UbuntuUpdates.org

Package "mpg123"

Name: mpg123

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • MPEG layer 1/2/3 audio decoder (shared library)
  • MPEG layer 1/2/3 audio decoder (development files)
  • MPEG layer 1/2/3 audio decoder (libout123 shared library)
  • MPEG layer 1/2/3 audio decoder (libsyn123 shared library)

Latest version: 1.29.3-1ubuntu0.1
Release: jammy (22.04)
Level: security
Repository: main

Links



Other versions of "mpg123" in Jammy

Repository Area Version
base main 1.29.3-1build1
base universe 1.29.3-1build1
security universe 1.29.3-1ubuntu0.1
updates main 1.29.3-1ubuntu0.1
updates universe 1.29.3-1ubuntu0.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1.29.3-1ubuntu0.1 2024-11-05 15:07:01 UTC

  mpg123 (1.29.3-1ubuntu0.1) jammy-security; urgency=medium

  * SECURITY UPDATE: OOB write during PCM decoding
    - debian/patches/CVE-2024-10573.patch: don't prepare for actual frame
      data when there is none and separate header data into a struct,
      ensure late updating in frame in src/libmpg123/frame.c,
      src/libmpg123/frame.h, src/libmpg123/layer1.c,
      src/libmpg123/layer2.c, src/libmpg123/layer3.c,
      src/libmpg123/libmpg123.c, src/libmpg123/parse.c.
    - CVE-2024-10573

 -- Marc Deslauriers <email address hidden> Mon, 04 Nov 2024 13:27:24 -0500

CVE-2024-10573 An out-of-bounds write flaw was found in mpg123 when handling crafted streams. When decoding PCM, the libmpg123 may write past the end of a heap-loca



About   -   Send Feedback to @ubuntu_updates