Home page logo
/

bugtraq logo Bugtraq mailing list archives

[ MDKSA-2007:194 ] - Updated libvorbis packages fix vulnerabilities
From: security () mandriva com
Date: Wed, 10 Oct 2007 20:11:15 -0600


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2007:194
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : libvorbis
 Date    : October 10, 2007
 Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0,
           Multi Network Firewall 2.0
 _______________________________________________________________________
 
 Problem Description:
 
 More vulnerabilities in libvorbis were found that could be used to
 cause an application linked to libvorbis to crash or execute arbitrary
 code if used to open a carefully crafted OGG file.
 
 Updated packages have been patched to prevent this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4065
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4066
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 d41be27509ec3be88b202966d4a59550  2007.0/i586/libvorbis0-1.1.2-1.2mdv2007.0.i586.rpm
 e75b4f86a4c5d58f77373d50fbea8768  2007.0/i586/libvorbis0-devel-1.1.2-1.2mdv2007.0.i586.rpm
 23f95877a057ba9cec80183affdbcd26  2007.0/i586/libvorbisenc2-1.1.2-1.2mdv2007.0.i586.rpm
 5f32c9d9d23d2cca8814ad11c6992695  2007.0/i586/libvorbisfile3-1.1.2-1.2mdv2007.0.i586.rpm 
 3307e950d4b3918d358e9b82df6001cf  2007.0/SRPMS/libvorbis-1.1.2-1.2mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 402d3b03c86b0137011d1e46b51c5882  2007.0/x86_64/lib64vorbis0-1.1.2-1.2mdv2007.0.x86_64.rpm
 f2ac23af2f02fa7ae18eff8251a7187f  2007.0/x86_64/lib64vorbis0-devel-1.1.2-1.2mdv2007.0.x86_64.rpm
 26edae58c4d13b1d3231eb5dc1560dac  2007.0/x86_64/lib64vorbisenc2-1.1.2-1.2mdv2007.0.x86_64.rpm
 63e13185eeaa037dbc4fc583b85c0143  2007.0/x86_64/lib64vorbisfile3-1.1.2-1.2mdv2007.0.x86_64.rpm 
 3307e950d4b3918d358e9b82df6001cf  2007.0/SRPMS/libvorbis-1.1.2-1.2mdv2007.0.src.rpm

 Mandriva Linux 2007.1:
 f8d07dd2d52e2876abb97609b29c7dde  2007.1/i586/libvorbis0-1.1.2-1.3mdv2007.1.i586.rpm
 3fec84f53226b408bba6dbd1e2cf4968  2007.1/i586/libvorbis0-devel-1.1.2-1.3mdv2007.1.i586.rpm
 2901cdc64be56cb289b217ed1a05b8f1  2007.1/i586/libvorbisenc2-1.1.2-1.3mdv2007.1.i586.rpm
 e98cb9e44e1f3067e1fb7d1620c5ef27  2007.1/i586/libvorbisfile3-1.1.2-1.3mdv2007.1.i586.rpm 
 cce00e65c8cbe511018f520bca49c6a7  2007.1/SRPMS/libvorbis-1.1.2-1.3mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 891d901f29fe9a1d0fd82e9b47d38122  2007.1/x86_64/lib64vorbis0-1.1.2-1.3mdv2007.1.x86_64.rpm
 c6c00add1ff7bcc5e636e3ae2b4f5b30  2007.1/x86_64/lib64vorbis0-devel-1.1.2-1.3mdv2007.1.x86_64.rpm
 510934712584a9578ed4a2a946870b06  2007.1/x86_64/lib64vorbisenc2-1.1.2-1.3mdv2007.1.x86_64.rpm
 c52b5f4388c30d163f57144b882b3089  2007.1/x86_64/lib64vorbisfile3-1.1.2-1.3mdv2007.1.x86_64.rpm 
 cce00e65c8cbe511018f520bca49c6a7  2007.1/SRPMS/libvorbis-1.1.2-1.3mdv2007.1.src.rpm

