ALT-BU-2016-2968-1
Branch sisyphus update bulletin.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2015-8789
Use-after-free vulnerability in the EbmlMaster::Read function in libEBML before 1.3.3 allows context-dependent attackers to have unspecified impact via a "deeply nested element with infinite size" followed by another element of an upper level in an EBML document.
- [matroska-users] 20151020 libEBML v1.3.3, libMatroska v1.4.4 released: important fixes
- [matroska-users] 20151020 libEBML v1.3.3, libMatroska v1.4.4 released: important fixes
- openSUSE-SU-2016:0125
- openSUSE-SU-2016:0125
- DSA-3538
- DSA-3538
- 94924
- 94924
- http://www.talosintelligence.com/reports/TALOS-2016-0037/
- http://www.talosintelligence.com/reports/TALOS-2016-0037/
- https://github.com/Matroska-Org/libebml/blob/release-1.3.3/ChangeLog
- https://github.com/Matroska-Org/libebml/blob/release-1.3.3/ChangeLog
- https://github.com/Matroska-Org/libebml/commit/88409e2a94dd3b40ff81d08bf6d92f486d036b24
- https://github.com/Matroska-Org/libebml/commit/88409e2a94dd3b40ff81d08bf6d92f486d036b24
Modified: 2024-11-21
CVE-2015-8790
The EbmlUnicodeString::UpdateFromUTF8 function in libEBML before 1.3.3 allows context-dependent attackers to obtain sensitive information from process heap memory via a crafted UTF-8 string, which triggers an invalid memory access.
- [matroska-users] 20151020 libEBML v1.3.3, libMatroska v1.4.4 released: important fixes
- [matroska-users] 20151020 libEBML v1.3.3, libMatroska v1.4.4 released: important fixes
- openSUSE-SU-2016:0125
- openSUSE-SU-2016:0125
- DSA-3538
- DSA-3538
- 85307
- 85307
- 95124
- 95124
- http://www.talosintelligence.com/reports/TALOS-2016-0036/
- http://www.talosintelligence.com/reports/TALOS-2016-0036/
- https://github.com/Matroska-Org/libebml/blob/release-1.3.3/ChangeLog
- https://github.com/Matroska-Org/libebml/blob/release-1.3.3/ChangeLog
- https://github.com/Matroska-Org/libebml/commit/ababb64e0c792ad2a314245233db0833ba12036b
- https://github.com/Matroska-Org/libebml/commit/ababb64e0c792ad2a314245233db0833ba12036b
Modified: 2024-11-21
CVE-2015-8791
The EbmlElement::ReadCodedSizeValue function in libEBML before 1.3.3 allows context-dependent attackers to obtain sensitive information from process heap memory via a crafted length value in an EBML id, which triggers an invalid memory access.
- [matroska-users] 20151020 libEBML v1.3.3, libMatroska v1.4.4 released: important fixes
- [matroska-users] 20151020 libEBML v1.3.3, libMatroska v1.4.4 released: important fixes
- openSUSE-SU-2016:0125
- openSUSE-SU-2016:0125
- DSA-3538
- DSA-3538
- https://github.com/Matroska-Org/libebml/blob/release-1.3.3/ChangeLog
- https://github.com/Matroska-Org/libebml/blob/release-1.3.3/ChangeLog
- https://github.com/Matroska-Org/libebml/commit/24e5cd7c666b1ddd85619d60486db0a5481c1b90
- https://github.com/Matroska-Org/libebml/commit/24e5cd7c666b1ddd85619d60486db0a5481c1b90
Package libmatroska updated to version 1.4.5-alt1 for branch sisyphus in task 169101.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2015-8792
The KaxInternalBlock::ReadData function in libMatroska before 1.4.4 allows context-dependent attackers to obtain sensitive information from process heap memory via crafted EBML lacing, which triggers an invalid memory access.
- [matroska-users] 20151020 libEBML v1.3.3, libMatroska v1.4.4 released: important fixes
- [matroska-users] 20151020 libEBML v1.3.3, libMatroska v1.4.4 released: important fixes
- openSUSE-SU-2016:0125
- openSUSE-SU-2016:0125
- DSA-3526
- DSA-3526
- https://github.com/Matroska-Org/libmatroska/blob/release-1.4.4/ChangeLog
- https://github.com/Matroska-Org/libmatroska/blob/release-1.4.4/ChangeLog
- https://github.com/Matroska-Org/libmatroska/commit/0a2d3e3644a7453b6513db2f9bc270f77943573f
- https://github.com/Matroska-Org/libmatroska/commit/0a2d3e3644a7453b6513db2f9bc270f77943573f