Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -5 articles for you...
89
security advisoryfedorasoftware updateFedora 29: FEDORA-2019-e0d49261b9 Critical: ming Heap Overflow
Fixes: CVE-2018-6358, CVE-2018-7867, CVE-2018-7868, CVE-2018-7870, CVE-2018-7871, CVE-2018-7872, CVE-2018-7875, CVE-2018-9165.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2019-e0d49261b9 2019-03-06 06:57:11.061171 --------------------------------------------------------------------------------Name : ming Product : Fedora 29 Version : 0.4.9 Release : 0.1.20181112git5009802.fc29 URL : Summary : A library for generating Macromedia Flash files Description : Ming is a library for generating Macromedia Flash files (.swf), written in C, and includes useful utilities for working with .swf files. --------------------------------------------------------------------------------Update Information: Fixes: CVE-2018-6358, CVE-2018-7867, CVE-2018-7868, CVE-2018-7870, CVE-2018-7871, CVE-2018-7872, CVE-2018-7875, CVE-2018-9165. --------------------------------------------------------------------------------ChangeLog: * Mon Feb 25 2019 Dominik Mierzejewski - 0.4.9-0.1.20181112git5009802 - sync with upstream git - fixes: CVE-2018-6358, CVE-2018-7867, CVE-2018-7868, CVE-2018-7870, CVE-2018-7871, CVE-2018-7872, CVE-2018-7875, CVE-2018-9165 --------------------------------------------------------------------------------References: [ 1 ] Bug #1539898 - CVE-2018-6358 ming: Heap-based buffer overflow in printDefineFont2 function in util/listfdb.c https://bugzilla.redhat.com/show_bug.cgi?id=1539898 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-e0d49261b9' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Mar 06, 2019
•Critical
Fedora
197
security advisorymoderateDebianDebian 7 DLA-980-1 Moderate: Ming Integer Overflow Threat
It was found that ming, a library to parse and generate SWF (Flash) files, is susceptible to an integer overflow that would lead into out of bound memory writes via a maliciously crafted file. . Hash: SHA256 Package : ming Version : 1:0.4.4-1.1+deb7u3 CVE ID : CVE-2017-8782 It was found that ming, a library to parse and generate SWF (Flash) files, is susceptible to an integer overflow that would lead into out of bound memory writes via a maliciously crafted file. For Debian 7 "Wheezy", these problems have been fixed in version 1:0.4.4-1.1+deb7u3. We recommend that you upgrade your ming packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Integer overflow issue identified in ming library impacting SWF documents. Users on Debian 7 should update for enhanced security.. ming library, integer overflow, Debian update, memory safety, SWF files. . LinuxSecurity.com Team
Jun 06, 2017
Debian LTS
89
security advisorycritical issuesoftware updateFedora 25: ming Security Update: Critical Heap Overflow Fixes Included
Release 0.4.8 (no ABI or API changes) * Add PHP7 compatibility * Fix C++ output of disassembler * Fix heap overflows in parser.c (CVE-2017-7578) * Avoid division by zero in listmp3 when no valid frame was found (CVE-2016-9265) * Don't try printing unknown block (CVE-2016-9828) * Parse Protect tag's Password as string (CVE-2016-9827) * Check values before deriving malloc. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2017-d43d46f1ca 2017-04-19 03:08:24.315919 --------------------------------------------------------------------------------Name : ming Product : Fedora 25 Version : 0.4.8 Release : 1.fc25 URL : Summary : A library for generating Macromedia Flash files Description : Ming is a library for generating Macromedia Flash files (.swf), written in C, and includes useful utilities for working with .swf files. --------------------------------------------------------------------------------Update Information: Release 0.4.8 (no ABI or API changes) * Add PHP7 compatibility * Fix C++ output of disassembler * Fix heap overflows in parser.c (CVE-2017-7578) * Avoid division by zero in listmp3 when no valid frame was found (CVE-2016-9265) * Don't try printing unknown block (CVE-2016-9828) * Parse Protect tag's Password as string (CVE-2016-9827) * Check values before deriving malloc parameters from them in parser.c (CVE-2016-9829) * Make readString() stop reading string past buffer's end * Return EOF when reading unsigned values hits end of memory backed buffer * Exit immediately when unexpected EOF is by fgetc() in utility programs (CVE-2016-9831) * Fix using EOF marker -1 value as a valid flag byte (CVE-2016-9266) * Fix division by zero sample rate due to global buffer overflow (CVE-2016-9264, CVE-2016-9265) --------------------------------------------------------------------------------References: [ 1 ] Bug #1438687 - CVE-2016-9264 CVE-2016-9265CVE-2016-9266 CVE-2016-9827 CVE-2016-9828 CVE-2016-9829 CVE-2016-9831 ming: Multiple security vulnerabilities [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1438687 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade ming' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Apr 19, 2017
•Critical
Fedora
197
security advisorybuffer overflowdebianDebian 7: DLA-890-1 Critical: Ming Buffer Overflow Advisory
It was discovered that there were multiple heap-based buffer overflows in ming, a library to generate SWF (Flash) files. The updated packages prevent a crash in the "listswf" utility due to a . Hash: SHA256 Package : ming Version : 1:0.4.4-1.1+deb7u2 CVE ID : CVE-2017-7578 It was discovered that there were multiple heap-based buffer overflows in ming, a library to generate SWF (Flash) files. The updated packages prevent a crash in the "listswf" utility due to a heap-based buffer overflow in the parseSWF_RGBA function and several other functions in parser.c. AddressSanitizer flagged them as invalid writes "of size 1" but the heap could be written to multiple times. The overflows are caused by a pointer behind the bounds of a statically allocated array of structs of type SWF_GRADIENTRECORD. For Debian 7 "Wheezy", this issue has been fixed in ming version 1:0.4.4-1.1+deb7u2. We recommend that you upgrade your ming packages. Regards, - -- ,'`. : :' : Chris Lamb `. `'`
Apr 10, 2017
•Critical
Debian LTS
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!