UbuntuUpdates.org

Package "mpg123"

Name: mpg123

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • MPEG layer 1/2/3 audio decoder (shared library)
  • MPEG layer 1/2/3 audio decoder (development files)
  • MPEG layer 1/2/3 audio decoder (libout123 shared library)

Latest version: 1.25.13-1ubuntu0.2
Release: focal (20.04)
Level: security
Repository: main

Links



Other versions of "mpg123" in Focal

Repository Area Version
base universe 1.25.13-1
base main 1.25.13-1
security universe 1.25.13-1ubuntu0.2
updates main 1.25.13-1ubuntu0.2
updates universe 1.25.13-1ubuntu0.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1.25.13-1ubuntu0.2 2024-11-27 16:06:52 UTC

  mpg123 (1.25.13-1ubuntu0.2) focal-security; urgency=medium

  * SECURITY UPDATE: incomplete fix for OOB write (LP: #2089680)
    - debian/patches/CVE-2024-10573-2.patch: safeguard against attempts to
      decode if decoder setup failed and user ignored the returned error
      code in src/libmpg123/format.c, src/libmpg123/frame.h,
      src/libmpg123/libmpg123.c, src/mpg123.c.
    - CVE-2024-10573

 -- Marc Deslauriers <email address hidden> Tue, 26 Nov 2024 10:23:12 -0500

Source diff to previous version
2089680 Insufficient fix for CVE-2024-10573
CVE-2024-10573 An out-of-bounds write flaw was found in mpg123 when handling crafted streams. When decoding PCM, the libmpg123 may write past the end of a heap-loca

Version: 1.25.13-1ubuntu0.1 2024-11-06 19:07:01 UTC

  mpg123 (1.25.13-1ubuntu0.1) focal-security; urgency=medium

  * SECURITY UPDATE: OOB write during PCM decoding
    - debian/patches/CVE-2024-10573.patch: don't prepare for actual frame
      data when there is none and separate header data into a struct,
      ensure late updating in frame in src/libmpg123/frame.c,
      src/libmpg123/frame.h, src/libmpg123/layer1.c,
      src/libmpg123/layer2.c, src/libmpg123/layer3.c,
      src/libmpg123/libmpg123.c, src/libmpg123/parse.c,
      src/libmpg123/getbits.h.
    - CVE-2024-10573

 -- Marc Deslauriers <email address hidden> Mon, 04 Nov 2024 13:49:25 -0500

CVE-2024-10573 An out-of-bounds write flaw was found in mpg123 when handling crafted streams. When decoding PCM, the libmpg123 may write past the end of a heap-loca



About   -   Send Feedback to @ubuntu_updates