Jump to content
Compatible Support Forums
Sign in to follow this  
Followers 0
news

[Security Announce] [ MDVSA-2008:102 ] - Updated libvorbis packages fix vulnerabilities

By news, in Upcoming News

Recommended Posts

news    28

news
Posted

This is a multi-part message in MIME format...

 

------------=_1210971365-11275-4665

 

 

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

 

_______________________________________________________________________

 

Mandriva Linux Security Advisory MDVSA-2008:102

http://www.mandriva.com/security/

_______________________________________________________________________

 

Package : libvorbis

Date : May 16, 2008

Affected: 2007.1, 2008.0, 2008.1, Corporate 3.0, Corporate 4.0,

Multi Network Firewall 2.0

_______________________________________________________________________

 

Problem Description:

 

Will Drewry of the Google Security Team reported several

vulnerabilities in how libvorbis processed audio data. An attacker

could create a carefuly crafted OGG audio file in such a way that it

would cause an application linked to libvorbis to crash or possibly

execute arbitray code when opened (CVE-2008-1419, CVE-2008-1420,

CVE-2008-1423).

 

The updated packages have been patched to correct these issues.

_______________________________________________________________________

 

References:

 

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1419

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1420

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1423

_______________________________________________________________________

 

Updated Packages:

 

Mandriva Linux 2007.1:

988704757ac8c3bead6de547b251838b 2007.1/i586/libvorbis0-1.1.2-1.4mdv2007.1.i586.rpm

8f60e571ac7e9333b02fc3c40ace8b01 2007.1/i586/libvorbis0-devel-1.1.2-1.4mdv2007.1.i586.rpm

e2bc6642ebf24401edcd8948ddfcffb5 2007.1/i586/libvorbisenc2-1.1.2-1.4mdv2007.1.i586.rpm

57327a105e98b85378db9ddbfd84d4f0 2007.1/i586/libvorbisfile3-1.1.2-1.4mdv2007.1.i586.rpm

63bf4d76e37622526f9ed49f7d18659d 2007.1/SRPMS/libvorbis-1.1.2-1.4mdv2007.1.src.rpm

 

Mandriva Linux 2007.1/X86_64:

1ccecfb9dc31f68306098e276eed2f03 2007.1/x86_64/lib64vorbis0-1.1.2-1.4mdv2007.1.x86_64.rpm

235be7e026a0517fd8df0c64afa2c142 2007.1/x86_64/lib64vorbis0-devel-1.1.2-1.4mdv2007.1.x86_64.rpm

da0e6f4cd91bb0c6b2d7998383213286 2007.1/x86_64/lib64vorbisenc2-1.1.2-1.4mdv2007.1.x86_64.rpm

73343cb9c55ea9d5ce194ac1f8576619 2007.1/x86_64/lib64vorbisfile3-1.1.2-1.4mdv2007.1.x86_64.rpm

63bf4d76e37622526f9ed49f7d18659d 2007.1/SRPMS/libvorbis-1.1.2-1.4mdv2007.1.src.rpm

 

Mandriva Linux 2008.0:

afc28b1fe16565fb2565248c0e5eb86f 2008.0/i586/libvorbis0-1.2.0-1.1mdv2008.0.i586.rpm

9d4802aadad40250b556bff207975af1 2008.0/i586/libvorbis-devel-1.2.0-1.1mdv2008.0.i586.rpm

cacd71dfd157ad08f26f479fed9317bc 2008.0/i586/libvorbisenc2-1.2.0-1.1mdv2008.0.i586.rpm

a0314cab211a753715e297dbed4626d8 2008.0/i586/libvorbisfile3-1.2.0-1.1mdv2008.0.i586.rpm

d1dda60c16843e2bd15aa7b933b0e6a3 2008.0/SRPMS/libvorbis-1.2.0-1.1mdv2008.0.src.rpm

 

Mandriva Linux 2008.0/X86_64:

c2433a2b905824a4f4de99aa667076e4 2008.0/x86_64/lib64vorbis0-1.2.0-1.1mdv2008.0.x86_64.rpm

