libvorbis-1.2.3-5.AXS4.1
エラータID: AXSA:2018-2651:01
The libvorbis package contains runtime libraries for use in programs that support Ogg Vorbis, a fully open, non-proprietary, patent- and royalty-free, general-purpose compressed format for audio and music at fixed and variable bitrates.
Security Fix(es):
* Mozilla: Vorbis audio processing out of bounds write (MFSA 2018-08) (CVE-2018-5146)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Asianux would like to thank the Mozilla Project for reporting this issue. Upstream acknowledges Richard Zhu via Trend Micro's Zero Day Initiative as the original reporter.
CVE-2018-5146
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be provided.
Update packages.
An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox < 59.0.1, Firefox ESR < 52.7.2, and Thunderbird < 52.7.
N/A
SRPMS
- libvorbis-1.2.3-5.AXS4.1.src.rpm
MD5: 8c285096db7e8ec7898faef9a28dc3fc
SHA-256: 097a77c2ce748713b4629338d7822173324800e26a19f54a513634d7f8ce79ef
Size: 1.15 MB
Asianux Server 4 for x86
- libvorbis-1.2.3-5.AXS4.1.i686.rpm
MD5: cc7b5c40272e50a1d81540b969f5c0ab
SHA-256: 248fdf9fb14c6836287d0d92d40d1ffa2681822b9b824be95d997ea1581a8236
Size: 156.40 kB
Asianux Server 4 for x86_64
- libvorbis-1.2.3-5.AXS4.1.x86_64.rpm
MD5: 4576e213d54b9a7981a7520d24885425
SHA-256: 62ecce72cba0da6d827c9bd1b36e8771abff3aa81cc13b3f5f46ce781d9de90e
Size: 166.89 kB - libvorbis-1.2.3-5.AXS4.1.i686.rpm
MD5: cc7b5c40272e50a1d81540b969f5c0ab
SHA-256: 248fdf9fb14c6836287d0d92d40d1ffa2681822b9b824be95d997ea1581a8236
Size: 156.40 kB
日本語