Alerts This Week
Warning Icon 1 537
Alerts This Week
Warning Icon 1 537

openSUSE: 2018:0543-1 Important: Lame Buffer Overflow Fix

opensuse
Calendar Grey February 26, 2018
Dist Opensuse Esm H88
Safety patch for vulnerable points tackles several threats, incorporating crucial remedies for buffer overflow and memory concerns.
An update that fixes 12 vulnerabilities is now available.

Description

This update for lame fixes the following issues:

Lame was updated to version 3.100:

* Improved detection of MPEG audio data in RIFF WAVE files. sf#3545112

Invalid sampling detection

* New switch --gain , range -20.0 to +12.0, a more convenient

way to apply Gain adjustment in decibels, than the use of --scale

.

* Fix for sf#3558466 Bug in path handling

* Fix for sf#3567844 problem with Tag genre

* Fix for sf#3565659 no progress indication with pipe input

* Fix for sf#3544957 scale (empty) silent encode without warning

* Fix for sf#3580176 environment variable LAMEOPT doesn't work anymore

* Fix for sf#3608583 input file name displayed with wrong character

encoding (on windows console with CP_UTF8)

* Fix dereference NULL and Buffer not NULL terminated issues.

(CVE-2017-15019 bsc#1082317 CVE-2017-13712 bsc#1082399 CVE-2015-9100

bsc#1082401)

* Fix dereference of a null pointer possible in...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory update buffer overflow important SUSE memory lame

Patch

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

- SUSE Package Hub for SUSE Linux Enterprise 12:

zypper in -t patch openSUSE-2018-214=1

To bring your system up-to-date, use "zypper patch".

Package List

- SUSE Package Hub for SUSE Linux Enterprise 12 (aarch64 ppc64le s390x x86_64):

lame-3.100-6.1

lame-debuginfo-3.100-6.1

lame-debugsource-3.100-6.1

lame-doc-3.100-6.1

lame-mp3rtp-3.100-6.1

lame-mp3rtp-debuginfo-3.100-6.1

libmp3lame-devel-3.100-6.1

libmp3lame0-3.100-6.1

libmp3lame0-debuginfo-3.100-6.1

References

https://www.suse.com/security/cve/CVE-2015-9100.html

https://www.suse.com/security/cve/CVE-2015-9101.html

https://www.suse.com/security/cve/CVE-2017-11720.html

https://www.suse.com/security/cve/CVE-2017-13712.html

https://www.suse.com/security/cve/CVE-2017-15019.html

https://www.suse.com/security/cve/CVE-2017-9410.html

https://www.suse.com/security/cve/CVE-2017-9411.html

https://www.suse.com/security/cve/CVE-2017-9412.html

https://www.suse.com/security/cve/CVE-2017-9869.html

https://www.suse.com/security/cve/CVE-2017-9870.html

https://www.suse.com/security/cve/CVE-2017-9871.html

https://www.suse.com/security/cve/CVE-2017-9872.html

https://bugzilla.suse.com/1082311

https://bugzilla.suse.com/1082317

https://bugzilla.suse.com/1082333

https://bugzilla.suse.com/1082340

https://bugzilla.suse.com/1082391

https://bugzilla.suse.com/1082392

https://bugzilla.suse.com/1082393

https://bugzilla.suse.com/1082395

https://bugzilla.suse.com/1082397

https://bugzilla.suse.com/1082399

https://bugzilla.suse.com/1082400

https://bu...

Read the Full Advisory

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2018:0543-1
Rating: important
Affected Products: SUSE Package Hub for SUSE Linux Enterprise 12

Topics%20covered

Topics Covered

security advisory update buffer overflow important SUSE memory lame

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here