Updated audacious-plugins packages fix security vulnerability
Publication date: 11 Feb 2017Modification date: 11 Feb 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-9957 , CVE-2016-9958 , CVE-2016-9959 , CVE-2016-9960 , CVE-2016-9961
Description
Chris Evans discovered that incorrect emulation of the SPC700 audio
co-processor of the Super Nintendo Entertainment System allows the
execution of arbitrary code if a malformed SPC music file is opened
(CVE-2016-9957, CVE-2016-9958, CVE-2016-9959, CVE-2016-9960,
CVE-2016-9961).
These issues were previously fixed in MGASA-2016-0428 in the
game-music-emu library, but audacious-plugins contains a decoder built
with a bundled copy, which has been patched to fix the issues.
References
- https://bugs.mageia.org/show_bug.cgi?id=20177
- http://advisories.mageia.org/MGASA-2016-0428.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9957
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9958
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9959
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9960
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9961
SRPMS
5/core
- audacious-plugins-3.5.2-2.1.mga5
5/tainted
- audacious-plugins-3.5.2-2.1.mga5.tainted