[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 2039-1] libvorbis security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : libvorbis
Version        : 1.3.4-2+deb8u3
CVE ID         : CVE-2017-11333 CVE-2017-14633


Two issues have been found in libvorbis, a decoder library for Vorbis General Audio Compression Codec.

2017-14633

     In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read
     vulnerability exists in the function mapping0_forward() in
     mapping0.c, which may lead to DoS when operating on a crafted
     audio file with vorbis_analysis().

2017-11333

     The vorbis_analysis_wrote function in lib/block.c in Xiph.Org
     libvorbis 1.3.5 allows remote attackers to cause a denial of
     service (OOM) via a crafted wav file.


For Debian 8 "Jessie", these problems have been fixed in version
1.3.4-2+deb8u3.

We recommend that you upgrade your libvorbis packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl35HflfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEdbkBAAknZTSvwoaUD6ITtS9v9lnauD2s33Y/pSI3dxcSY/Nulbc3xNyMspve0T
08pbTSWKb1b0SZWw08vr7cAFdu7xusmq2h978AdiAhwtf/htPn2rRZ3mMJNzkBOe
Ltmbllq5R2OFqlOmyelsIyozoyAmayYVJUirR7MwkNv40Fb1/J8r1c9G2M+2lbJZ
NKtjPyxnFq1WMgOCLXo8gFf4l/mvf0eAM8+ScbaSZkeYNJsauQH+RNwkx0W1S0Jx
bZgIZYsrsXku7UlZJpMu0TKLJX1quTHwOlqQOidvaP5Z7j5e28r2Jyjq8OyVE/JY
JvX9YHHvIEFRTFRevarRfbgz3W76GCle5PSFvcqILe+pS9KEGxFDdjMOHg4aBvQG
LoJSoon1T/VOHzUhHRu8/FDWlkes80m6QHikX2Mw+LshpS8vuO6r97yr15UZ7Z6m
fgqYScumxGKIH6l3J6GNM+zolaVNz9/m2FYqrnVDoDAszYDIvJlOg8iHARPF96f0
mkymp1CZpWtFL6etGQdXkx3TbA6CzQfY38idSI+aHsbCcvadMOPDKnm5MXMoV/Th
T/ou0lmePEiaQvR2549EFLSwChJxbmNkSZttyXBqKGi35F1dXVATz9Ll+E0jt8wJ
c2d6LEzbVVh4A7S9nzCvA/JchxLY38c6SZ2AMTW1L+rjOMLqgRM=
=V+B7
-----END PGP SIGNATURE-----


Reply to: