[ALAS2-2018-981] Amazon Linux 2 2017.12 - ALAS2-2018-981: critical priority package update for libvorbis
Severity
Critical
Affected Packages
4
CVEs
1
Package updates are available for Amazon Linux 2 that fix the following vulnerabilities:
CVE-2018-5146:
An out of bounds write flaw was found in the processing of vorbis audio data. A maliciously crafted file or audio stream could cause the application to crash or, potentially, execute arbitrary code.
1557221:
CVE-2018-5146 Mozilla: Vorbis audio processing out of bounds write (MFSA 2018-08)
| Package | Affected Version |
|---|---|
 pkg:rpm/amazonlinux/libvorbis?arch=x86_64&distro=amazonlinux-2
|
< 1.3.3-8.amzn2.0.1 |
|
pkg:rpm/amazonlinux/libvorbis-devel?arch=x86_64&distro=amazonlinux-2
|
< 1.3.3-8.amzn2.0.1 |
|
pkg:rpm/amazonlinux/libvorbis-devel-docs?arch=noarch&distro=amazonlinux-2
|
< 1.3.3-8.amzn2.0.1 |
|
pkg:rpm/amazonlinux/libvorbis-debuginfo?arch=x86_64&distro=amazonlinux-2
|
< 1.3.3-8.amzn2.0.1 |
- ID
- ALAS2-2018-981
- Severity
- critical
- URL
- https://alas.aws.amazon.com/AL2/ALAS-2018-981.html
- Published
-
2018-03-22T22:02:00
(6 years ago) - Modified
-
2018-03-26T22:10:00
(6 years ago) - Rights
- Amazon Linux Security Team
- Other Advisories
-
-
ALAS-2018-981
-
ALPINE:CVE-2018-5146
-
ASA-201803-12
-
ASA-201803-13
-
ASA-201803-21
-
ASA-201803-22
-
DSA-4140-1
-
DSA-4143-1
-
DSA-4155-1
-
ELSA-2018-0549
-
ELSA-2018-0647
-
ELSA-2018-0648
-
ELSA-2018-0649
-
ELSA-2018-1058
-
FEDORA-2018-061bafe369
-
FEDORA-2018-3de9cb411f
-
FEDORA-2018-def329f680
-
FEDORA-2018-f26d891469
-
FEDORA-2019-2e385f97e2
-
FREEBSD:7943794F-707F-4E31-9FEA-3BBF1DDCEDC1
-
GLSA-201811-13
-
MFSA-2018-08
-
MFSA-2018-09
-
openSUSE-SU-2018:0818-1
-
openSUSE-SU-2018:0819-1
-
RHSA-2018:0549
-
RHSA-2018:0647
-
RHSA-2018:0648
-
RHSA-2018:0649
-
RHSA-2018:1058
-
SSA:2018-076-01
-
SUSE-SU-2018:0783-1
-
SUSE-SU-2018:0784-1
-
SUSE-SU-2018:0850-1
-
SUSE-SU-2018:0907-1
-
USN-3545-1
-
USN-3599-1
-
USN-3604-1
-
| Source | # ID | Name | URL |
|---|---|---|---|
| CVE | CVE-2018-5146 |
|
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:rpm/amazonlinux/libvorbis?arch=x86_64&distro=amazonlinux-2 | amazonlinux |
libvorbis
|
< 1.3.3-8.amzn2.0.1 | amazonlinux-2 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/libvorbis-devel?arch=x86_64&distro=amazonlinux-2 | amazonlinux |
libvorbis-devel
|
< 1.3.3-8.amzn2.0.1 | amazonlinux-2 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/libvorbis-devel-docs?arch=noarch&distro=amazonlinux-2 | amazonlinux |
libvorbis-devel-docs
|
< 1.3.3-8.amzn2.0.1 | amazonlinux-2 | noarch | |
| Affected | pkg:rpm/amazonlinux/libvorbis-debuginfo?arch=x86_64&distro=amazonlinux-2 | amazonlinux |
libvorbis-debuginfo
|
< 1.3.3-8.amzn2.0.1 | amazonlinux-2 | x86_64 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |