Fedora 23: vorbis-tools Security Update
Summary
Ogg Vorbis is a fully open, non-proprietary, patent- and royalty-free,
general-purpose compressed audio format for audio and music at fixed
and variable bitrates from 16 to 128 kbps/channel.
The vorbis package contains an encoder, a decoder, a playback tool, and a
comment editor.
Update Information:
- oggenc: fix large alloca on bad AIFF input (CVE-2015-6749)
Change Log
References
[ 1 ] Bug #1258424 - vorbis-tools: Bufer overflow in aiff_open function https://bugzilla.redhat.com/show_bug.cgi?id=1258424 [ 2 ] Bug #1258443 - CVE-2015-6749 vorbis-tools: invalid AIFF file causes alloca() buffer overflow https://bugzilla.redhat.com/show_bug.cgi?id=1258443
Update Instructions
This update can be installed with the "yum" update program. Use su -c 'yum update vorbis-tools' at the command line. For more information, refer to "Managing Software with yum", available at .