UbuntuUpdates.org

Package "mpg123"

Name: mpg123

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • MPEG layer 1/2/3 audio decoder (shared library)
  • MPEG layer 1/2/3 audio decoder (development files)
  • MPEG layer 1/2/3 audio decoder (libout123 shared library)

Latest version: 1.25.13-1ubuntu0.1
Release: focal (20.04)
Level: updates
Repository: main

Links



Other versions of "mpg123" in Focal

Repository Area Version
base universe 1.25.13-1
base main 1.25.13-1
security universe 1.25.13-1ubuntu0.1
updates universe 1.25.13-1ubuntu0.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1.25.13-1ubuntu0.1 2024-11-05 17:07:02 UTC

  mpg123 (1.25.13-1ubuntu0.1) focal-security; urgency=medium

  * SECURITY UPDATE: OOB write during PCM decoding
    - debian/patches/CVE-2024-10573.patch: don't prepare for actual frame
      data when there is none and separate header data into a struct,
      ensure late updating in frame in src/libmpg123/frame.c,
      src/libmpg123/frame.h, src/libmpg123/layer1.c,
      src/libmpg123/layer2.c, src/libmpg123/layer3.c,
      src/libmpg123/libmpg123.c, src/libmpg123/parse.c,
      src/libmpg123/getbits.h.
    - CVE-2024-10573

 -- Marc Deslauriers <email address hidden> Mon, 04 Nov 2024 13:49:25 -0500

CVE-2024-10573 An out-of-bounds write flaw was found in mpg123 when handling crafted streams. When decoding PCM, the libmpg123 may write past the end of a heap-loca



About   -   Send Feedback to @ubuntu_updates