1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 4141-1] libvorbisidec security update

    From Salvatore Bonaccorso@1:229/2 to All on Fri Mar 16 22:20:01 2018
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-4141-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso
    March 16, 2018 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : libvorbisidec
    CVE ID : CVE-2018-5147
    Debian Bug : 893132

    Huzaifa Sidhpurwala discovered that an out-of-bounds memory write in the codebook parsing code of the Libtremor multimedia library could result
    in the execution of arbitrary code if a malformed Vorbis file is opened.

    For the oldstable distribution (jessie), this problem has been fixed
    in version 1.0.2+svn18153-1~deb8u2.

    For the stable distribution (stretch), this problem has been fixed in
    version 1.0.2+svn18153-1+deb9u1.

    We recommend that you upgrade your libvorbisidec packages.

    For the detailed security status of libvorbisidec please refer to its
    security tracker page at: https://security-tracker.debian.org/tracker/libvorbisidec

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----

    iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlqsMoZfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0RusxAAky9XYo+9XeZK8rUyu91/MFSvOwCxgHahp9DVQ7mTc2W8RTLAW/NDN2Rg HOGb9Mz//l631kmK5pxk778WRcRPxD8F7M1BuR726onh1WsvrMMFrYqaSyN+9rtO Q2CoF3SD5GcyzOLe25+HudW32hIH3Qh0m18aPQo6Bl7QVluxg0Sk/OHArccMlE9t /N2Z+5WccjDPZW/ZDJXlaKflkXf66Npe9QZGY45VdBFygz24pqw1NV3Hpl4U93cw rCywm/9UnGti1s4yRCr/55Lil8Afnm5cj2HfibHqcpBfpMGY98sKfY3N03YE/ZO2 4tHwxqI1o/8SoktkcXrltnqd0eYGGR0CDPccJ6yoFAjfMX6WNSTJwauWMZZ0yDko GRQv/ZhKVTvmEDgPTbJD3xflKmO5UDcgbLOq8MjdoBUOvbYgrkksrERodnzqRYcO 8/NXw+a0dmUcEnqtcBAQKqHejGlibsFsKlKFIUR8kos5efXaI3+6aLHJmahTwlW+ SOc7amh9xEa0eF/MKSSl9bGBNMMSJlnIarIe+pwurdeDPLECvM1XieJZYU9ue5v0 yrlZS3t9nmCdtyp/6yHbAQ65I4rMlnn0s2utfH3/15KadGvxuPLyROVeY/ZWMTor HmPLHlACNYRU/b+/9IDRu47IcgPI3iXkJCFCeAPKWHdAb/CEkAI=
    =hYbe
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)