[CentOS] libgme drive-by exploit.
Lamar Owen
lowen at pari.edu
Fri Dec 16 19:38:45 UTC 2016
On 12/16/2016 02:32 PM, Frank Cox wrote:
> rpm -q --whatprovides /usr/lib64/libgme.so.0
> game-music-emu-0.6.0-5.el7.x86_64
>
Like I said, I always reserve the right to be wrong. Debian has issued
an update with a list of CVE's that are so new that they're not on mitre
yet. Debian DSA-3735-1:
https://security-tracker.debian.org/tracker/DSA-3735-1
This will be an EPEL update and not a CentOS one, as CentOS from media
with no third-party repos does not have the affected library libgme.
But a heads-up nonetheless, and a really good read if you are into how
something like this (where this is Super NES audio chip (SPC700)
assembly code) can cause a modern Linux distribution to be compromised.
Silently, and in a drive-by-download fully automatic manner.
More information about the CentOS
mailing list