Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2018-0294)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.1.10.2018.0294

Kategorie: Mageia Linux Local Security Checks

Titel: Mageia: Security Advisory (MGASA-2018-0294)

Zusammenfassung: The remote host is missing an update for the 'libvorbis' package(s) announced via the MGASA-2018-0294 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'libvorbis' package(s) announced via the MGASA-2018-0294 advisory.

Vulnerability Insight:
The updated packages fix security vulnerabilities:

The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis 1.3.5 allows
remote attackers to cause a denial of service (out-of-bounds access and
application crash) or possibly have unspecified other impact via a crafted mp4
file. (CVE-2017-14160)

mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the
number of channels, which allows remote attackers to cause a denial of service
(heap-based buffer overflow or over-read) or possibly have unspecified other
impact via a crafted file. (CVE-2018-10392)

bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based
buffer over-read. (CVE-2018-10393)

Affected Software/OS:
'libvorbis' package(s) on Mageia 5, Mageia 6.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2017-14160
BugTraq ID: 101045
http://www.securityfocus.com/bid/101045
https://security.gentoo.org/glsa/202003-36
http://openwall.com/lists/oss-security/2017/09/21/2
https://lists.debian.org/debian-lts-announce/2019/11/msg00031.html
https://lists.debian.org/debian-lts-announce/2021/11/msg00023.html
Common Vulnerability Exposure (CVE) ID: CVE-2018-10392
https://gitlab.xiph.org/xiph/vorbis/issues/2335
RedHat Security Advisories: RHSA-2019:3703
https://access.redhat.com/errata/RHSA-2019:3703
Common Vulnerability Exposure (CVE) ID: CVE-2018-10393
https://gitlab.xiph.org/xiph/vorbis/issues/2334

Copyright Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2018.0294
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2018-0294)
Zusammenfassung:	The remote host is missing an update for the 'libvorbis' package(s) announced via the MGASA-2018-0294 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'libvorbis' package(s) announced via the MGASA-2018-0294 advisory. Vulnerability Insight: The updated packages fix security vulnerabilities: The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact via a crafted mp4 file. (CVE-2017-14160) mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service (heap-based buffer overflow or over-read) or possibly have unspecified other impact via a crafted file. (CVE-2018-10392) bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based buffer over-read. (CVE-2018-10393) Affected Software/OS: 'libvorbis' package(s) on Mageia 5, Mageia 6. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2017-14160 BugTraq ID: 101045 http://www.securityfocus.com/bid/101045 https://security.gentoo.org/glsa/202003-36 http://openwall.com/lists/oss-security/2017/09/21/2 https://lists.debian.org/debian-lts-announce/2019/11/msg00031.html https://lists.debian.org/debian-lts-announce/2021/11/msg00023.html Common Vulnerability Exposure (CVE) ID: CVE-2018-10392 https://gitlab.xiph.org/xiph/vorbis/issues/2335 RedHat Security Advisories: RHSA-2019:3703 https://access.redhat.com/errata/RHSA-2019:3703 Common Vulnerability Exposure (CVE) ID: CVE-2018-10393 https://gitlab.xiph.org/xiph/vorbis/issues/2334
Copyright	Copyright (C) 2022 Greenbone AG