Fedora 28 : mkvtoolnix (2018-317ecbb54f)

high Nessus Plugin ID 120333

Language:

Synopsis

The remote Fedora host is missing a security update.

Description

# Version 28.2.0 'The Awakening' 2018-10-25

## Bug fixes

- mkvmerge, mkvinfo, mkvextract, mkvpropedit, MKVToolNix GUI's info tool & chapter editor: fixed a case of memory being accessed after it had been freed earlier. This can be triggered by specially crafted Matroska files and lead to arbitrary code execution. The vulnerability was reported as Cisco TALOS 2018-0694 on 2018-10-25.

# Version 28.1.0 'Morning Child' 2018-10-23

## Bug fixes

- mkvmerge: AV1 parser: fixed an error in the sequence header parser if neither the `reduced_still_picture_header` nor the `frame_id_numbers_present_flag` is set. Part of the fix for #2410.

- mkvmerge: AV1 parser: when creating the `av1C` structure for the Codec Private element the sequence header OBU wasn't copied completely: its common data (type field & OBU size among others) was missing. Part of the fix for #2410.

- mkvmerge: Matroska reader, AV1: mkvmerge will try to re-create the `av1C` data stored in Codec Private when reading AV1 from Matroska or WebM files created by mkvmerge v28.0.0. Part of the fix for #2410.

- MKVToolNix GUI: info tool: the tool will no longer stop scanning elements when an EBML Void element is found after the first Cluster element. Fixes #2413.

# Version 28.0.0 'Voice In My Head' 2018-10-20

## New features and enhancements

- mkvmerge: AV1 parser: updated the code for the finalized AV1 bitstream specification. Part of the implementation of #2261.

- mkvmerge: AV1 packetizer: updated the code for the finalized AV1-in-Matroska & WebM mapping specification.
Part of the implementation of #2261.

- mkvmerge: AV1 support: the `--engage enable_av1` option has been removed again. Part of the implementation of #2261.

- mkvmerge: MP4 reader: added support for AV1. Part of the implementation of #2261.

- mkvmerge: DTS: implemented dialog normalization gain removal for extension substreams. Implements #2377.

- mkvmerge, mkvextract: simple text subtitles: added a workaround for simple text subtitle tracks that don't contain a duration. Implements #2397.

- mkvextract: added support for extracting AV1 to IVF.
Part of the implementation of #2261.

- mkvextract: IVF extractor (AV1, VP8, VP9): precise values will be used for the frame rate numerator & denominator header fields for certain well-known values of the track's default duration.

- mkvmerge: VP9: mkvmerge will now create codec private data according to the VP9 codec mapping described in the WebM specifications. Implements #2379.

- MKVToolNix GUI: automatic scaling for high DPI displays is activated if the GUI is compiled with Qt ≥ 5.6.0.
Fixes #1996 and #2383.

- MKVToolNix GUI: added a menu item ('Help' → 'System information') for displaying information about the system MKVToolNix is running on in order to make debugging easier.

- MKVToolNix GUI: multiplexer, header editor: the user can enter a list of predefined track names in the preferences. She can later select from them in 'track name' combo box. Implements #2230.

## Bug fixes

- mkvmerge: JSON identification: fixed a bug when removing invalid UTF-8 data from strings before they're output as JSON. Fixes #2398.

- mkvmerge: MP4/QuickTime reader: fixed handling of PCM audio with FourCC `in24`. Fixes #2391.

- mkvmerge: MPEG transport stream reader, teletext subtitles: the decision whether or not to keep frames around in order to potentially merge them with the following frame is made sooner. That avoids problems if there are large gaps between teletext subtitle frames which could lead to frames being interleaved too late.
Fixes #2393.

- mkvextract: IVF extractor (AV1, VP8, VP8): the frame rate header fields weren't clamped to 16 bits properly causing wrong frame rates to be written in certain situations.

- mkvpropedit, MKVToolNix GUI's header editor: fixed file corruption when a one-byte space must be covered with a new EBML void element but all surrounding elements have a 'size length' field that's eight bytes long already.
Fixes #2406.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected mkvtoolnix package.

See Also

https://bodhi.fedoraproject.org/updates/FEDORA-2018-317ecbb54f

Plugin Details

Severity: High

ID: 120333

File Name: fedora_2018-317ecbb54f.nasl

Version: 1.8

Type: local

Agent: unix

Published: 1/3/2019

Updated: 7/8/2024

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2018-4022

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:fedoraproject:fedora:mkvtoolnix, cpe:/o:fedoraproject:fedora:28

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/8/2018

Vulnerability Publication Date: 10/26/2018

Reference Information

CVE: CVE-2018-4022