Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2015-0094)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2015.0094

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2015-0094)

Resumen: The remote host is missing an update for the 'vorbis-tools' package(s) announced via the MGASA-2015-0094 advisory.

Descripción: Summary:
The remote host is missing an update for the 'vorbis-tools' package(s) announced via the MGASA-2015-0094 advisory.

Vulnerability Insight:
Updated vorbis-tools package fixes security vulnerabilities:

oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of
service (divide-by-zero error and crash) via a WAV file with the number of
channels set to zero (CVE-2014-9638).

Integer overflow in oggenc in vorbis-tools 1.4.0 allows remote attackers to
cause a denial of service (crash) via a crafted number of channels in a WAV
file, which triggers an out-of-bounds memory access (CVE-2014-9639).

Affected Software/OS:
'vorbis-tools' package(s) on Mageia 4.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2014-9638
20150119 vorbis-tools issues
http://seclists.org/fulldisclosure/2015/Jan/78
72290
http://www.securityfocus.com/bid/72290
FEDORA-2015-2330
http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150570.html
FEDORA-2015-2335
http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150543.html
[oss-security] 20150121 CVE request: two issues in vorbis-tools
http://www.openwall.com/lists/oss-security/2015/01/21/5
[oss-security] 20150122 Re: CVE request: two issues in vorbis-tools
http://www.openwall.com/lists/oss-security/2015/01/22/9
https://trac.xiph.org/ticket/2137
openSUSE-SU-2015:0522
http://lists.opensuse.org/opensuse-updates/2015-03/msg00054.html
Common Vulnerability Exposure (CVE) ID: CVE-2014-9639
72295
http://www.securityfocus.com/bid/72295
https://trac.xiph.org/ticket/2136

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2015.0094
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2015-0094)
Resumen:	The remote host is missing an update for the 'vorbis-tools' package(s) announced via the MGASA-2015-0094 advisory.
Descripción:	Summary: The remote host is missing an update for the 'vorbis-tools' package(s) announced via the MGASA-2015-0094 advisory. Vulnerability Insight: Updated vorbis-tools package fixes security vulnerabilities: oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a WAV file with the number of channels set to zero (CVE-2014-9638). Integer overflow in oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (crash) via a crafted number of channels in a WAV file, which triggers an out-of-bounds memory access (CVE-2014-9639). Affected Software/OS: 'vorbis-tools' package(s) on Mageia 4. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-9638 20150119 vorbis-tools issues http://seclists.org/fulldisclosure/2015/Jan/78 72290 http://www.securityfocus.com/bid/72290 FEDORA-2015-2330 http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150570.html FEDORA-2015-2335 http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150543.html [oss-security] 20150121 CVE request: two issues in vorbis-tools http://www.openwall.com/lists/oss-security/2015/01/21/5 [oss-security] 20150122 Re: CVE request: two issues in vorbis-tools http://www.openwall.com/lists/oss-security/2015/01/22/9 https://trac.xiph.org/ticket/2137 openSUSE-SU-2015:0522 http://lists.opensuse.org/opensuse-updates/2015-03/msg00054.html Common Vulnerability Exposure (CVE) ID: CVE-2014-9639 72295 http://www.securityfocus.com/bid/72295 https://trac.xiph.org/ticket/2136
Copyright	Copyright (C) 2022 Greenbone AG