4279d736bcde722c2b29b417362d0409 2008.0/x86_64/lib64vorbis-devel-1.2.0-1.1mdv2008.0.x86_64.rpm

860f090cdfb3df8eb5e5b35ebbfa89ba 2008.0/x86_64/lib64vorbisenc2-1.2.0-1.1mdv2008.0.x86_64.rpm

7d4731bda5c3f88bbf1f9f331a8d7375 2008.0/x86_64/lib64vorbisfile3-1.2.0-1.1mdv2008.0.x86_64.rpm

d1dda60c16843e2bd15aa7b933b0e6a3 2008.0/SRPMS/libvorbis-1.2.0-1.1mdv2008.0.src.rpm

 

Mandriva Linux 2008.1:

468279e3844cc8090b40a9b887aa8b19 2008.1/i586/libvorbis0-1.2.0-3.1mdv2008.1.i586.rpm

be40e608a2c1b68b52defcedab7b2215 2008.1/i586/libvorbis-devel-1.2.0-3.1mdv2008.1.i586.rpm

06e54777aa4a9574e1683ba1a3a639e0 2008.1/i586/libvorbisenc2-1.2.0-3.1mdv2008.1.i586.rpm

381e3925d9cf0fff52cfbdefee15cd37 2008.1/i586/libvorbisfile3-1.2.0-3.1mdv2008.1.i586.rpm

be801c948ffb9957bd622889760aecce 2008.1/SRPMS/libvorbis-1.2.0-3.1mdv2008.1.src.rpm

 

Mandriva Linux 2008.1/X86_64:

7e94c0757ed2c8c4ef4c16c07adb4f22 2008.1/x86_64/lib64vorbis0-1.2.0-3.1mdv2008.1.x86_64.rpm

83c2cfef1a65545b0df9176d58e416d1 2008.1/x86_64/lib64vorbis-devel-1.2.0-3.1mdv2008.1.x86_64.rpm

17865f92f4468532489038d1cae048b0 2008.1/x86_64/lib64vorbisenc2-1.2.0-3.1mdv2008.1.x86_64.rpm

efb5d10d9ad6e8ada31048866e1df6d9 2008.1/x86_64/lib64vorbisfile3-1.2.0-3.1mdv2008.1.x86_64.rpm

be801c948ffb9957bd622889760aecce 2008.1/SRPMS/libvorbis-1.2.0-3.1mdv2008.1.src.rpm

 

Corporate 3.0:

2c140f7bb5e1743b92798fa29210f620 corporate/3.0/i586/libvorbis0-1.0.1-4.3.C30mdk.i586.rpm

b5b0c19e2816af0ea3093165b3647445 corporate/3.0/i586/libvorbis0-devel-1.0.1-4.3.C30mdk.i586.rpm

d747674f772ab16e4548679b32d79aba corporate/3.0/i586/libvorbisenc2-1.0.1-4.3.C30mdk.i586.rpm

ad19edfeab15ed5337e573f26955dfc9 corporate/3.0/i586/libvorbisfile3-1.0.1-4.3.C30mdk.i586.rpm

cacdfed7916ecb3234f375bb02e9c249 corporate/3.0/SRPMS/libvorbis-1.0.1-4.3.C30mdk.src.rpm

 

Corporate 3.0/X86_64:

db476417d6b6797a8a6091a3b0ae26a2 corporate/3.0/x86_64/lib64vorbis0-1.0.1-4.3.C30mdk.x86_64.rpm

c0cbdb841085563bcd867ac8e13ae59b corporate/3.0/x86_64/lib64vorbis0-devel-1.0.1-4.3.C30mdk.x86_64.rpm

2313621be14f858b20370cd7f00cf63b corporate/3.0/x86_64/lib64vorbisenc2-1.0.1-4.3.C30mdk.x86_64.rpm

f265e6fd50a970aa8dc592b7a08b7811 corporate/3.0/x86_64/lib64vorbisfile3-1.0.1-4.3.C30mdk.x86_64.rpm

cacdfed7916ecb3234f375bb02e9c249 corporate/3.0/SRPMS/libvorbis-1.0.1-4.3.C30mdk.src.rpm

