Mageia alert MGASA-2015-0094 (vorbis-tools) [LWN.net]

From:
    	       Mageia Updates <buildsystem-daemon@mageia.org> 
To:
    	       updates-announce@ml.mageia.org 
Subject:
    	       [updates-announce] MGASA-2015-0094: Updated vorbis-tools packages fix security vulnerabilities 
Date:
    	       Thu, 5 Mar 2015 20:34:40 +0100
Message-ID:
    	       <20150305193440.72D7C4062D@valstar.mageia.org>
MGASA-2015-0094 - Updated vorbis-tools packages fix security vulnerabilities

Publication date: 05 Mar 2015
URL: http://advisories.mageia.org/MGASA-2015-0094.html

Type: security
Affected Mageia releases: 4
CVE: CVE-2014-9638,
     CVE-2014-9639

Description:
Updated vorbis-tools package fixes security vulnerabilities:

oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of
service (divide-by-zero error and crash) via a WAV file with the number of
channels set to zero (CVE-2014-9638).

Integer overflow in oggenc in vorbis-tools 1.4.0 allows remote attackers to
cause a denial of service (crash) via a crafted number of channels in a WAV
file, which triggers an out-of-bounds memory access (CVE-2014-9639).

References:
- https://bugs.mageia.org/show_bug.cgi?id=15403

- https://lists.fedoraproject.org/pipermail/package-announc...
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9638

- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9639

SRPMS:
- 4/core/vorbis-tools-1.4.0-6.2.mga4

From:		Mageia Updates <buildsystem-daemon@mageia.org>
To:		updates-announce@ml.mageia.org
Subject:		[updates-announce] MGASA-2015-0094: Updated vorbis-tools packages fix security vulnerabilities
Date:		Thu, 5 Mar 2015 20:34:40 +0100
Message-ID:		<20150305193440.72D7C4062D@valstar.mageia.org>