lame-3.100-3.7 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10907-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z lame-3.100-3.7 on GA media These are all security issues fixed in the lame-3.100-3.7 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10907 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2017-9410/ SUSE CVE CVE-2017-9410 page https://www.suse.com/security/cve/CVE-2017-9411/ SUSE CVE CVE-2017-9411 page https://www.suse.com/security/cve/CVE-2017-9412/ SUSE CVE CVE-2017-9412 page openSUSE Tumbleweed lame-3.100-3.7 lame-doc-3.100-3.7 lame-mp3rtp-3.100-3.7 libmp3lame-devel-3.100-3.7 libmp3lame0-3.100-3.7 libmp3lame0-32bit-3.100-3.7 lame-3.100-3.7 as a component of openSUSE Tumbleweed lame-doc-3.100-3.7 as a component of openSUSE Tumbleweed lame-mp3rtp-3.100-3.7 as a component of openSUSE Tumbleweed libmp3lame-devel-3.100-3.7 as a component of openSUSE Tumbleweed libmp3lame0-3.100-3.7 as a component of openSUSE Tumbleweed libmp3lame0-32bit-3.100-3.7 as a component of openSUSE Tumbleweed ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-9101. Reason: This candidate is a duplicate of CVE-2015-9101. Notes: All CVE users should reference CVE-2015-9101 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. CVE-2017-9410 openSUSE Tumbleweed:lame-3.100-3.7 openSUSE Tumbleweed:lame-doc-3.100-3.7 openSUSE Tumbleweed:lame-mp3rtp-3.100-3.7 openSUSE Tumbleweed:libmp3lame-devel-3.100-3.7 openSUSE Tumbleweed:libmp3lame0-3.100-3.7 openSUSE Tumbleweed:libmp3lame0-32bit-3.100-3.7 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-9410.html CVE-2017-9410 https://bugzilla.suse.com/1061970 SUSE Bug 1061970 https://bugzilla.suse.com/1082333 SUSE Bug 1082333 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-9100. Reason: This candidate is a duplicate of CVE-2015-9100. Notes: All CVE users should reference CVE-2015-9100 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. CVE-2017-9411 openSUSE Tumbleweed:lame-3.100-3.7 openSUSE Tumbleweed:lame-doc-3.100-3.7 openSUSE Tumbleweed:lame-mp3rtp-3.100-3.7 openSUSE Tumbleweed:libmp3lame-devel-3.100-3.7 openSUSE Tumbleweed:libmp3lame0-3.100-3.7 openSUSE Tumbleweed:libmp3lame0-32bit-3.100-3.7 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-9411.html CVE-2017-9411 https://bugzilla.suse.com/1082397 SUSE Bug 1082397 The unpack_read_samples function in frontend/get_audio.c in LAME 3.99.5 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted wav file. CVE-2017-9412 openSUSE Tumbleweed:lame-3.100-3.7 openSUSE Tumbleweed:lame-doc-3.100-3.7 openSUSE Tumbleweed:lame-mp3rtp-3.100-3.7 openSUSE Tumbleweed:libmp3lame-devel-3.100-3.7 openSUSE Tumbleweed:libmp3lame0-3.100-3.7 openSUSE Tumbleweed:libmp3lame0-32bit-3.100-3.7 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-9412.html CVE-2017-9412 https://bugzilla.suse.com/1061973 SUSE Bug 1061973 https://bugzilla.suse.com/1082340 SUSE Bug 1082340