 

Corporate 4.0:

d6512287aa943a0ead7045d10ff0fd64 corporate/4.0/i586/libvorbis0-1.1.1-1.3.20060mlcs4.i586.rpm

2e924c490578d23e17475749377b4e63 corporate/4.0/i586/libvorbis0-devel-1.1.1-1.3.20060mlcs4.i586.rpm

24a4682c88a7560dc5396eb5d850a725 corporate/4.0/i586/libvorbisenc2-1.1.1-1.3.20060mlcs4.i586.rpm

9b24d1fdfaf9fe3f60c69442b9642a2c corporate/4.0/i586/libvorbisfile3-1.1.1-1.3.20060mlcs4.i586.rpm

0f71f35769e8af7da0d774575341092f corporate/4.0/SRPMS/libvorbis-1.1.1-1.3.20060mlcs4.src.rpm

 

Corporate 4.0/X86_64:

284c2f25348352c5387aa0e9e6187ce4 corporate/4.0/x86_64/lib64vorbis0-1.1.1-1.3.20060mlcs4.x86_64.rpm

28c199ffc00ed7cc4c3672c72f659827 corporate/4.0/x86_64/lib64vorbis0-devel-1.1.1-1.3.20060mlcs4.x86_64.rpm

5522f8715b0777be6f54e9c70b124fa5 corporate/4.0/x86_64/lib64vorbisenc2-1.1.1-1.3.20060mlcs4.x86_64.rpm

2f1475ff87cefaa186cf5cd76c838e48 corporate/4.0/x86_64/lib64vorbisfile3-1.1.1-1.3.20060mlcs4.x86_64.rpm

0f71f35769e8af7da0d774575341092f corporate/4.0/SRPMS/libvorbis-1.1.1-1.3.20060mlcs4.src.rpm

 

Multi Network Firewall 2.0:

1e7d371f824f6d901cd5e64efba6e126 mnf/2.0/i586/libvorbis0-1.0.1-4.3.M20mdk.i586.rpm

025c72d0ebf296dc5caa5696d88a5658 mnf/2.0/i586/libvorbisenc2-1.0.1-4.3.M20mdk.i586.rpm

e1ba96367ba4c4421f8b0d4a9971fc81 mnf/2.0/i586/libvorbisfile3-1.0.1-4.3.M20mdk.i586.rpm

5b4c410db83ca6c2fea55e4655f7d69f mnf/2.0/SRPMS/libvorbis-1.0.1-4.3.M20mdk.src.rpm

_______________________________________________________________________

 

To upgrade automatically use MandrivaUpdate or urpmi. The verification

of md5 checksums and GPG signatures is performed automatically for you.

 

All packages are signed by Mandriva for security. You can obtain the

GPG public key of the Mandriva Security Team by executing:

 

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 

You can view other update advisories for Mandriva Linux at:

 

http://www.mandriva.com/security/advisories

 

If you want to report vulnerabilities, please contact

 

security_(at)_mandriva.com

_______________________________________________________________________

 

Type Bits/KeyID Date User ID

pub 1024D/22458A98 2000-07-10 Mandriva Security Team

 

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.4.9 (GNU/Linux)

 

iD8DBQFILcfBmqjQ0CJFipgRAhdaAKC+o8eo7bbEg0LkchU3vrU0j5IDzgCbBpsz

towtPdAPfEhtYhWPr8Mi8bg=

=512G

-----END PGP SIGNATURE-----

 

 

------------=_1210971365-11275-4665

Content-Type: text/plain; name="message-footer.txt"

Content-Disposition: inline; filename="message-footer.txt"

Content-Transfer-Encoding: 8bit

 

To unsubscribe, send a email to sympa ( -at -) mandrivalinux.org

with this subject : unsubscribe security-announce

_______________________________________________________

Want to buy your Pack or Services from Mandriva?

Go to http://www.mandrivastore.com

Join the Club : http://www.mandrivaclub.com

_______________________________________________________

 

------------=_1210971365-11275-4665--

 

 

Share this post

Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  
Followers 0
Go To Topic Listing Upcoming News
×