On 12/16/2016 02:32 PM, Frank Cox wrote:
rpm -q --whatprovides /usr/lib64/libgme.so.0
game-music-emu-0.6.0-5.el7.x86_64
Like I said, I always reserve the right to be wrong. Debian has issued
an update with a list of CVE's that are so new that they're not on mitre
yet. Debian DSA-3735-1:
https://security-tracker.debian.org/tracker/DSA-3735-1
This will be an EPEL update and not a CentOS one, as CentOS from media
with no third-party repos does not have the affected library libgme.
But a heads-up nonetheless, and a really good read if you are into how
something like this (where this is Super NES audio chip (SPC700)
assembly code) can cause a modern Linux distribution to be compromised.
Silently, and in a drive-by-download fully automatic manner.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
