|
|
Subscribe / Log in / New account

Mageia alert MGASA-2014-0561 (sox)



From:
    	      Mageia Updates <buildsystem-daemon@mageia.org> 


To:
    	      updates-announce@ml.mageia.org 


Subject:
    	      [updates-announce] MGASA-2014-0561: Updated sox packages fix CVE-2014-8145 


Date:
    	      Wed, 31 Dec 2014 13:28:30 +0100


Message-ID:
    	      <20141231122830.76DB341034@valstar.mageia.org>


MGASA-2014-0561 - Updated sox packages fix CVE-2014-8145

Publication date: 31 Dec 2014
URL: http://advisories.mageia.org/MGASA-2014-0561.html
Type: security
Affected Mageia releases: 4
CVE: CVE-2014-8145

Description:
Updated sox packages fix security vulnerability:

The sox command line tool is affected by two heap-based buffer overflows,
respectively located in functions start_read() and AdpcmReadBlock(). A
specially crafted wav file can be used to trigger the vulnerabilities
(CVE-2014-8145).

References:
- https://bugs.mageia.org/show_bug.cgi?id=14871
- http://www.ocert.org/advisories/ocert-2014-010.html
- https://www.debian.org/security/2014/dsa-3112
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8145

SRPMS:
- 4/core/sox-14.4.1-3.1.mga4
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds