Debian-LTS alert DLA-655-1 (mpg123)
| From: | Jonas Meurer <mejo@debian.org> | |
| To: | debian-lts-announce@lists.debian.org | |
| Subject: | [SECURITY] [DLA 655-1] mpg123 security update | |
| Date: | Sat, 15 Oct 2016 13:09:14 +0200 | |
| Message-ID: | <bc563b69-2257-3978-6400-dc4ba05aae54@debian.org> |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Several security vulnerabilities have been discovered in mpg123, an MPEG layer 1/2/3 audio decoder and player. An attacker could take advantage of these flaws to cause a denial of service against mpg123 or applications using the libmpg123 library with a carefully crafted input file. CVE-2014-9497 Myautsai PAN discovered a flaw in the decoder initialization code of libmpg123. A specially crafted mp3 input file can be used to cause a buffer overflow, resulting in a denial of service. CVE-2016-1000247 Jerold Hoong discovered a flaw in the id3 tag processing code of libmpg123. A specially crafted mp3 input file could be used to cause a buffer over-read, resulting in a denial of service. For Debian 7 "Wheezy", these problems have been fixed in version 1.14.4-1+deb7u1. We recommend that you upgrade your mpg123 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -- Jonas Meurer -----BEGIN PGP SIGNATURE----- iQItBAEBCAAXBQJYAg5ZEBxtZWpvQGRlYmlhbi5vcmcACgkQUmLn/0kQSf5U1g// dO1tJFriBYqoUKJfmEaUplQ51DQDZYu5JkWfL+TvtEKtr9VVSQttjJrcQBwtNSJB jPnCqhfDLTGpLpGVmraSfGqs0edQj859qNCs0Dd2B1nKVVK9wq1LjCjsXrLwS9J5 LxOnnfEGR946lIo+L3SnpAHns0ACsLibaz+dEs4oaglfsO2z6jXzKKyC/6YoYkS6 KplLoWtimWaCtwZAweHScXT2UG2Smln7+Plx+gf68vCrCWLdqMO0SnstHWOc+aML 7/lkFYvNLN3XCFuHPfXuSuWZwMUzGfP/EHUagkSxExBIJFLri/OFck5zFDZCxVCP inCcO85JzFvneGSv9Yr+l0t0a7Iu6pez+C5RWzkTuRjl8jfNmbHFA5BP1Yw2OFOR BAWQyO1LxFE59lcAnJwRNwIjnVK3Q8nb9Z5K3mThnwWe3Oq9S8/WK5eS2LqKDsU+ 17/IJfmLboCXLG7oFGLC6NTeNo6C7cDX08DQL29s7K+CBOZ5EmzTJ9XiCQMzkaH7 11GMvnD2uqGQEBI3MEqTBHOqMK+6uNxE77jEUHJvmb/4Wyt02xW7yN8/iaCwMJbj AiRsvE/kJ44Qu+wLKjKgPOOIiy5xQOgxEODdjqDDayCRTJpctscHMDFWWlWXcLE3 EDyLQ6S0UF+wFFTYXQYsVdDa1P53e9xj9mfwKMreoPM= =8+cb -----END PGP SIGNATURE-----