[ALSA-2019:3703] Low: libvorbis security update
Type:
security
Severity:
low
Release date:
2019-11-05
Description:
The libvorbis package contains runtime libraries for use in programs that support Ogg Vorbis, a fully open, non-proprietary, patent- and royalty-free, general-purpose compressed format for audio and music at fixed and variable bitrates. Security Fix(es): * libvorbis: heap buffer overflow in mapping0_forward function (CVE-2018-10392) * libvorbis: stack buffer overflow in bark_noise_hybridmp function (CVE-2018-10393) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
Updated packages:
  • libvorbis-1.3.6-2.el8.i686.rpm
  • libvorbis-1.3.6-2.el8.x86_64.rpm
  • libvorbis-devel-1.3.6-2.el8.i686.rpm
  • libvorbis-devel-1.3.6-2.el8.x86_64.rpm
  • libvorbis-devel-docs-1.3.6-2.el8.noarch.rpm
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.