libvorbis-1.3.3-8.el7.1

エラータID: AXSA:2018-2816:01

Release date: 
Tuesday, April 17, 2018 - 12:38
Subject: 
libvorbis-1.3.3-8.el7.1
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

The libvorbis package contains runtime libraries for use in programs that support Ogg Vorbis, a fully open, non-proprietary, patent- and royalty-free, general-purpose compressed format for audio and music at fixed and variable bitrates.

Security Fix(es):

* Mozilla: Vorbis audio processing out of bounds write (MFSA 2018-08) (CVE-2018-5146)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Asianux would like to thank the Mozilla Project for reporting this issue. Upstream acknowledges Richard Zhu via Trend Micro's Zero Day Initiative as the original reporter.

CVE-2018-5146
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be provided.

Solution: 

Update packages.

CVEs: 
CVE-2018-5146
An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox < 59.0.1, Firefox ESR < 52.7.2, and Thunderbird < 52.7.
Additional Info: 

N/A

Download: 

SRPMS
  1. libvorbis-1.3.3-8.el7.1.src.rpm
    MD5: f7144e08bdeb63706cb61ceb287187a2
    SHA-256: b461b5a34c1046ccd5b48ce75b49240cce91d09fe4028c5710671669986a6d52
    Size: 1.05 MB

Asianux Server 7 for x86_64
  1. libvorbis-1.3.3-8.el7.1.x86_64.rpm
    MD5: b3545b4632e1c78e2d5654a594839086
    SHA-256: f371db4586abf27eb4a172110c403222c55586c35c87d6fa1658706232c6c46f
    Size: 203.24 kB
  2. libvorbis-1.3.3-8.el7.1.i686.rpm
    MD5: 9fc356e413e361828fb2a9b64508bc0e
    SHA-256: f65d6a2c4c610998e1cb246223cf1466a08d29b8441bce382b86f539f4021ce4
    Size: 193.73 kB