Updated game-music-emu packages fix security vulnerabilities
Publication date: 29 Dec 2016Modification date: 29 Dec 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-9957 , CVE-2016-9958 , CVE-2016-9959 , CVE-2016-9960 , CVE-2016-9961
Description
Chris Evans discovered that incorrect emulation of the SPC700 audio co-processor of the Super Nintendo Entertainment System allows the execution of arbitrary code if a malformed SPC music file is opened (CVE-2016-9957, CVE-2016-9958, CVE-2016-9959, CVE-2016-9960, CVE-2016-9961).
References
- https://bugs.mageia.org/show_bug.cgi?id=19952
- http://scarybeastsecurity.blogspot.de/2016/12/redux-compromising-linux-using-snes.html
- https://www.debian.org/security/2016/dsa-3735
- http://openwall.com/lists/oss-security/2016/12/15/11
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9957
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9958
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9959
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9960
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9961
SRPMS
5/core
- game-music-emu-0.6.1-1.mga5