openSUSE-SU-2018:1622-1

Опубликовано: 09 июн. 2018

Источник: suse-cvrf

Описание

Security update for libvorbis

This update for libvorbis fixes the following issues:

The following security issue was fixed:

Fixed the validation of channels in mapping0_forward(), which previously allowed remote attackers to cause a denial of service via specially crafted files (CVE-2018-10392, bsc#1091070)

This update was imported from the SUSE:SLE-12:Update update project.

Список пакетов

openSUSE Leap 42.3

libvorbis-1.3.3-17.1

libvorbis-devel-1.3.3-17.1

libvorbis-doc-1.3.3-17.1

libvorbis0-1.3.3-17.1

libvorbis0-32bit-1.3.3-17.1

libvorbisenc2-1.3.3-17.1

libvorbisenc2-32bit-1.3.3-17.1

libvorbisfile3-1.3.3-17.1

libvorbisfile3-32bit-1.3.3-17.1

Ссылки

https://lists.opensuse.org/opensuse-security-announce/2018-06/msg00013.html
E-Mail link for openSUSE-SU-2018:1622-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service (heap-based buffer overflow or over-read) or possibly have unspecified other impact via a crafted file.

Затронутые продукты

openSUSE Leap 42.3:libvorbis-1.3.3-17.1

openSUSE Leap 42.3:libvorbis-devel-1.3.3-17.1

openSUSE Leap 42.3:libvorbis-doc-1.3.3-17.1

openSUSE Leap 42.3:libvorbis0-1.3.3-17.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-10392.html
CVE-2018-10392
https://bugzilla.suse.com/1091070
SUSE Bug 1091070

openSUSE-SU-2018:1622-1

Описание

Список пакетов

openSUSE Leap 42.3

Ссылки

Уязвимость: CVE-2018-10392

Описание

Затронутые продукты

Ссылки