[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1312-1] libvorbisidec security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : libvorbisidec
Version        : 1.0.2+svn18153-0.2+deb7u1
CVE ID         : CVE-2018-5147


Huzaifa Sidhpurwala discovered that an out-of-bounds memory write in the
codebook parsing code of the Libtremor multimedia library could result
in the execution of arbitrary code if a malformed Vorbis file is opened.


For Debian 7 "Wheezy", these problems have been fixed in version
1.0.2+svn18153-0.2+deb7u1.

We recommend that you upgrade your libvorbisidec packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQJ8BAEBCgBmBQJatBzrXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHiPwP/0G+HIZshmRqsrkB7MMCVmQm
Sc4nhM9jP4+AN0307ApGqPXgvp6CAWtPpd3twf4YIk883J9Y498VMKvMReoJm9Bl
j9FCRIAbQJ7va7JyUzClIFGSY6dyVuOBjP+EoLot/dzkKEcqrCiu7IRRMB+RLULV
n512AewSkArlcsVdVYVi1i8w8YBiLsjpnzfMx53oKfGt6Yc+912bjZd7OQL0iP/T
+sOjklrh6Z2dGrpdrx66aJPWe84aZjv45wYae+34sTizP+CpP9GOiHnLv/8tigU3
uZL1swqytplIgvvEde+0X9r7hD1ZdBxqXrZia3bpk38/F4lYmZOLet5avFXI9FqL
njxVCkChFhRzb5qVjvCA/jYo/a0+VoZ0ad+2wglxfZcnj2iEnfHBK7NS7Fxyufk1
sMRVZquve/5Qjz+PmZOGQbbcyKWkN8Wm8SypWonwV9t+hWxrpskFtVWD+3WJL+oS
/IHuQdA24rp6oMrror9z4e2RL/RdIJ3qUGqh70WGniAq57soy9p4C9s98sONfCAA
MROTvp7gQt+REDKXBB43hqMM5kSU85BUO+TRvXnOn2dCoo1H5DinvYkTZfFQLAZP
eiH+RaqwAa/v2oUIFxbe7QJcACuCnCjQ+/9AAIQq8WTkfEtuKqBlD8BfmAYovAuG
hh1nWNAHbOaDKeWwRSZv
=+zTi
-----END PGP SIGNATURE-----


Reply to: