taglib-1.8-8.20130218git.el7

エラータID: AXSA:2020-4549:01

Release date: 
Thursday, April 2, 2020 - 06:26
Subject: 
taglib-1.8-8.20130218git.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Low
Description: 

TagLib is a library for reading and editing the meta-data of different audio formats.

Security Fix(es):

* taglib: heap-based buffer over-read via a crafted audio file (CVE-2018-11439)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Asianux Server 7.8 Release Notes linked from the References section.

CVE-2018-11439
The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in TagLib 1.11.1 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted audio file.

Solution: 

Update packages.

CVEs: 
CVE-2018-11439
The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in TagLib 1.11.1 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted audio file.
Additional Info: 

N/A

Download: 

SRPMS
  1. taglib-1.8-8.20130218git.el7.src.rpm
    MD5: 7340f773d45eb80627e7b7aeb2444407
    SHA-256: ae59c54acb406a5fde6da6c9bae20f3e70b6c9127d0a502e02134e15f10284ed
    Size: 639.42 kB

Asianux Server 7 for x86_64
  1. taglib-1.8-8.20130218git.el7.x86_64.rpm
    MD5: b3c30a531ec13ddade733af787c1115e
    SHA-256: 55bf5251346c278aabeafd0bcc8f6758c01af6e770cdba30ba29911d5a509b38
    Size: 309.21 kB
  2. taglib-1.8-8.20130218git.el7.i686.rpm
    MD5: d1e09da7ece1b7ad6b121d1591f74b12
    SHA-256: 829424d278ef90dbed28d449d24cc8460b4d56e83080bbfbc70f33349445345b
    Size: 312.84 kB