vorbis-tools-1.4.0-29.el8

エラータID: AXSA:2024-8310:01

Release date: 
Monday, June 17, 2024 - 18:36
Subject: 
vorbis-tools-1.4.0-29.el8
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

The vorbis-tools packages provide an encoder, a decoder, a playback tool, and a comment editor for Ogg Vorbis. Ogg Vorbis is a fully open, non-proprietary, patent- and royalty-free, general-purpose compressed audio format.

Security Fix(es):

* vorbis-tools: Buffer Overflow vulnerability (CVE-2023-43361)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Asianux Server 8.10 Release Notes linked from the References section.

CVE-2023-43361
Buffer Overflow vulnerability in Vorbis-tools v.1.4.2 allows a local attacker to execute arbitrary code and cause a denial of service during the conversion of wav files to ogg files.

Solution: 

Update packages.

CVEs: 
CVE-2023-43361
Buffer Overflow vulnerability in Vorbis-tools v.1.4.2 allows a local attacker to execute arbitrary code and cause a denial of service during the conversion of wav files to ogg files.
Additional Info: 

N/A

Download: 

SRPMS
  1. vorbis-tools-1.4.0-29.el8.src.rpm
    MD5: f5dea5c1d9db811f1520fa77951a86ee
    SHA-256: d980cf208be491e48515ce524819bc1e53ac6069936ad1e937a6755225080909
    Size: 1.86 MB

Asianux Server 8 for x86_64
  1. vorbis-tools-1.4.0-29.el8.x86_64.rpm
    MD5: 960d3580c60d2fcdf35a19b2e4a6bbc1
    SHA-256: a40ee9c6b3206a5334774d1dd725df6a2b7409577f6aef5d60825d0b491f2468
    Size: 345.07 kB