You are here
Home > Preporuke > Ranjivost programskog paketa vorbis-tools

Ranjivost programskog paketa vorbis-tools

  • Detalji os-a: FED
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LFE

Fedora Update Notification
2015-09-16 18:49:29.742453

Name : vorbis-tools
Product : Fedora 22
Version : 1.4.0
Release : 20.fc22
Summary : The Vorbis General Audio Compression Codec tools
Description :
Ogg Vorbis is a fully open, non-proprietary, patent- and royalty-free,
general-purpose compressed audio format for audio and music at fixed
and variable bitrates from 16 to 128 kbps/channel.

The vorbis package contains an encoder, a decoder, a playback tool, and a
comment editor.

Update Information:

– oggenc: fix large alloca on bad AIFF input (CVE-2015-6749)

[ 1 ] Bug #1258424 – vorbis-tools: Bufer overflow in aiff_open function
[ 2 ] Bug #1258443 – CVE-2015-6749 vorbis-tools: invalid AIFF file causes alloca() buffer overflow

This update can be installed with the “yum” update program. Use
su -c ‘yum update vorbis-tools’ at the command line.
For more information, refer to “Managing Software with yum”,
available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list

AutorTomislav Protega
Cert idNCERT-REF-2015-09-0013-ADV
ID izvornikaFEDORA-2015-14663
More in Preporuke
Sigurnosni nedostaci Cisco TelePresence Server softvera

Otkriven je sigurnosni nedostatak u radu softvera Cisco TelePresence Server. Otkriveni nedostatak je posljedica preljeva spremnika i potencijalnim napadačima omogućuje...