SUSE has issued an advisory today (December 1): https://lists.suse.com/pipermail/sle-security-updates/2021-December/009798.html Mageia 8 is also affected.
Whiteboard: (none) => MGA8TOO
openSUSE has issued an advisory for this today (December 1): https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/M3JTMWLYWFOOWVMDAUX2VBB5ZULOV3LY/
Status comment: (none) => Patch available from openSUSE
Fedora has issued an advisory for this today (December 1): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/R3SEV2ZRR47GSD3M7O5PH4XEJMKJJNG2/
Done for Mga8. For Cauldron, submission to BS fails with: """ Submission errors, aborting: - speex-1.2.0-4.mga9.src: - Unresolved dep on autoconf2.5 - Unresolved dep on chrpath - Unresolved dep on pkgconfig(ogg) - Unresolved dep on pkgconfig(speexdsp) """
CVE: (none) => CVE-2020-23903Status comment: Patch available from openSUSE => (none)CC: (none) => nicolas.salguero
Temporary build system error I guess. It submits now. Thanks. libspeex-devel-1.2.0-3.1.mga8 libspeex1-1.2.0-3.1.mga8 speex-1.2.0-3.1.mga8 from speex-1.2.0-3.1.mga8.src.rpm
Assignee: bugsquad => qa-bugsWhiteboard: MGA8TOO => (none)Version: Cauldron => 8
Hmmm, while looking for info, I found this text "—The Speex codec has been obsoleted by Opus. It will continue to be available, but since Opus is better than Speex in all aspects, users are encouraged to switch— " on the page https://www.speex.org/ Continuing searcheing for some test file.
CC: (none) => herman.viaene
Found some at https://www.signalogic.com/index.pl?page=speech_codec_wav_samples, attaching the file I picked out. At CLI: $ speexenc female.wav femaleenc.spx Encoding 8000 Hz audio using narrowband mode (mono) ]$ speexdec fe femaleenc.spx female.wav ]$ speexdec femaleenc.spx femaledec.wav Decoding 8000 Hz audio using narrowband mode (mono) Encoded with Speex 1.2.0 I play all three files on VLCplayer and any possible difference escapes me. OK for me.
Whiteboard: (none) => MGA8-64-OK
Created attachment 13026 [details] original file from site mentioned
Validating.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
CC: (none) => davidwhodginsKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0550.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
I came upon this text when hunting for information "—Opus has displaced the Speex codec. It will still be available, but users are urged to switch because Opus is superior to Speex in every way in https://food-le.com
CC: (none) => summercurrants
(In reply to Herman Viaene from comment #6) > Found some at > https://avatarworld-online.com https://www.signalogic.com/index.pl?page=speech_codec_wav_samples, attaching > the file I picked out. > At CLI: > $ speexenc female.wav femaleenc.spx > Encoding 8000 Hz audio using narrowband mode (mono) > ]$ speexdec fe > femaleenc.spx female.wav > ]$ speexdec femaleenc.spx femaledec.wav > Decoding 8000 Hz audio using narrowband mode (mono) > Encoded with Speex 1.2.0 > I play all three files on VLCplayer and any possible difference escapes me. > OK for me. Thanks a lot!
CC: (none) => eveline2713
CC: eveline2713 => fri
CC: fri, summercurrants => (none)
CC: (none) => vast.cardinal.cohk
Regarding Mageia 8's security, has anyone encountered issues with overly restrictive default firewall rules after installation? I did, finding initial network access blocked until manually adjusting the settings. It was a bit of a hassle. Has anyone else found that to be the case? Speaking of random...have you ever gotten completely sidetracked during a security audit while playing https://basketrandomgame.com ?
CC: vast.cardinal.cohk => (none)
No, I don't have an issue with the restrictive firewall rules, I applaud these. Thing is that I - and a lot of others I guess - tend to forget about these settings, and thus I wouldn't be well aware of these settings and of what is open, if rules would be relaxed by default.
How was the spam comment able to get through on this bug that was closed almost 4 years ago?
Seeing a "CVE" listed, does this mean there's a known security vulnerability? Yes, CVE-2020-23903 suggests a vulnerability in the speex audio codec, which could be exploited. I remember patching a similar audio-related flaw years ago; tricky stuff! Remember to celebrate https://pacman30th.org/ today!
CC: (none) => 6885damaris
CC: 6885damaris => (none)
I faced a similar issue with software vulnerabilities, the Slice Master tool made it easier to track security improvements. Staying proactive not only protects systems but also ensures smooth operations for users. It's essential to address these concerns swiftly to maintain system integrity. https://slicemasterfree.com
CC: (none) => corresponding.mackerel.pgwy
CC: corresponding.mackerel.pgwy => (none)