[ALAS-2012-47] Amazon Linux - ALAS-2012-47: important priority package update for libvorbis
Package updates are available for Amazon Linux that fix the following vulnerabilities:
CVE-2012-0444:
Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize nsChildView data structures, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Ogg Vorbis file.
A heap-based buffer overflow flaw was found in the way the libvorbis library parsed Ogg Vorbis media files. If a specially-crafted Ogg Vorbis media file was opened by an application using libvorbis, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application.
A flaw was found in the way Firefox parsed Ogg Vorbis media files. A web page containing a malicious Ogg Vorbis media file could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.
Package | Affected Version |
---|---|
pkg:rpm/amazonlinux/libvorbis?arch=x86_64&distro=amazonlinux-1 | < 1.2.3-4.6.amzn1 |
pkg:rpm/amazonlinux/libvorbis?arch=i686&distro=amazonlinux-1 | < 1.2.3-4.6.amzn1 |
pkg:rpm/amazonlinux/libvorbis-devel?arch=x86_64&distro=amazonlinux-1 | < 1.2.3-4.6.amzn1 |
pkg:rpm/amazonlinux/libvorbis-devel?arch=i686&distro=amazonlinux-1 | < 1.2.3-4.6.amzn1 |
pkg:rpm/amazonlinux/libvorbis-devel-docs?arch=noarch&distro=amazonlinux-1 | < 1.2.3-4.6.amzn1 |
pkg:rpm/amazonlinux/libvorbis-debuginfo?arch=x86_64&distro=amazonlinux-1 | < 1.2.3-4.6.amzn1 |
pkg:rpm/amazonlinux/libvorbis-debuginfo?arch=i686&distro=amazonlinux-1 | < 1.2.3-4.6.amzn1 |
- ID
- ALAS-2012-47
- Severity
- important
- URL
- https://alas.aws.amazon.com/ALAS-2012-47.html
- Published
-
2012-03-04T16:07:00
(12 years ago) - Modified
-
2014-09-14T15:22:00
(10 years ago) - Rights
- Amazon Linux Security Team
- Other Advisories
Source | # ID | Name | URL |
---|---|---|---|
CVE | CVE-2012-0444 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0444 | |
redhat | RHSA-2012:0136 | https://rhn.redhat.com/errata/RHSA-2012:0136.html |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/amazonlinux/libvorbis?arch=x86_64&distro=amazonlinux-1 | amazonlinux | libvorbis | < 1.2.3-4.6.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/libvorbis?arch=i686&distro=amazonlinux-1 | amazonlinux | libvorbis | < 1.2.3-4.6.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/libvorbis-devel?arch=x86_64&distro=amazonlinux-1 | amazonlinux | libvorbis-devel | < 1.2.3-4.6.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/libvorbis-devel?arch=i686&distro=amazonlinux-1 | amazonlinux | libvorbis-devel | < 1.2.3-4.6.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/libvorbis-devel-docs?arch=noarch&distro=amazonlinux-1 | amazonlinux | libvorbis-devel-docs | < 1.2.3-4.6.amzn1 | amazonlinux-1 | noarch | |
Affected | pkg:rpm/amazonlinux/libvorbis-debuginfo?arch=x86_64&distro=amazonlinux-1 | amazonlinux | libvorbis-debuginfo | < 1.2.3-4.6.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/libvorbis-debuginfo?arch=i686&distro=amazonlinux-1 | amazonlinux | libvorbis-debuginfo | < 1.2.3-4.6.amzn1 | amazonlinux-1 | i686 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |