Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2017-0046)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2017.0046

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2017-0046)

Resumen: The remote host is missing an update for the 'audacious-plugins' package(s) announced via the MGASA-2017-0046 advisory.

Descripción: Summary:
The remote host is missing an update for the 'audacious-plugins' package(s) announced via the MGASA-2017-0046 advisory.

Vulnerability Insight:
Chris Evans discovered that incorrect emulation of the SPC700 audio
co-processor of the Super Nintendo Entertainment System allows the
execution of arbitrary code if a malformed SPC music file is opened
(CVE-2016-9957, CVE-2016-9958, CVE-2016-9959, CVE-2016-9960,
CVE-2016-9961).

These issues were previously fixed in MGASA-2016-0428 in the
game-music-emu library, but audacious-plugins contains a decoder built
with a bundled copy, which has been patched to fix the issues.

Affected Software/OS:
'audacious-plugins' package(s) on Mageia 5.

Solution:
Please install the updated package(s).

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2016-9957
BugTraq ID: 95305
http://www.securityfocus.com/bid/95305
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6LKMKVYS7AVB2EXC463FUYN6C6FABHME/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GGHAQI5Q2XDSPGRRKPJJM3A73VWAFSFL/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QHFKIFSFIDXOKFUKAH2MBNXDTY6DYBF6/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F7Z2OVERYM6NW3FGVGTJUNSL5ZNFSH2S/
https://security.gentoo.org/glsa/201707-02
https://scarybeastsecurity.blogspot.in/2016/12/redux-compromising-linux-using-snes.html
http://www.openwall.com/lists/oss-security/2016/12/15/11
SuSE Security Announcement: SUSE-SA:2016:3250 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00090.html
SuSE Security Announcement: openSUSE-SA:2017:0022 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00005.html
Common Vulnerability Exposure (CVE) ID: CVE-2016-9958
Common Vulnerability Exposure (CVE) ID: CVE-2016-9959
Common Vulnerability Exposure (CVE) ID: CVE-2016-9960
SuSE Security Announcement: SUSE-SU-2016:3250 (Google Search)
SuSE Security Announcement: openSUSE-SU-2017:0022 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2016-9961
https://scarybeastsecurity.blogspot.cz/2016/12/redux-compromising-linux-using-snes.html

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2017.0046
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2017-0046)
Resumen:	The remote host is missing an update for the 'audacious-plugins' package(s) announced via the MGASA-2017-0046 advisory.
Descripción:	Summary: The remote host is missing an update for the 'audacious-plugins' package(s) announced via the MGASA-2017-0046 advisory. Vulnerability Insight: Chris Evans discovered that incorrect emulation of the SPC700 audio co-processor of the Super Nintendo Entertainment System allows the execution of arbitrary code if a malformed SPC music file is opened (CVE-2016-9957, CVE-2016-9958, CVE-2016-9959, CVE-2016-9960, CVE-2016-9961). These issues were previously fixed in MGASA-2016-0428 in the game-music-emu library, but audacious-plugins contains a decoder built with a bundled copy, which has been patched to fix the issues. Affected Software/OS: 'audacious-plugins' package(s) on Mageia 5. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-9957 BugTraq ID: 95305 http://www.securityfocus.com/bid/95305 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6LKMKVYS7AVB2EXC463FUYN6C6FABHME/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GGHAQI5Q2XDSPGRRKPJJM3A73VWAFSFL/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QHFKIFSFIDXOKFUKAH2MBNXDTY6DYBF6/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F7Z2OVERYM6NW3FGVGTJUNSL5ZNFSH2S/ https://security.gentoo.org/glsa/201707-02 https://scarybeastsecurity.blogspot.in/2016/12/redux-compromising-linux-using-snes.html http://www.openwall.com/lists/oss-security/2016/12/15/11 SuSE Security Announcement: SUSE-SA:2016:3250 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00090.html SuSE Security Announcement: openSUSE-SA:2017:0022 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00005.html Common Vulnerability Exposure (CVE) ID: CVE-2016-9958 Common Vulnerability Exposure (CVE) ID: CVE-2016-9959 Common Vulnerability Exposure (CVE) ID: CVE-2016-9960 SuSE Security Announcement: SUSE-SU-2016:3250 (Google Search) SuSE Security Announcement: openSUSE-SU-2017:0022 (Google Search) Common Vulnerability Exposure (CVE) ID: CVE-2016-9961 https://scarybeastsecurity.blogspot.cz/2016/12/redux-compromising-linux-using-snes.html
Copyright	Copyright (C) 2022 Greenbone AG