This script is Copyright (C) 2017 Tenable Network Security, Inc.
The remote openSUSE host is missing a security update.
This update for mpg123 fixes the following issues :
- Update to version 1.25.6
- Hotfix for bug 255: Overflow reading frame data bits in
layer II decoding. Now, all-zero data is returned if the
frame data is exhausted. This might have a slight impact
on performance, but not easily measurable so far.
- Update to version 1.25.5
- Avoid another buffer read overflow in the ID3 parser on
32 bit platforms (bug 254). (CVE-2017-12797/boo#1056999)
- Update to version 1.25.4 libmpg123 :
- Prevent harmless call to memcpy(NULL, NULL, 0).
- More early checking of ID3v2 encoding values to avoid
bogus text being stored.
See also :
Update the affected mpg123 packages.
Risk factor :
Medium / CVSS Base Score : 4.3