[ALAS2-2018-981] Amazon Linux 2 2017.12 - ALAS2-2018-981: critical priority package update for libvorbis
Severity
Critical
Affected Packages
4
CVEs
1
Package updates are available for Amazon Linux 2 that fix the following vulnerabilities:
CVE-2018-5146:
An out of bounds write flaw was found in the processing of vorbis audio data. A maliciously crafted file or audio stream could cause the application to crash or, potentially, execute arbitrary code.
1557221:
CVE-2018-5146 Mozilla: Vorbis audio processing out of bounds write (MFSA 2018-08)
Package | Affected Version |
---|---|
pkg:rpm/amazonlinux/libvorbis?arch=x86_64&distro=amazonlinux-2 | < 1.3.3-8.amzn2.0.1 |
pkg:rpm/amazonlinux/libvorbis-devel?arch=x86_64&distro=amazonlinux-2 | < 1.3.3-8.amzn2.0.1 |
pkg:rpm/amazonlinux/libvorbis-devel-docs?arch=noarch&distro=amazonlinux-2 | < 1.3.3-8.amzn2.0.1 |
pkg:rpm/amazonlinux/libvorbis-debuginfo?arch=x86_64&distro=amazonlinux-2 | < 1.3.3-8.amzn2.0.1 |
- ID
- ALAS2-2018-981
- Severity
- critical
- URL
- https://alas.aws.amazon.com/AL2/ALAS-2018-981.html
- Published
-
2018-03-22T22:02:00
(6 years ago) - Modified
-
2018-03-26T22:10:00
(6 years ago) - Rights
- Amazon Linux Security Team
- Other Advisories
-
- ALAS-2018-981
- ALPINE:CVE-2018-5146
- ASA-201803-12
- ASA-201803-13
- ASA-201803-21
- ASA-201803-22
- DSA-4140-1
- DSA-4143-1
- DSA-4155-1
- ELSA-2018-0549
- ELSA-2018-0647
- ELSA-2018-0648
- ELSA-2018-0649
- ELSA-2018-1058
- FEDORA-2018-061bafe369
- FEDORA-2018-3de9cb411f
- FEDORA-2018-def329f680
- FEDORA-2018-f26d891469
- FEDORA-2019-2e385f97e2
- FREEBSD:7943794F-707F-4E31-9FEA-3BBF1DDCEDC1
- GLSA-201811-13
- MFSA-2018-08
- MFSA-2018-09
- openSUSE-SU-2018:0818-1
- openSUSE-SU-2018:0819-1
- RHSA-2018:0549
- RHSA-2018:0647
- RHSA-2018:0648
- RHSA-2018:0649
- RHSA-2018:1058
- SSA:2018-076-01
- SUSE-SU-2018:0783-1
- SUSE-SU-2018:0784-1
- SUSE-SU-2018:0850-1
- SUSE-SU-2018:0907-1
- USN-3545-1
- USN-3599-1
- USN-3604-1
Source | # ID | Name | URL |
---|---|---|---|
CVE | CVE-2018-5146 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5146 |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/amazonlinux/libvorbis?arch=x86_64&distro=amazonlinux-2 | amazonlinux | libvorbis | < 1.3.3-8.amzn2.0.1 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/libvorbis-devel?arch=x86_64&distro=amazonlinux-2 | amazonlinux | libvorbis-devel | < 1.3.3-8.amzn2.0.1 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/libvorbis-devel-docs?arch=noarch&distro=amazonlinux-2 | amazonlinux | libvorbis-devel-docs | < 1.3.3-8.amzn2.0.1 | amazonlinux-2 | noarch | |
Affected | pkg:rpm/amazonlinux/libvorbis-debuginfo?arch=x86_64&distro=amazonlinux-2 | amazonlinux | libvorbis-debuginfo | < 1.3.3-8.amzn2.0.1 | amazonlinux-2 | x86_64 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |