FEDORA-2017-d43d46f1ca — security update for ming

stable

ming-0.4.8-1.fc25

FEDORA-2017-d43d46f1ca created by rathann 7 years ago for Fedora 25

Release 0.4.8 (no ABI or API changes)

Add PHP7 compatibility
Fix C++ output of disassembler
Fix heap overflows in parser.c (CVE-2017-7578)
Avoid division by zero in listmp3 when no valid frame was found (CVE-2016-9265)
Don't try printing unknown block (CVE-2016-9828)
Parse Protect tag's Password as string (CVE-2016-9827)
Check values before deriving malloc parameters from them in parser.c (CVE-2016-9829)
Make readString() stop reading string past buffer's end
Return EOF when reading unsigned values hits end of memory backed buffer
Exit immediately when unexpected EOF is by fgetc() in utility programs (CVE-2016-9831)
Fix using EOF marker -1 value as a valid flag byte (CVE-2016-9266)
Fix division by zero sample rate due to global buffer overflow (CVE-2016-9264, CVE-2016-9265)

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2017-d43d46f1ca

This update has been submitted for testing by rathann.

7 years ago

This update has been pushed to testing.

7 years ago

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes

7 years ago

This update has been submitted for stable by rathann.

7 years ago

This update has been pushed to stable.

7 years ago

Please login to add feedback.

Metadata

Type

security

Severity

medium

Karma

Signed

Content Type

RPM

Test Gating

None

Autopush Settings

Unstable by Karma

-3

Stable by Karma

Stable by Time

disabled

Dates

submitted

7 years ago

in testing

7 years ago

in stable

7 years ago

Builds

ming-0.4.8-1.fc25

BZ#1438687 CVE-2016-9264 CVE-2016-9265 CVE-2016-9266 CVE-2016-9827 CVE-2016-9828 CVE-2016-9829 CVE-2016-9831 ming: Multiple security vulnerabilities [fedora-all]

ming-0.4.8-1.fc25

Automated Test Results

None