Pufferüberlauf in vorbis-tools
ID: | FEDORA-2015-14663 |
Distribution: | Fedora |
Plattformen: | Fedora 22 |
Datum: | Do, 17. September 2015, 08:03 |
Referenzen: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6749 |
Applikationen: | vorbis-tools |
Originalnachricht |
|
Name : vorbis-tools Product : Fedora 22 Version : 1.4.0 Release : 20.fc22 URL : http://www.xiph.org/ Summary : The Vorbis General Audio Compression Codec tools Description : Ogg Vorbis is a fully open, non-proprietary, patent- and royalty-free, general-purpose compressed audio format for audio and music at fixed and variable bitrates from 16 to 128 kbps/channel. The vorbis package contains an encoder, a decoder, a playback tool, and a comment editor. -------------------------------------------------------------------------------- Update Information: - oggenc: fix large alloca on bad AIFF input (CVE-2015-6749) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1258424 - vorbis-tools: Bufer overflow in aiff_open function https://bugzilla.redhat.com/show_bug.cgi?id=1258424 [ 2 ] Bug #1258443 - CVE-2015-6749 vorbis-tools: invalid AIFF file causes alloca() buffer overflow https://bugzilla.redhat.com/show_bug.cgi?id=1258443 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update vorbis-tools' at the command line. For more information, refer to "Managing Software with yum", available at https://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-announce |