openSUSE Security Update : mpg123 (openSUSE-2017-1035)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update for mpg123 fixes the following issues :

- Update to version 1.25.6

- Hotfix for bug 255: Overflow reading frame data bits in
layer II decoding. Now, all-zero data is returned if the
frame data is exhausted. This might have a slight impact
on performance, but not easily measurable so far.

- Update to version 1.25.5

- Avoid another buffer read overflow in the ID3 parser on
32 bit platforms (bug 254). (CVE-2017-12797/boo#1056999)

- Update to version 1.25.4 libmpg123 :

- Prevent harmless call to memcpy(NULL, NULL, 0).

- More early checking of ID3v2 encoding values to avoid
bogus text being stored.

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=1056999

Solution :

Update the affected mpg123 packages.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P)

Family: SuSE Local Security Checks

Nessus Plugin ID: 103203 ()

Bugtraq ID:

CVE ID: CVE-2017-12797

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now