Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2018-0294)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.1.10.2018.0294

Category: Mageia Linux Local Security Checks

Title: Mageia: Security Advisory (MGASA-2018-0294)

Summary: The remote host is missing an update for the 'libvorbis' package(s) announced via the MGASA-2018-0294 advisory.

Description: Summary:
The remote host is missing an update for the 'libvorbis' package(s) announced via the MGASA-2018-0294 advisory.

Vulnerability Insight:
The updated packages fix security vulnerabilities:

The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis 1.3.5 allows
remote attackers to cause a denial of service (out-of-bounds access and
application crash) or possibly have unspecified other impact via a crafted mp4
file. (CVE-2017-14160)

mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the
number of channels, which allows remote attackers to cause a denial of service
(heap-based buffer overflow or over-read) or possibly have unspecified other
impact via a crafted file. (CVE-2018-10392)

bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based
buffer over-read. (CVE-2018-10393)

Affected Software/OS:
'libvorbis' package(s) on Mageia 5, Mageia 6.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2017-14160
BugTraq ID: 101045
http://www.securityfocus.com/bid/101045
https://security.gentoo.org/glsa/202003-36
http://openwall.com/lists/oss-security/2017/09/21/2
https://lists.debian.org/debian-lts-announce/2019/11/msg00031.html
https://lists.debian.org/debian-lts-announce/2021/11/msg00023.html
Common Vulnerability Exposure (CVE) ID: CVE-2018-10392
https://gitlab.xiph.org/xiph/vorbis/issues/2335
RedHat Security Advisories: RHSA-2019:3703
https://access.redhat.com/errata/RHSA-2019:3703
Common Vulnerability Exposure (CVE) ID: CVE-2018-10393
https://gitlab.xiph.org/xiph/vorbis/issues/2334

Copyright Copyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.1.10.2018.0294
Category:	Mageia Linux Local Security Checks
Title:	Mageia: Security Advisory (MGASA-2018-0294)
Summary:	The remote host is missing an update for the 'libvorbis' package(s) announced via the MGASA-2018-0294 advisory.
Description:	Summary: The remote host is missing an update for the 'libvorbis' package(s) announced via the MGASA-2018-0294 advisory. Vulnerability Insight: The updated packages fix security vulnerabilities: The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact via a crafted mp4 file. (CVE-2017-14160) mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service (heap-based buffer overflow or over-read) or possibly have unspecified other impact via a crafted file. (CVE-2018-10392) bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based buffer over-read. (CVE-2018-10393) Affected Software/OS: 'libvorbis' package(s) on Mageia 5, Mageia 6. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2017-14160 BugTraq ID: 101045 http://www.securityfocus.com/bid/101045 https://security.gentoo.org/glsa/202003-36 http://openwall.com/lists/oss-security/2017/09/21/2 https://lists.debian.org/debian-lts-announce/2019/11/msg00031.html https://lists.debian.org/debian-lts-announce/2021/11/msg00023.html Common Vulnerability Exposure (CVE) ID: CVE-2018-10392 https://gitlab.xiph.org/xiph/vorbis/issues/2335 RedHat Security Advisories: RHSA-2019:3703 https://access.redhat.com/errata/RHSA-2019:3703 Common Vulnerability Exposure (CVE) ID: CVE-2018-10393 https://gitlab.xiph.org/xiph/vorbis/issues/2334
Copyright	Copyright (C) 2022 Greenbone AG