 Corporate 3.0:
 cb5946414ffc05264f009a2dfb5cd5a4  corporate/3.0/i586/libvorbis0-1.0.1-4.2.C30mdk.i586.rpm
 b94b5dd7b09be0920ad46691550e6d5f  corporate/3.0/i586/libvorbis0-devel-1.0.1-4.2.C30mdk.i586.rpm
 2499e5ee054d10dea6576ecc1e5a0b47  corporate/3.0/i586/libvorbisenc2-1.0.1-4.2.C30mdk.i586.rpm
 d96e79ad3fa7183463d28e0e964625cb  corporate/3.0/i586/libvorbisfile3-1.0.1-4.2.C30mdk.i586.rpm 
 6cd5308e5450210a1bd5ef1d75be045a  corporate/3.0/SRPMS/libvorbis-1.0.1-4.2.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 e8702d068c5780bb74aeeead7990cf1d  corporate/3.0/x86_64/lib64vorbis0-1.0.1-4.2.C30mdk.x86_64.rpm
 1839ae3b9df3a80728efefcd0d2c8924  corporate/3.0/x86_64/lib64vorbis0-devel-1.0.1-4.2.C30mdk.x86_64.rpm
 6d503b73eb3997992a4a14686fa22bc2  corporate/3.0/x86_64/lib64vorbisenc2-1.0.1-4.2.C30mdk.x86_64.rpm
 1fb747fa7937daf053ede6bf3c631e6b  corporate/3.0/x86_64/lib64vorbisfile3-1.0.1-4.2.C30mdk.x86_64.rpm 
 6cd5308e5450210a1bd5ef1d75be045a  corporate/3.0/SRPMS/libvorbis-1.0.1-4.2.C30mdk.src.rpm

 Corporate 4.0:
 3354475793ef4eb0489fab6cbbb66b4b  corporate/4.0/i586/libvorbis0-1.1.1-1.2.20060mlcs4.i586.rpm
 98795f48ac6f58fe0c085ccddbc8b013  corporate/4.0/i586/libvorbis0-devel-1.1.1-1.2.20060mlcs4.i586.rpm
 ff749aafc57d36a7bea5d9911e1e0464  corporate/4.0/i586/libvorbisenc2-1.1.1-1.2.20060mlcs4.i586.rpm
 f3c1ce534e434ccb18d8a20e8131f645  corporate/4.0/i586/libvorbisfile3-1.1.1-1.2.20060mlcs4.i586.rpm 
 a03a39326629aeac0b8089f16ac1669c  corporate/4.0/SRPMS/libvorbis-1.1.1-1.2.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 1fd83d033b447bbe31b382b6ef406b04  corporate/4.0/x86_64/lib64vorbis0-1.1.1-1.2.20060mlcs4.x86_64.rpm
 7277ef1839ff508bb82c7cfdabd08bbc  corporate/4.0/x86_64/lib64vorbis0-devel-1.1.1-1.2.20060mlcs4.x86_64.rpm
 85982268bb38fee83857e3d43b81e857  corporate/4.0/x86_64/lib64vorbisenc2-1.1.1-1.2.20060mlcs4.x86_64.rpm
 b2becf1d0654a3c7dc39d776ea06fef7  corporate/4.0/x86_64/lib64vorbisfile3-1.1.1-1.2.20060mlcs4.x86_64.rpm 
 a03a39326629aeac0b8089f16ac1669c  corporate/4.0/SRPMS/libvorbis-1.1.1-1.2.20060mlcs4.src.rpm

 Multi Network Firewall 2.0:
 4aeb3e14e502a4985045faa4b78a06e6  mnf/2.0/i586/libvorbis0-1.0.1-4.2.M20mdk.i586.rpm
 d361415bee36020ea5b0b5fd42ccc260  mnf/2.0/i586/libvorbis0-devel-1.0.1-4.2.M20mdk.i586.rpm
 7b9cf8d7bdf58bea8a77f05ffef744d3  mnf/2.0/i586/libvorbisenc2-1.0.1-4.2.M20mdk.i586.rpm
 33e7c4ddc5a1cba04d0e238b2cbda192  mnf/2.0/i586/libvorbisfile3-1.0.1-4.2.M20mdk.i586.rpm 
 35f0157658f80c209b4bfd4557668aca  mnf/2.0/SRPMS/libvorbis-1.0.1-4.2.M20mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFHDVqEmqjQ0CJFipgRAoNiAKC8sak4VviFaKGNNIkVujrmYA+PSgCcDTDI
QWEg84Lby+nroQbzWtPeWaY=
=Zvfm
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
  • [ MDKSA-2007:194 ] - Updated libvorbis packages fix vulnerabilities security (Oct 11)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]