Fedora 23: vorbis-tools Security Update - Critical Buffer Overflow Fix
fedora
September 4, 2015
- oggenc: fix large alloca on bad AIFF input (CVE-2015-6749)
Summary
Ogg Vorbis is a fully open, non-proprietary, patent- and royalty-free,
general-purpose compressed audio format for audio and music at fixed
and variable bitrates from 16 to 128 kbps/channel.
The vorbis package contains an encoder, a decoder, a playback tool, and a
comment editor.
Update Information:
- oggenc: fix large alloca on bad AIFF input (CVE-2015-6749)
Topics Covered
Change Log
References
[ 1 ] Bug #1258424 - vorbis-tools: Bufer overflow in aiff_open function
https://bugzilla.redhat.com/show_bug.cgi?id=1258424
[ 2 ] Bug #1258443 - CVE-2015-6749 vorbis-tools: invalid AIFF file causes alloca() buffer overflow
https://bugzilla.redhat.com/show_bug.cgi?id=1258443
Update Instructions
This update can be installed with the "yum" update program. Use su -c 'yum update vorbis-tools' at the command line. For more information, refer to "Managing Software with yum", available at .
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Name: vorbis-tools
Product: Fedora 23
Version: 1.4.0
Release: 22.fc23
Summary: The Vorbis General Audio Compression Codec tools
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!