Security update for libvorbis

SUSE Security Update: Security update for libvorbis
Announcement ID: SUSE-SU-2018:1885-1
Rating: moderate
References: #1091070
Affected Products:
  • SUSE Linux Enterprise Module for Basesystem 15

  • An update that fixes one vulnerability is now available.


    This update for libvorbis fixes the following issues:

    The following security issue was fixed:

    - Fixed the validation of channels in mapping0_forward(), which
    previously allowed remote attackers to cause a denial of service via
    specially crafted files (CVE-2018-10392, bsc#1091070)

    Patch Instructions:

    To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
    Alternatively you can run the command listed for your product:

    • SUSE Linux Enterprise Module for Basesystem 15:
      zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-1282=1

    Package List:

    • SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64):
      • libvorbis-debugsource-1.3.6-4.3.1
      • libvorbis-devel-1.3.6-4.3.1
      • libvorbis0-1.3.6-4.3.1
      • libvorbis0-debuginfo-1.3.6-4.3.1
      • libvorbisenc2-1.3.6-4.3.1
      • libvorbisenc2-debuginfo-1.3.6-4.3.1
      • libvorbisfile3-1.3.6-4.3.1
      • libvorbisfile3-debuginfo-1.3.6-4.3.1