Advisories » MGASA-2019-0059

Updated libvorbis packages fix security vulnerabilities

Publication date: 31 Jan 2019
Modification date: 31 Jan 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2017-11735 , CVE-2017-11333

Description

The vorbis library version 1.3.6  fix security vulnerabilities:
- CVE-2017-11735 libvorbis: NULL pointer dereference in
vorbis_block_clear function in lib/block.c 
- CVE-2017-11333 libvorbis: Memory exhaustion in vorbis_analysis_wrote
function in lib/block.c
                

References

• https://bugs.mageia.org/show_bug.cgi?id=24252
• https://lists.opensuse.org/opensuse-updates/2018-05/msg00067.html
• http://lists.suse.com/pipermail/sle-security-updates/2018-June/004158.html
• https://lists.opensuse.org/opensuse-updates/2018-06/msg00047.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11735
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11333

SRPMS

6/core

• libvorbis-1.3.6-1.mga6