Advisories » MGASA-2019-0018

Updated libao packages fix security vulnerability

Publication date: 06 Jan 2019
Modification date: 06 Jan 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2017-11548

Description

A flaw was found in libao. The _tokenize_matrix function in audio_out.c
in Xiph.Org libao 1.2.0 can cause a denial of service(memory corruption)
via a crafted mp3 file (CVE-2017-11548).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=23402
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/LIZBEBMU7CW7K7KQ53E4OPSRTR6DZRNO/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11548

SRPMS

6/core

• libao-1.2.2-3.1.mga6