[...] a few days ago Red Hat Legal provided the permission to ship MP3 encoding in Fedora. [...] it will soon be possible to convert physical media or other formats to MP3 in Fedora without 3rd party repositories.
Previous stories:
The MP3 Format is now Patent Free
0-Days Hitting Fedora and Ubuntu Open Desktops to a World of Hurt
Related Stories
Submitted via IRC for Bytram
If your desktop runs a mainstream release of Linux, chances are you're vulnerable.
[...] While Evans' attacks won't work on most Linux servers, they will reliably compromise most desktop versions of Linux, which employees at Google, Facebook, and other security conscious companies often use in an attempt to avoid the pitfalls of Windows and Mac OS X. Three weeks ago, Evans released a separate Linux zero-day that had similarly dire consequences.
"I like to prove that vulnerabilities are not just theoretical—that they are actually exploitable to cause real problems," Evans told Ars when explaining why he developed—and released—an exploit for fully patched systems. "Unfortunately, there's still the occasional vulnerability disclosure that is met with skepticism about exploitability. I'm helping to stamp that out."
Like Evans' previous Linux zero-day, the proof-of-concept attacks released Tuesday exploit a memory-corruption vulnerability closely tied to GStreamer, a media framework that by default ships with many mainstream Linux distributions. This time, the exploit takes aim at a flaw in a software library alternately known as Game Music Emu and libgme, which is used to emulate music from game consoles. The two audio files are encoded in the SPC music format used in the Super Nintendo Entertainment System console from the 1990s. Both take aim at a heap overflow bug contained in code that emulates the console's Sony SPC700 processor. By changing the .spc extension to .flac and .mp3, GSteamer and Game Music Emu automatically open them.
The exploit ending in .flac works as a drive-by attack when a Fedora 25 user visits a booby-trapped webpage. With nothing more than a click required, the file will open the desktop calculator. With modification, it could load any code an attacker chooses and execute it with the same system privileges afforded to the user. While users typically don't have the same unfettered system privileges granted to root, the ones they do have are plenty powerful. Such an exploit can, for instance, read and steal all the user's most personal data, including documents, pictures, e-mail, and chat transcripts. It could also steal the user's browser cookies and sessions for Gmail, Facebook, Twitter, and other sites. It could additionally persist across reboots, although not as stealthily as a root exploit. And as is growing increasingly common, it could be combined with a local root privilege exploit to gain full system rights.
MP3 decoding was already free and got recently included in Fedora. But now, encoding is also free according to Fraunhofer Institute for Integrated Circuits IIS: "On April 23, 2017, Technicolor's mp3 licensing program for certain mp3 related patents and software of Technicolor and Fraunhofer IIS has been terminated." The Wikipedia MP3 article confirms that.
So, do you still use an MP3 library or have you switched to another format or means of listening to music such as (spying built-in) streaming services?
(Score: 0) by Anonymous Coward on Tuesday May 09 2017, @03:39AM
Tom's Diner the song is 30 years old.
Tom's Diner the restaurant is 70 years old.
(Score: 2) by jmorris on Tuesday May 09 2017, @04:21AM (2 children)
And it looks like next year we get MPEG2 video, and that pretty much means DVD video and HD-TV go open, although I haven't poked around the audio codecs, those might be another year or so. But the first DVD players were on the shelves in the late 1990s so they really can't submarine much past 2018 without being ridiculous. Of course that has never stopped the patent trolls.
And that is why the TV industry is trying to get everything moved to MPEG4, the idea of anything that isn't patent encumbered and DRMed out the wazoo frightens them. And they love to interlock the two, you can't license the DVD patents unless you are in DVDCCA and vice versa. So expect those license fees to roll right on since membership in DVDCCA is required to comply with DMCA.
(Score: 2) by takyon on Tuesday May 09 2017, @04:33AM (1 child)
... and the new codecs are far superior. HEVC/H.265 reduces bit rates by 30-50% at the same level of quality, compared to H.264/MPEG-4 AVC.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 2) by Grishnakh on Tuesday May 09 2017, @05:31AM
Yeah, and x264/MPEG-4 itself reduces bitrates a huge amount over the ancient MPEG-2 that DVDs use, probably quite a bit more than the x264-to-x265 improvement.
(Score: 0) by Anonymous Coward on Tuesday May 09 2017, @12:21PM (1 child)
i recon few people will care at this point.
(Score: 3, Funny) by takyon on Wednesday May 10 2017, @12:24AM
BetaNews cares:
Fedora Linux getting native MP3 support, but who really cares? [betanews.com]
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]