Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 15 articles for you...
99
security advisorybuffer overflowcriticalSlackware 15.0 mpg123 Critical Memory Malfunction Noted SSA-2026-117-03
New mpg123 packages are available for Slackware 15.0 and -current to fix security issues.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mpg123 (SSA:2026-117-01) New mpg123 packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: +--------------------------+ patches/packages/mpg123-1.33.5-i586-1.txz: Upgraded. mpg123: Fix generic control mode for largefile-sensitive builds, where 32 bit off_t was used with mpg123 API calls expecting 64 bit off_t. I am appalled that it took a user on 32 bit ARM and a specific https stream to notice this (bug 385, regression since 1.32.0). The security impact of this could be serious, with memory corruption including segfault being observed. mpg123-id3dump, out123: Enable 64 bit offset usage on largefile-sensitive platforms (regression since 1.32.0). (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 15.0: ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/mpg123-1.33.5-i586-1.txz Updated package for Slackware x86_64 15.0: ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/mpg123-1.33.5-x86_64-1.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/ap/mpg123-1.33.5-i686-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/ap/mpg123-1.33.5-x86_64-1.txz MD5 signatures: +-------------+ Slackware 15.0 package: bd4f65444573e2cc9d3999a0766de186 mpg123-1.33.5-i586-1.txz Slackware x86_64 15.0 package: 3c17340d48fab50bdc6fdde88f326210 mpg123-1.33.5-x86_64-1.txz Slackware -current package: f602fd32c4a0ea9825be656ce9685c69 ap/mpg123-1.33.5-i686-1.txz Slackware x86_64 -current package: 05b4c479a15ddbc5b6d44ff4b617d1a4 ap/mpg123-1.33.5-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg mpg123-1.33.5-i586-1.txz +-----+ . Urgent slackware mpg123 security advisory addresses critical memory corruption issues requiring immediate updates.. Slackware security, MPG123 patch, memory corruption fix, Linux advisory. . Severity: Critical. LinuxSecurity.com Team
Apr 27, 2026
•Critical
Slackware
217
security advisorymoderatesecurity updateOracle Linux 9 ELSA-2024-11242 Moderate: mpg123 buffer overflow
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2024-11242 http://linux.oracle.com/errata/ELSA-2024-11242.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: mpg123-1.32.9-1.el9_5.x86_64.rpm mpg123-libs-1.32.9-1.el9_5.i686.rpm mpg123-libs-1.32.9-1.el9_5.x86_64.rpm mpg123-plugins-pulseaudio-1.32.9-1.el9_5.x86_64.rpm mpg123-devel-1.32.9-1.el9_5.i686.rpm mpg123-devel-1.32.9-1.el9_5.x86_64.rpm aarch64: mpg123-1.32.9-1.el9_5.aarch64.rpm mpg123-libs-1.32.9-1.el9_5.aarch64.rpm mpg123-plugins-pulseaudio-1.32.9-1.el9_5.aarch64.rpm mpg123-devel-1.32.9-1.el9_5.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates//mpg123-1.32.9-1.el9_5.src.rpm Related CVEs: CVE-2024-10573 Description of changes: [1.32.9-1] - Rebase to 1.32.9, includes patch for CVE-2024-10573 Resolves: RHEL-65445 [1.26.2-6] - Add patch for CVE-2024-10573 Resolves: RHEL-65445 _______________________________________________ El-errata mailing list
Dec 20, 2024
Oracle
217
security advisorymoderateupdateOracle Linux 8: ELSA-2024-11193 moderate: mpg123 security updates
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2024-11193 http://linux.oracle.com/errata/ELSA-2024-11193.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: mpg123-1.32.9-1.el8_10.x86_64.rpm mpg123-libs-1.32.9-1.el8_10.i686.rpm mpg123-libs-1.32.9-1.el8_10.x86_64.rpm mpg123-plugins-pulseaudio-1.32.9-1.el8_10.x86_64.rpm mpg123-devel-1.32.9-1.el8_10.i686.rpm mpg123-devel-1.32.9-1.el8_10.x86_64.rpm aarch64: mpg123-1.32.9-1.el8_10.aarch64.rpm mpg123-libs-1.32.9-1.el8_10.aarch64.rpm mpg123-plugins-pulseaudio-1.32.9-1.el8_10.aarch64.rpm mpg123-devel-1.32.9-1.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//mpg123-1.32.9-1.el8_10.src.rpm Related CVEs: CVE-2024-10573 Description of changes: [1.25.10-2] - Rebase to 1.32.9, includes patch for CVE-2024-10573 - Resolves: RHEL-65443 _______________________________________________ El-errata mailing list
Dec 19, 2024
Oracle
172
security advisorycode executionDoSUbuntu 20.04 LTS USN-7092-2 critical: mpg123 DoS and code execution
