CVE-2017-0381: An information disclosure vulnerability in silk/NLSF_stabilize.c in libopus in Mediaserver could enable a local malicious application to access data outside of…

CVE-2017-0381 [HIGH] CVE-2017-0381: macOS High Sierra 10.13 Apple Security Update: About the security content of macOS High Sierra 10.13 Product: macOS High Sierra Version: 10.13 CVE: CVE-2017-0381 Component: CoreAudio Impact: An application may be able to read restricted memory Description: An out-of-bounds read was addressed by updating to Opus version 1.1.4.

CVE-2017-0381 [HIGH] CVE-2017-0381: tvOS 11 Apple Security Update: About the security content of tvOS 11 Product: tvOS Version: 11 CVE: CVE-2017-0381 Component: CoreAudio Impact: An application may be able to read restricted memory Description: An out-of-bounds read was addressed by updating to Opus version 1.1.4.

CVE-2017-0381 [HIGH] CVE-2017-0381: watchOS 4 Apple Security Update: About the security content of watchOS 4 Product: watchOS 4 CVE: CVE-2017-0381 Component: CoreAudio Impact: An application may be able to read restricted memory Description: An out-of-bounds read was addressed by updating to Opus version 1.1.4.

CVE-2017-0381 [HIGH] CVE-2017-0381: iOS 11 Apple Security Update: About the security content of iOS 11 Product: iOS Version: 11 CVE: CVE-2017-0381 Component: CoreAudio Impact: An application may be able to read restricted memory Description: An out-of-bounds read was addressed by updating to Opus version 1.1.4.

CVE-2017-0381 [HIGH] opus: Memory corruption during media file and data processing opus: Memory corruption during media file and data processing An information disclosure vulnerability in silk/NLSF_stabilize.c in libopus in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-31607432. Package: firefox (Red Hat Enterprise Linux 5) - Will not fix Package: thunderbird (Red Hat Enterprise Linux 5) - Will not fix Package: firefox (Red Hat Enterprise Linux 6) - Will not fix Package: thunderbird (Red Hat Enterprise Linux 6) - Will not fix Package: firefox (Red Hat Enterprise Linux 7) - Will not fix Package: opus (Red Hat Enterprise Linux 7) -

CVE-2017-0381 [HIGH] CVE-2017-0381: Android Security Bulletin 2017-01-01 CVE: CVE-2017-0381 Severity: MEDIUM Affected AOSP versions: 5 Android Security Bulletin 2017-01-01 CVE: CVE-2017-0381 Severity: MEDIUM Affected AOSP versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1 References: A-31607432

CVE-2017-0381 [HIGH] CVE-2017-0381: opus - An information disclosure vulnerability in silk/NLSF_stabilize.c in libopus in M... An information disclosure vulnerability in silk/NLSF_stabilize.c in libopus in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-31607432. Scope: local bookworm: resolved (fixed in 1.2~alpha2-1) bullseye: resolved (fixed in 1.2~alpha2-1) forky: resolved (fixed in 1.2~alpha2-1) sid: resolved (fixed in 1.2~alpha2-1) trixie: resolved (fixed in 1.2~alpha2-1)

CVE-2017-0381 [HIGH] CWE-190 GHSA-28h8-v6gp-mwgv: An information disclosure vulnerability in silk/NLSF_stabilize An information disclosure vulnerability in silk/NLSF_stabilize.c in libopus in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-31607432.

CVE-2017-0381 [HIGH] CVE-2017-0381: An information disclosure vulnerability in silk/NLSF_stabilize An information disclosure vulnerability in silk/NLSF_stabilize.c in libopus in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-31607432.

CVE-2017-0381 [HIGH] CVE-2017-0381 opus: Memory corruption during media file and data processing CVE-2017-0381 opus: Memory corruption during media file and data processing A integer overflow vulnerability in silk/NLSF_stabilize.c in libopus could enable an attacker using a specially crafted file to cause an application using libopus to crash during media file and data processing under specific conditions. Upstream patch: https://github.com/xiph/opus/commit/79e8f527b0344b0897a65be35e77f7885bd99409 References: https://git.xiph.org/?p=opus.git;a=commit;h=70a3d641b https://source.android.com/security/bulletin/2017-01-01.html Discussion: Created opus tracking bugs for this issue: Affects: fedora-all [bug 1413605] Affects: epel-all [bug 1413606]

CVE-2017-0381 [HIGH] CVE-2017-0381 opus: Memory corruption during media file and data processing [fedora-all] CVE-2017-0381 opus: Memory corruption during media file and data processing [fedora-all] This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported v

CVE-2017-0381 [HIGH] CVE-2017-0381 opus: Memory corruption during media file and data processing [epel-all] CVE-2017-0381 opus: Memory corruption during media file and data processing [epel-all] This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora EPEL. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supporte