Fedora 32 : adplug / audacious-plugins / ocp (2021-24ef21134b)

High Nessus Plugin ID 144965

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 5.9

Synopsis

The remote Fedora host is missing one or more security updates.

Description

AdPlug 2.3.3 ============

- New RAD player replacing the old one

- Bug fixes: (huge thanks to Alexander Miller for these)

- CVE-2019-14690 - buffer overflow in `.bmf`

- CVE-2019-14691 - buffer overflow in `.dtm`

- CVE-2019-14692 - buffer overflow in `.mkj`

- CVE-2019-14732 - buffer overflow in `.a2m`

- CVE-2019-14733 - buffer overflow in `.rad`

- CVE-2019-14734 - buffer overflow in `.mtk`

- CVE-2019-15151 - double free and OOB reads in `.u6m`

- OOB reads in `.xad`

- OOB reads in `.rix`

AdPlug 2.3.2 ============

- Bug fixes :

- FMOPL: Fix global variable pointer double-free (CVE-2018-17825)

- HERAD: Fix compilation on GCC 4.2.1

- ADL: Calling `rewind()` before `update()` causes access violation

- Move OPL reset/init code to `rewind()` for some players

AdPlug 2.3.1 ============

- Fixed unconditional inclusion of 'sys/io.h' on Linux

- Autotools improvement

- Non-recursive Automake, improved parallelizability

- Compatibility fixes for FreeBSD's pmake and OpenBSD's make

- Out-of-source building

AdPlug 2.3 ==========

- Bug fixes :

- CMF: Fix uninitialised variable use (thanks binarymaster)

- CMF: Handle invalid offsets without crashing

- ROL: Prevent access beyond end of vector

- MSC: Fix use of uninitialised variable

- HSC: Handle out of range patterns more gracefully

- MID: Fix out of range array read

- LDS: Use the tempo stored inside the Loudness-File instead of simply returning 70Hz

- RIX: Fix several replay bugs (thanks to Palxex)

- RIX: Big-endian fix by Wei Mingzhi

- XAD: Tempo fix

- Various other out of bounds array fixes, timing fixes, etc.

- New formats :

- BMF: Easy AdLib 1.0

- CMF: SoundFX Macs Opera

- GOT: God of Thunder

- HSQ/SQX/SDB/AGD/HA2: Herbulot AdLib System (HERAD)

- MUS/IMS/MDI: AdLib Visual Composer ROL derivatives

- SOP: sopepos' Note Player

- VGM: Video Game Music

- Allow compilation on platforms that don't support real OPL hardware access

- Add support for compiling on Appveyor and publishing a NuGet package

- Add Visual Studio 2015 projects

- Add support for Travis CI builds

- Add new CRC16 and CRC32 tests

- Addition of WoodyOPL from DOSBox SVN (thanks to NY00123)

- Addition of NukedOPL (thanks to loki666 and nukeykt)

- Move from SourceForge to GitHub

- DRO player refactored (thanks to Laurence Myers and William Yates)

- Add (mono) OPL3 support to the surround/harmonic-effect OPL

- Fix occasional random noise in right channel when using surround OPL and Satoh synth

- Add display for ROL comment and instrument names

- Improve support for different Westwood ADL format versions

- Improve CMF transpose support (per-channel now)

- Autotools build environment updated

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected adplug, audacious-plugins and / or ocp packages.

See Also

https://bodhi.fedoraproject.org/updates/FEDORA-2021-24ef21134b

Plugin Details

Severity: High

ID: 144965

File Name: fedora_2021-24ef21134b.nasl

Version: 1.2

Type: local

Agent: unix

Published: 2021/01/14

Updated: 2021/01/20

Dependencies: 12634

Risk Information

Risk Factor: High

VPR Score: 5.9

CVSS v2.0

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSS v3.0

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:fedoraproject:fedora:adplug, p-cpe:/a:fedoraproject:fedora:audacious-plugins, p-cpe:/a:fedoraproject:fedora:ocp, cpe:/o:fedoraproject:fedora:32

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 2021/01/14

Vulnerability Publication Date: 2018/10/01

Reference Information

CVE: CVE-2018-17825, CVE-2019-14690, CVE-2019-14691, CVE-2019-14692, CVE-2019-14732, CVE-2019-14733, CVE-2019-14734, CVE-2019-15151