Updated mad packages fix security vulnerability
Publication date: 02 Jan 2018Modification date: 02 Jan 2018
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2017-8373 , CVE-2017-8374
Description
The mad_layer_III function in layer3.c in Underbit MAD libmad 0.15.1b
allows remote attackers to cause a denial of service (heap-based buffer
overflow and application crash) or possibly have unspecified other impact
via a crafted audio file (CVE-2017-8373).
The mad_bit_skip function in bit.c in Underbit MAD libmad 0.15.1b allows
remote attackers to cause a denial of service (heap-based buffer over-read
and application crash) via a crafted audio file (CVE-2017-8374).
References
- https://bugs.mageia.org/show_bug.cgi?id=20773
- http://openwall.com/lists/oss-security/2017/05/01/8
- http://openwall.com/lists/oss-security/2017/05/01/9
- https://security-tracker.debian.org/tracker/CVE-2017-8373
- https://security-tracker.debian.org/tracker/CVE-2017-8374
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8373
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8374
SRPMS
5/core
- mad-0.15.1b-17.4.mga5
6/core
- mad-0.15.1b-22.1.mga6