mpg123-1.32.9-1.el8_10
エラータID: AXSA:2024-9431:01
リリース日:
2024/12/19 Thursday - 22:44
題名:
mpg123-1.32.9-1.el8_10
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- mpg123 の libmpg123 には、ヒープ領域の範囲外書き込み
の問題があるため、ローカルの攻撃者により、細工された
ストリームデータの処理を介して、任意のコードの実行を
可能とする脆弱性が存在します。(CVE-2024-10573)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2024-10573
An out-of-bounds write flaw was found in mpg123 when handling crafted streams. When decoding PCM, the libmpg123 may write past the end of a heap-located buffer. Consequently, heap corruption may happen, and arbitrary code execution is not discarded. The complexity required to exploit this flaw is considered high as the payload must be validated by the MPEG decoder and the PCM synth before execution. Additionally, to successfully execute the attack, the user must scan through the stream, making web live stream content (such as web radios) a very unlikely attack vector.
An out-of-bounds write flaw was found in mpg123 when handling crafted streams. When decoding PCM, the libmpg123 may write past the end of a heap-located buffer. Consequently, heap corruption may happen, and arbitrary code execution is not discarded. The complexity required to exploit this flaw is considered high as the payload must be validated by the MPEG decoder and the PCM synth before execution. Additionally, to successfully execute the attack, the user must scan through the stream, making web live stream content (such as web radios) a very unlikely attack vector.
追加情報:
N/A
ダウンロード:
SRPMS
- mpg123-1.32.9-1.el8_10.src.rpm
MD5: 69ecd52d461154069e8c201ea22f8631
SHA-256: 793d8eee9112c4cc69233ec8944b6580f038811bbd8436d9797d11cb804e74a4
Size: 1.08 MB
Asianux Server 8 for x86_64
- mpg123-1.32.9-1.el8_10.x86_64.rpm
MD5: 8ede0e66f8e03998a3aab7e3dab7efa7
SHA-256: 83cde0b3683a2bf3243031014c929e9fb5735e6caba81974fc549d5a2ddc9fb9
Size: 151.39 kB - mpg123-devel-1.32.9-1.el8_10.i686.rpm
MD5: 34941849e8b30a0adc52a17e6aaf1bf0
SHA-256: 6a36e9225aedfe14af1582e4509061f545568d9a84b5f3e8764d5bff1ae72fad
Size: 320.98 kB - mpg123-devel-1.32.9-1.el8_10.x86_64.rpm
MD5: 00428e3b14b2e44d3f478b9714537b65
SHA-256: 002f93a3cd7595a03c9f725533d2626b86c3e4e64a82e70b122a9854492c1d47
Size: 320.97 kB - mpg123-libs-1.32.9-1.el8_10.i686.rpm
MD5: 6d99ea4866bc199c5194b82e672017c4
SHA-256: be24e87eb26a9b0fe72a7e069c8fba6f8fe094ff17ff223152a4e7045fa9c253
Size: 366.03 kB - mpg123-libs-1.32.9-1.el8_10.x86_64.rpm
MD5: 81cb2d2ea501e3238b248291c7ffad97
SHA-256: e06009303a78a3d5b7c1438fb1f5e22bb28c6cab896c540d2df87b0abde27a97
Size: 364.07 kB - mpg123-plugins-pulseaudio-1.32.9-1.el8_10.x86_64.rpm
MD5: da227cdaabb4f3bb64dd9af81b96fa22
SHA-256: 946cb4e751f2506d61a0a12f14a05767298443bbac59101b448f5ad73ae262f3
Size: 18.57 kB
English