Alerts This Week
Warning Icon 1 677
Alerts This Week
Warning Icon 1 677

openSUSE Leap 42.3: Important Security Update for Lame: Heap Overflow

opensuse
Calendar Grey February 26, 2018
Dist Opensuse Esm H88
This release for Fedora tackles significant vulnerabilities in libjpeg, enhancing both security measures and overall performance within the environment.
An update that fixes 12 vulnerabilities is now available.

Description

This update for lame fixes the following issues:

Lame was updated to version 3.100:

* Improved detection of MPEG audio data in RIFF WAVE files. sf#3545112

Invalid sampling detection

* New switch --gain , range -20.0 to +12.0, a more convenient

way to apply Gain adjustment in decibels, than the use of --scale

.

* Fix for sf#3558466 Bug in path handling

* Fix for sf#3567844 problem with Tag genre

* Fix for sf#3565659 no progress indication with pipe input

* Fix for sf#3544957 scale (empty) silent encode without warning

* Fix for sf#3580176 environment variable LAMEOPT doesn't work anymore

* Fix for sf#3608583 input file name displayed with wrong character

encoding (on windows console with CP_UTF8)

* Fix dereference NULL and Buffer not NULL terminated issues.

(CVE-2017-15019 bsc#1082317 CVE-2017-13712 bsc#1082399 CVE-2015-9100

bsc#1082401)

* Fix dereference of a null pointer possible in...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory buffer overflow memory safety important update openSUSE lame

Patch

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2018-214=1

To bring your system up-to-date, use "zypper patch".

Package List

- openSUSE Leap 42.3 (i586 x86_64):

lame-3.100-7.1

lame-debuginfo-3.100-7.1

lame-debugsource-3.100-7.1

lame-doc-3.100-7.1

lame-mp3rtp-3.100-7.1

lame-mp3rtp-debuginfo-3.100-7.1

libmp3lame-devel-3.100-7.1

libmp3lame0-3.100-7.1

libmp3lame0-debuginfo-3.100-7.1

- openSUSE Leap 42.3 (x86_64):

libmp3lame0-32bit-3.100-7.1

libmp3lame0-debuginfo-32bit-3.100-7.1

References

https://www.suse.com/security/cve/CVE-2015-9100.html

https://www.suse.com/security/cve/CVE-2015-9101.html

https://www.suse.com/security/cve/CVE-2017-11720.html

https://www.suse.com/security/cve/CVE-2017-13712.html

https://www.suse.com/security/cve/CVE-2017-15019.html

https://www.suse.com/security/cve/CVE-2017-9410.html

https://www.suse.com/security/cve/CVE-2017-9411.html

https://www.suse.com/security/cve/CVE-2017-9412.html

https://www.suse.com/security/cve/CVE-2017-9869.html

https://www.suse.com/security/cve/CVE-2017-9870.html

https://www.suse.com/security/cve/CVE-2017-9871.html

https://www.suse.com/security/cve/CVE-2017-9872.html

https://bugzilla.suse.com/1082311

https://bugzilla.suse.com/1082317

https://bugzilla.suse.com/1082333

https://bugzilla.suse.com/1082340

https://bugzilla.suse.com/1082391

https://bugzilla.suse.com/1082392

https://bugzilla.suse.com/1082393

https://bugzilla.suse.com/1082395

https://bugzilla.suse.com/1082397

https://bugzilla.suse.com/1082399

https://bugzilla.suse.com/1082400

https://bu...

Read the Full Advisory

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2018:0544-1
Rating: important
Affected Products: openSUSE Leap 42.3

Topics%20covered

Topics Covered

security advisory buffer overflow memory safety important update openSUSE lame

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here