Updated ming packages fix security vulnerability
Publication date: 03 Mar 2017Modification date: 03 Mar 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-9264 , CVE-2016-9265 , CVE-2016-9266 , CVE-2016-9827 , CVE-2016-9828 , CVE-2016-9829 , CVE-2016-9831
Description
Global-buffer-overflow in printMP3Headers. (CVE-2016-9264)
Divide-by-zero in printMP3Headers. (CVE-2016-9265)
Left shift in listmp3.c. (CVE-2016-9266)
Heap-based buffer overflow in _iprintf. (CVE-2016-9827)
NULL pointer dereference in dumpBuffer. (CVE-2016-9828)
Heap-based buffer overflow in parseSWF_DEFINEFONT. (CVE-2016-9829)
Heap-based buffer overflow in parseSWF_RGBA. (CVE-2016-9831)
References
- https://bugs.mageia.org/show_bug.cgi?id=19751
- http://openwall.com/lists/oss-security/2016/11/10/9
- http://openwall.com/lists/oss-security/2016/11/10/10
- http://openwall.com/lists/oss-security/2016/11/10/11
- http://openwall.com/lists/oss-security/2016/12/05/2
- http://openwall.com/lists/oss-security/2016/12/05/3
- http://openwall.com/lists/oss-security/2016/12/05/4
- http://openwall.com/lists/oss-security/2016/12/05/6
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9264
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9265
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9266
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9827
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9828
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9829
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9831
SRPMS
5/core
- ming-0.4.5-8.1.mga5