mpg123-1.32.9-1.el9_5
エラータID: AXSA:2024-9488:02
リリース日:
2024/12/25 Wednesday - 11:01
題名:
mpg123-1.32.9-1.el9_5
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- mpg123 の libmpg123 には、ヒープ領域の範囲外書き込み
の問題があるため、ローカルの攻撃者により、細工された
ストリームデータの処理を介して、任意のコードの実行を
可能とする脆弱性が存在します。(CVE-2024-10573)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2024-10573
An out-of-bounds write flaw was found in mpg123 when handling crafted streams. When decoding PCM, the libmpg123 may write past the end of a heap-located buffer. Consequently, heap corruption may happen, and arbitrary code execution is not discarded. The complexity required to exploit this flaw is considered high as the payload must be validated by the MPEG decoder and the PCM synth before execution. Additionally, to successfully execute the attack, the user must scan through the stream, making web live stream content (such as web radios) a very unlikely attack vector.
An out-of-bounds write flaw was found in mpg123 when handling crafted streams. When decoding PCM, the libmpg123 may write past the end of a heap-located buffer. Consequently, heap corruption may happen, and arbitrary code execution is not discarded. The complexity required to exploit this flaw is considered high as the payload must be validated by the MPEG decoder and the PCM synth before execution. Additionally, to successfully execute the attack, the user must scan through the stream, making web live stream content (such as web radios) a very unlikely attack vector.
追加情報:
N/A
ダウンロード:
SRPMS
- mpg123-1.32.9-1.el9_5.src.rpm
MD5: a73a44467d1884cd9a136caa130c3bc2
SHA-256: b0c2b2b619109a3c0dd84b6e1c01d450c5f3e839e0646a9e1976297c770bf0f2
Size: 1.07 MB
Asianux Server 9 for x86_64
- mpg123-1.32.9-1.el9_5.x86_64.rpm
MD5: 8d035fda6109276e8ce4e3f3f3ef889a
SHA-256: d7af3e7c1b1e8bda882c830027e65f689eb463bda90a76f55cb0e13a6725f5cb
Size: 142.45 kB - mpg123-devel-1.32.9-1.el9_5.i686.rpm
MD5: c2f931153de3bd8a73c711a0ebf76928
SHA-256: 54aad988bace2a98bb0d3eb2f03b874cb0d1d3f139e125fb5f14a80c9b28af18
Size: 359.68 kB - mpg123-devel-1.32.9-1.el9_5.x86_64.rpm
MD5: d3105f761092734daadd9fac166b7f91
SHA-256: 03f176e941c8b8f7f7b7cc6ddc2e3832f6f96c423fae9d8274d63a733d66d3dd
Size: 359.77 kB - mpg123-libs-1.32.9-1.el9_5.i686.rpm
MD5: ce4f5527e980cc06abab12f644bf8046
SHA-256: ba48f2a430482f59d3a114f2b92d48a22793b6f0ba48084a2b844bfda8e4b321
Size: 358.44 kB - mpg123-libs-1.32.9-1.el9_5.x86_64.rpm
MD5: 18eeb8088d0bf96457e20c9d5fe67e55
SHA-256: 5dbbb729221c1c19e1fd18473d860fc3aad551ac08730aa9a1e2791139001362
Size: 348.96 kB - mpg123-plugins-pulseaudio-1.32.9-1.el9_5.x86_64.rpm
MD5: 7c5b7723c20dab26b14ba1a405fce681
SHA-256: c3c1b5cd63f2237baf6cdcc647ebd66f4080e490cc15e240183e29fac8509202
Size: 12.98 kB
English