Moderate: vorbis-tools security update

2024-05-2200:00:00

errata.almalinux.org

vorbis-tools

security update

buffer overflow

ogg vorbis

cve-2023-43361

audio format

royalty-free

compressed audio

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

6.6

Confidence

Low

EPSS

0.001

Percentile

30.8%

JSON

The vorbis-tools packages provide an encoder, a decoder, a playback tool, and a comment editor for Ogg Vorbis. Ogg Vorbis is a fully open, non-proprietary, patent- and royalty-free, general-purpose compressed audio format.

Security Fix(es):

vorbis-tools: Buffer Overflow vulnerability (CVE-2023-43361)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

OSVersionArchitecturePackageVersionFilename
almalinux8aarch64vorbis-tools< 1.4.0-29.el8vorbis-tools-1.4.0-29.el8.aarch64.rpm
almalinux8x86_64vorbis-tools< 1.4.0-29.el8vorbis-tools-1.4.0-29.el8.x86_64.rpm
almalinux8ppc64levorbis-tools< 1.4.0-29.el8vorbis-tools-1.4.0-29.el8.ppc64le.rpm
almalinux8s390xvorbis-tools< 1.4.0-29.el8vorbis-tools-1.4.0-29.el8.s390x.rpm

OS	Version	Architecture	Package	Version	Filename
almalinux	8	aarch64	vorbis-tools	< 1.4.0-29.el8	vorbis-tools-1.4.0-29.el8.aarch64.rpm
almalinux	8	x86_64	vorbis-tools	< 1.4.0-29.el8	vorbis-tools-1.4.0-29.el8.x86_64.rpm
almalinux	8	ppc64le	vorbis-tools	< 1.4.0-29.el8	vorbis-tools-1.4.0-29.el8.ppc64le.rpm
almalinux	8	s390x	vorbis-tools	< 1.4.0-29.el8	vorbis-tools-1.4.0-29.el8.s390x.rpm