openSUSE Security Update : mpg123 (openSUSE-2017-1035)
Medium Nessus Plugin ID 103203
SynopsisThe remote openSUSE host is missing a security update.
DescriptionThis update for mpg123 fixes the following issues :
- Update to version 1.25.6
- Hotfix for bug 255: Overflow reading frame data bits in layer II decoding. Now, all-zero data is returned if the frame data is exhausted. This might have a slight impact on performance, but not easily measurable so far.
- Update to version 1.25.5
- Avoid another buffer read overflow in the ID3 parser on 32 bit platforms (bug 254). (CVE-2017-12797/boo#1056999)
- Update to version 1.25.4 libmpg123 :
- Prevent harmless call to memcpy(NULL, NULL, 0).
- More early checking of ID3v2 encoding values to avoid bogus text being stored.
SolutionUpdate the affected mpg123 packages.