mpg123 could be made to crash or run programs as your login if it opened a specially crafted file.. ========================================================================== Ubuntu Security Notice USN-7092-2 November 27, 2024 mpg123 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS Summary: mpg123 could be made to crash or run programs as your login if it opened a specially crafted file. Software Description: - mpg123: MPEG layer 1/2/3 audio player Details: USN-7092-1 fixed a vulnerability in mpg123. Bastien Roucariès discovered that the fix was incomplete on Ubuntu 20.04 LTS. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that mpg123 incorrectly handled certain mp3 files. If a user or automated system were tricked into opening a specially crafted mp3 file, a remote attacker could use this issue to cause mpg123 to crash, resulting in a denial of service, or possibly execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS libmpg123-0 1.25.13-1ubuntu0.2 mpg123 1.25.13-1ubuntu0.2 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7092-2 https://ubuntu.com/security/notices/USN-7092-1 CVE-2024-10573, https://bugs.launchpad.net/ubuntu/+source/mpg123/+bug/2089680 Package Information: https://launchpad.net/ubuntu/+source/mpg123/1.25.13-1ubuntu0.2 . Ubuntu 20.04 LTS mpg123 patch addresses vulnerabilities leading to potential remote crashes and code execution risks. Ensure your system is secure by applying the latest updates!. mpg123, Ubuntu 20.04, security updates. . Severity: Critical. LinuxSecurity.com Team
Nov 27, 2024
•Critical
Ubuntu
197
security advisoryheap corruptionmpg123Debian 11: DLA-3967-1 critical: mpg123 out-of-bounds write flaw
mpg123 a popular MPEG layer 1/2/3 audio player was afected by a vulnerability. An out-of-bounds write flaw was found in mpg123 when handling crafted . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3967-1
Nov 26, 2024
•Critical
Debian LTS
203
security advisoryhigh severityheap corruptionMageia 9: MGASA-2024-0358 High: mpg123 out-of-bounds execution risk
An out-of-bounds write flaw was found in mpg123 when handling crafted streams. When decoding PCM, the libmpg123 may write past the end of a heap-located buffer. Consequently, heap corruption may happen, and arbitrary code execution may not be dismissed. The complexity required to exploit this flaw is considered high as the payload must be validated by . MGASA-2024-0358 - Updated mpg123 packages fix security vulnerability Publication date: 12 Nov 2024 URL: https://advisories.mageia.org/MGASA-2024-0358.html Type: security Affected Mageia releases: 9 CVE: CVE-2024-10573 An out-of-bounds write flaw was found in mpg123 when handling crafted streams. When decoding PCM, the libmpg123 may write past the end of a heap-located buffer. Consequently, heap corruption may happen, and arbitrary code execution may not be dismissed. The complexity required to exploit this flaw is considered high as the payload must be validated by the MPEG decoder and the PCM synth before execution. Additionally, to successfully execute the attack, the user must scan through the stream, making web live stream content (such as web radios) a very unlikely attack vector. (CVE-2024-10573) References: - https://bugs.mageia.org/show_bug.cgi?id=33711 - https://www.openwall.com/lists/oss-security/2024/10/30/2 - https://www.openwall.com/lists/oss-security/2024/10/30/3 - https://www.openwall.com/lists/oss-security/2024/10/31/4 - https://www.openwall.com/lists/oss-security/2024/11/01/2 - https://www.cve.org/CVERecord?id=CVE-2024-10573 SRPMS: - 9/core/mpg123-1.31.3-1.1.mga9 . MGASA-2024-0457 upgrades ffmpeg packages to address a critical security vulnerability that may result in unauthorized access.. mpg123, Mageia security, code execution flaw, heap corruption issue. . LinuxSecurity.com Team
Nov 12, 2024
Mageia
87
security advisorycriticalsoftware updateDebian 1.31.2-1+deb12u1 critical: mpg123 out-of-bounds write execution
An out-of-bounds write vulnerability when handling crafted streams was discovered in mpg123, a real time MPEG 1.0/2.0/2.5 audio player/decoder for layers 1, 2 and 3, which could result in the execution of arbitrary code. . - ------------------------------------------------------------------------- Debian Security Advisory DSA-5811-1
Nov 11, 2024
•Critical
Debian
203
security advisorysoftware updatempg123Mageia 6 and 7 Updates: 2019-0238 Moderately Fixes mpg123 Crash Issue
The mpg123 package has been updated to version 1.25.12, fixing several issues which could cause it to crash or hang while parsing mp3 files. References: - https://bugs.mageia.org/show_bug.cgi?id=25350 . MGASA-2019-0238 - Updated mpg123 packages fix security vulnerability Publication date: 31 Aug 2019 URL: https://advisories.mageia.org/MGASA-2019-0238.html Type: security Affected Mageia releases: 6, 7 The mpg123 package has been updated to version 1.25.12, fixing several issues which could cause it to crash or hang while parsing mp3 files. References: - https://bugs.mageia.org/show_bug.cgi?id=25350 - http://www.mpg123.de/cgi-bin/news.cgi#2019-08-24 SRPMS: - 7/core/mpg123-1.25.12-1.mga7 - 6/core/mpg123-1.25.12-1.mga6 . Mageia 2021-0455 upgrades the curl package to address significant connectivity problems, improving reliability.. mpg123, Mageia security, software update, security advisory. . LinuxSecurity.com Team
Aug 31, 2019
Mageia
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!