Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2018-0294)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2018.0294

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2018-0294)

Resumen: The remote host is missing an update for the 'libvorbis' package(s) announced via the MGASA-2018-0294 advisory.

Descripción: Summary:
The remote host is missing an update for the 'libvorbis' package(s) announced via the MGASA-2018-0294 advisory.

Vulnerability Insight:
The updated packages fix security vulnerabilities:

The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis 1.3.5 allows
remote attackers to cause a denial of service (out-of-bounds access and
application crash) or possibly have unspecified other impact via a crafted mp4
file. (CVE-2017-14160)

mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the
number of channels, which allows remote attackers to cause a denial of service
(heap-based buffer overflow or over-read) or possibly have unspecified other
impact via a crafted file. (CVE-2018-10392)

bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based
buffer over-read. (CVE-2018-10393)

Affected Software/OS:
'libvorbis' package(s) on Mageia 5, Mageia 6.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2017-14160
BugTraq ID: 101045
http://www.securityfocus.com/bid/101045
https://security.gentoo.org/glsa/202003-36
http://openwall.com/lists/oss-security/2017/09/21/2
https://lists.debian.org/debian-lts-announce/2019/11/msg00031.html
https://lists.debian.org/debian-lts-announce/2021/11/msg00023.html
Common Vulnerability Exposure (CVE) ID: CVE-2018-10392
https://gitlab.xiph.org/xiph/vorbis/issues/2335
RedHat Security Advisories: RHSA-2019:3703
https://access.redhat.com/errata/RHSA-2019:3703
Common Vulnerability Exposure (CVE) ID: CVE-2018-10393
https://gitlab.xiph.org/xiph/vorbis/issues/2334

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2018.0294
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2018-0294)
Resumen:	The remote host is missing an update for the 'libvorbis' package(s) announced via the MGASA-2018-0294 advisory.
Descripción:	Summary: The remote host is missing an update for the 'libvorbis' package(s) announced via the MGASA-2018-0294 advisory. Vulnerability Insight: The updated packages fix security vulnerabilities: The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact via a crafted mp4 file. (CVE-2017-14160) mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service (heap-based buffer overflow or over-read) or possibly have unspecified other impact via a crafted file. (CVE-2018-10392) bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based buffer over-read. (CVE-2018-10393) Affected Software/OS: 'libvorbis' package(s) on Mageia 5, Mageia 6. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2017-14160 BugTraq ID: 101045 http://www.securityfocus.com/bid/101045 https://security.gentoo.org/glsa/202003-36 http://openwall.com/lists/oss-security/2017/09/21/2 https://lists.debian.org/debian-lts-announce/2019/11/msg00031.html https://lists.debian.org/debian-lts-announce/2021/11/msg00023.html Common Vulnerability Exposure (CVE) ID: CVE-2018-10392 https://gitlab.xiph.org/xiph/vorbis/issues/2335 RedHat Security Advisories: RHSA-2019:3703 https://access.redhat.com/errata/RHSA-2019:3703 Common Vulnerability Exposure (CVE) ID: CVE-2018-10393 https://gitlab.xiph.org/xiph/vorbis/issues/2334
Copyright	Copyright (C) 2022 Greenbone AG