Advisories » MGASA-2014-0067

Updated mpg123 packages fix a buffer overflow

Publication date: 13 Feb 2014
Modification date: 16 Feb 2014
Type: security
Affected Mageia releases : 3 , 4

Description

Updated mpg123 packages fix security vulnerability:

mpg123 1.14.1 and later are vulnerable to a buffer overflow that could allow
a maliciously crafted audio file to crash applications that use the libmpg123
library.

mpg123 has been updated to version 1.18.0, which fixes this issue, as well as
several others.
                

References

• http://mpg123.org/cgi-bin/news.cgi
• https://bugs.mageia.org/show_bug.cgi?id=12503

SRPMS

4/core

• mpg123-1.18.0-1.mga4

3/core

• mpg123-1.18.0-1.mga3