Advisories » MGASA-2015-0430

Updated libebml packages fix security vulnerability

Publication date: 05 Nov 2015
Modification date: 05 Nov 2015
Type: security
Affected Mageia releases : 5

Description

In EbmlMaster::Read() in libebml before 1.3.3, when the parser encountered
a deeply nested element with an infinite size then a following element of
an upper level was not propagated correctly. Instead the element with the
infinite size was added into the EBML element tree a second time resulting
in memory access after freeing it and multiple attempts to free the same
memory address during destruction (TALOS-CAN-0037).

In EbmlUnicodeString::UpdateFromUTF8() in libebml before 1.3.3, when
reading from a UTF-8 string in which the length indicated by a UTF-8
character's first byte exceeds the string's actual number of bytes the
parser would access beyond the end of the string resulting in a heap
information leak (TALOS-CAN-0036).

The libebml package has been updated to version 1.3.3, which fixes these
issues and other bugs, including another invalid memory access issue.

The libmatroska package has also been rebuilt against the updated libebml
and updated to version 1.4.4, which also fixes an invalid memory access
issue and other bugs.  See the release announcements for details.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=17004
• http://talosintel.com/vulnerability-reports/
• http://lists.matroska.org/pipermail/matroska-users/2015-October/006981.html
• http://lists.matroska.org/pipermail/matroska-users/2015-October/006985.html

SRPMS

5/core

• libebml-1.3.3-1.mga5
• libmatroska-1.4.4-1.mga5