Slash Boxes

SoylentNews is people

posted by martyb on Tuesday May 09 2017, @03:30AM   Printer-friendly
from the sounds-rather-LAME-to-me dept.

Fedora Magazine reports:

[...] a few days ago Red Hat Legal provided the permission to ship MP3 encoding in Fedora. [...] it will soon be possible to convert physical media or other formats to MP3 in Fedora without 3rd party repositories.

Previous stories:
The MP3 Format is now Patent Free
0-Days Hitting Fedora and Ubuntu Open Desktops to a World of Hurt

Original Submission

Related Stories

0-Days Hitting Fedora and Ubuntu Open Desktops to a World of Hurt 7 comments

Submitted via IRC for Bytram

If your desktop runs a mainstream release of Linux, chances are you're vulnerable.

[...] While Evans' attacks won't work on most Linux servers, they will reliably compromise most desktop versions of Linux, which employees at Google, Facebook, and other security conscious companies often use in an attempt to avoid the pitfalls of Windows and Mac OS X. Three weeks ago, Evans released a separate Linux zero-day that had similarly dire consequences.

"I like to prove that vulnerabilities are not just theoretical—that they are actually exploitable to cause real problems," Evans told Ars when explaining why he developed—and released—an exploit for fully patched systems. "Unfortunately, there's still the occasional vulnerability disclosure that is met with skepticism about exploitability. I'm helping to stamp that out."

Like Evans' previous Linux zero-day, the proof-of-concept attacks released Tuesday exploit a memory-corruption vulnerability closely tied to GStreamer, a media framework that by default ships with many mainstream Linux distributions. This time, the exploit takes aim at a flaw in a software library alternately known as Game Music Emu and libgme, which is used to emulate music from game consoles. The two audio files are encoded in the SPC music format used in the Super Nintendo Entertainment System console from the 1990s. Both take aim at a heap overflow bug contained in code that emulates the console's Sony SPC700 processor. By changing the .spc extension to .flac and .mp3, GSteamer and Game Music Emu automatically open them.

The exploit ending in .flac works as a drive-by attack when a Fedora 25 user visits a booby-trapped webpage. With nothing more than a click required, the file will open the desktop calculator. With modification, it could load any code an attacker chooses and execute it with the same system privileges afforded to the user. While users typically don't have the same unfettered system privileges granted to root, the ones they do have are plenty powerful. Such an exploit can, for instance, read and steal all the user's most personal data, including documents, pictures, e-mail, and chat transcripts. It could also steal the user's browser cookies and sessions for Gmail, Facebook, Twitter, and other sites. It could additionally persist across reboots, although not as stealthily as a root exploit. And as is growing increasingly common, it could be combined with a local root privilege exploit to gain full system rights.


Original Submission

The MP3 Format is now Patent Free 85 comments

MP3 decoding was already free and got recently included in Fedora. But now, encoding is also free according to Fraunhofer Institute for Integrated Circuits IIS: "On April 23, 2017, Technicolor's mp3 licensing program for certain mp3 related patents and software of Technicolor and Fraunhofer IIS has been terminated." The Wikipedia MP3 article confirms that.

So, do you still use an MP3 library or have you switched to another format or means of listening to music such as (spying built-in) streaming services?

Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Tuesday May 09 2017, @03:39AM

    by Anonymous Coward on Tuesday May 09 2017, @03:39AM (#506729)

    Tom's Diner the song is 30 years old.

    Tom's Diner the restaurant is 70 years old.

  • (Score: 2) by jmorris on Tuesday May 09 2017, @04:21AM (2 children)

    by jmorris (4844) on Tuesday May 09 2017, @04:21AM (#506739)

    And it looks like next year we get MPEG2 video, and that pretty much means DVD video and HD-TV go open, although I haven't poked around the audio codecs, those might be another year or so. But the first DVD players were on the shelves in the late 1990s so they really can't submarine much past 2018 without being ridiculous. Of course that has never stopped the patent trolls.

    And that is why the TV industry is trying to get everything moved to MPEG4, the idea of anything that isn't patent encumbered and DRMed out the wazoo frightens them. And they love to interlock the two, you can't license the DVD patents unless you are in DVDCCA and vice versa. So expect those license fees to roll right on since membership in DVDCCA is required to comply with DMCA.

    • (Score: 2) by takyon on Tuesday May 09 2017, @04:33AM (1 child)

      by takyon (881) <reversethis-{gro ... s} {ta} {noykat}> on Tuesday May 09 2017, @04:33AM (#506742) Journal

      ... and the new codecs are far superior. HEVC/H.265 reduces bit rates by 30-50% at the same level of quality, compared to H.264/MPEG-4 AVC.

      [SIG] 10/28/2017: Soylent Upgrade v14 []
      • (Score: 2) by Grishnakh on Tuesday May 09 2017, @05:31AM

        by Grishnakh (2831) on Tuesday May 09 2017, @05:31AM (#506763)

        Yeah, and x264/MPEG-4 itself reduces bitrates a huge amount over the ancient MPEG-2 that DVDs use, probably quite a bit more than the x264-to-x265 improvement.

  • (Score: 0) by Anonymous Coward on Tuesday May 09 2017, @12:21PM (1 child)

    by Anonymous Coward on Tuesday May 09 2017, @12:21PM (#506845)

    i recon few people will care at this point.