0-1.3.3-8.1
libvorbis0-32bit-1.3.3-8.1
libvorbisenc2-1.3.3-8.1
libvorbisenc2-32bit-1.3.3-8.1
libvorbisfile3-1.3.3-8.1
libvorbisfile3-32bit-1.3.3-8.1
openSUSE Leap 42.3
libvorbis-1.3.3-8.1
libvorbis-devel-1.3.3-8.1
libvorbis-doc-1.3.3-8.1
libvorbis0-1.3.3-8.1
libvorbis0-32bit-1.3.3-8.1
libvorbisenc2-1.3.3-8.1
libvorbisenc2-32bit-1.3.3-8.1
libvorbisfile3-1.3.3-8.1
libvorbisfile3-32bit-1.3.3-8.1
Ссылки
- E-Mail link for openSUSE-SU-2018:0047-1
- SUSE Security Ratings
Описание
Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbis_analysis_headerout() in info.c when vi->channels<=0, a similar issue to Mozilla bug 550184.
Затронутые продукты
openSUSE Leap 42.2:libvorbis-1.3.3-8.1
openSUSE Leap 42.2:libvorbis-devel-1.3.3-8.1
openSUSE Leap 42.2:libvorbis-doc-1.3.3-8.1
openSUSE Leap 42.2:libvorbis0-1.3.3-8.1
Ссылки
- CVE-2017-14632
- SUSE Bug 1059809
Описание
In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbis_analysis().
Затронутые продукты
openSUSE Leap 42.2:libvorbis-1.3.3-8.1
openSUSE Leap 42.2:libvorbis-devel-1.3.3-8.1
openSUSE Leap 42.2:libvorbis-doc-1.3.3-8.1
openSUSE Leap 42.2:libvorbis0-1.3.3-8.1
Ссылки
- CVE-2017-14633
- SUSE Bug 1059811
- SUSE Bug 1081833