[ MDKSA-2007:167 ] - Updated libvorbis packages fix vulnerabilities
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDKSA-2007:167
http://www.mandriva.com/security/
_______________________________________________________________________
Package : libvorbis
Date : August 18, 2007
Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0,
Multi Network Firewall 2.0
_______________________________________________________________________
Problem Description:
David Thiel discovered that libvorbis did not correctly verify the size
of certain headers, and did not correctly clean up a broken stream.
If a user were tricked into processing a specially crafted Vorbis
stream, a remote attacker could possibly cause a denial of service
or execute arbitrary code with the user's privileges.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3106
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4029
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2007.0:
0bfa4cc649993f774280778e3c58495f
2007.0/i586/libvorbis0-1.1.2-1.1mdv2007.0.i586.rpm
4b030b008428afe795321c7420952618
2007.0/i586/libvorbis0-devel-1.1.2-1.1mdv2007.0.i586.rpm
4041c5cc0add74ccb124aa15aa218592
2007.0/i586/libvorbisenc2-1.1.2-1.1mdv2007.0.i586.rpm
c58d053da7865572f41c18441c8c56d1
2007.0/i586/libvorbisfile3-1.1.2-1.1mdv2007.0.i586.rpm
15bad7c2b4bf8bdf8e6bcee7847111e4
2007.0/SRPMS/libvorbis-1.1.2-1.1mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
757ee33c7b37949c73409d35439b468a
2007.0/x86_64/lib64vorbis0-1.1.2-1.1mdv2007.0.x86_64.rpm
1312680e091c8253b2fb4eebdd8a43e2
2007.0/x86_64/lib64vorbis0-devel-1.1.2-1.1mdv2007.0.x86_64.rpm
3fde1e05260a803dcbf7c3cd99327678
2007.0/x86_64/lib64vorbisenc2-1.1.2-1.1mdv2007.0.x86_64.rpm
30d835e56cd104b267637d746cd21dcd
2007.0/x86_64/lib64vorbisfile3-1.1.2-1.1mdv2007.0.x86_64.rpm
15bad7c2b4bf8bdf8e6bcee7847111e4
2007.0/SRPMS/libvorbis-1.1.2-1.1mdv2007.0.src.rpm
Mandriva Linux 2007.1:
338c7cd9a41b58f2a67314752d6fc78f
2007.1/i586/libvorbis0-1.1.2-1.1mdv2007.1.i586.rpm
a874c420d346f1f93a25c57d7b44de68
2007.1/i586/libvorbis0-devel-1.1.2-1.1mdv2007.1.i586.rpm
c356eb38131c845d4bc0b7467058f489
2007.1/i586/libvorbisenc2-1.1.2-1.1mdv2007.1.i586.rpm
b5be4af1bce5579c8b13eef29741230a
2007.1/i586/libvorbisfile3-1.1.2-1.1mdv2007.1.i586.rpm
19c41a0b80895c32ef4cfcfad049a90f
2007.1/SRPMS/libvorbis-1.1.2-1.1mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64:
bd4d2ae801b03613e04791c995bf3afc
2007.1/x86_64/lib64vorbis0-1.1.2-1.1mdv2007.1.x86_64.rpm
f8f29239115bf2a0dcd6efd4320f3d7a
2007.1/x86_64/lib64vorbis0-devel-1.1.2-1.1mdv2007.1.x86_64.rpm
9b06895406cc6132e177388b99a876ba
2007.1/x86_64/lib64vorbisenc2-1.1.2-1.1mdv2007.1.x86_64.rpm
777b438ea72926805deaf657f578530d
2007.1/x86_64/lib64vorbisfile3-1.1.2-1.1mdv2007.1.x86_64.rpm
19c41a0b80895c32ef4cfcfad049a90f
2007.1/SRPMS/libvorbis-1.1.2-1.1mdv2007.1.src.rpm
Corporate 3.0:
2ab561a46d55e28a1f5c78b71fc67626
corporate/3.0/i586/libvorbis0-1.0.1-4.1.C30mdk.i586.rpm
bf0210f58ecacfbacf36347770e13eba
corporate/3.0/i586/libvorbis0-devel-1.0.1-4.1.C30mdk.i586.rpm
588ed731da2fa7fa47440576f604be6a
corporate/3.0/i586/libvorbisenc2-1.0.1-4.1.C30mdk.i586.rpm
3b08dea676c8a4b48a950fc7dba02318
corporate/3.0/i586/libvorbisfile3-1.0.1-4.1.C30mdk.i586.rpm
c6d49fda4888842c50f3ba37d02ad9b4
corporate/3.0/SRPMS/libvorbis-1.0.1-4.1.C30mdk.src.rpm
Corporate 3.0/X86_64:
86c34e72a62eabd0b6bbad34e5bb558f
corporate/3.0/x86_64/lib64vorbis0-1.0.1-4.1.C30mdk.x86_64.rpm
9c873a72c1664175601e48bb01394876
corporate/3.0/x86_64/lib64vorbis0-devel-1.0.1-4.1.C30mdk.x86_64.rpm
c4cbbd31f9f5936a16c314cd4e9581ad
corporate/3.0/x86_64/lib64vorbisenc2-1.0.1-4.1.C30mdk.x86_64.rpm
84b8992786ba2df54fef7077d65207ab
corporate/3.0/x86_64/lib64vorbisfile3-1.0.1-4.1.C30mdk.x86_64.rpm
c6d49fda4888842c50f3ba37d02ad9b4
corporate/3.0/SRPMS/libvorbis-1.0.1-4.1.C30mdk.src.rpm
Corporate 4.0:
cc5f37360738c420d865218ab7ec031d
corporate/4.0/i586/libvorbis0-1.1.1-1.1.20060mlcs4.i586.rpm
63111af08666d8b1f8468c86b78361cc
corporate/4.0/i586/libvorbis0-devel-1.1.1-1.1.20060mlcs4.i586.rpm
0cc2a1d3a5ffafdde1b6a2ae85e0cd73
corporate/4.0/i586/libvorbisenc2-1.1.1-1.1.20060mlcs4.i586.rpm
2b0d86648b8efef6ca39c1675826c43b
corporate/4.0/i586/libvorbisfile3-1.1.1-1.1.20060mlcs4.i586.rpm
8bfecd42db5df1e0588b8ccc115e930b
corporate/4.0/SRPMS/libvorbis-1.1.1-1.1.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
0f94de4c3754192f2cfda8a8b511835e
corporate/4.0/x86_64/lib64vorbis0-1.1.1-1.1.20060mlcs4.x86_64.rpm
3fdd695420f2acde7bdaa0a2173c3fd8
corporate/4.0/x86_64/lib64vorbis0-devel-1.1.1-1.1.20060mlcs4.x86_64.rpm
fbcb89b53aff9a67adec4287ef4a1ef2
corporate/4.0/x86_64/lib64vorbisenc2-1.1.1-1.1.20060mlcs4.x86_64.rpm
2d6810940ebd6a3434d39f5aa6a5297e
corporate/4.0/x86_64/lib64vorbisfile3-1.1.1-1.1.20060mlcs4.x86_64.rpm
8bfecd42db5df1e0588b8ccc115e930b
corporate/4.0/SRPMS/libvorbis-1.1.1-1.1.20060mlcs4.src.rpm
Multi Network Firewall 2.0:
44164718fd13aea9c3a9b36b69b8727c
mnf/2.0/i586/libvorbis0-1.0.1-4.1.M20mdk.i586.rpm
cf62f0f3376bcddb3d025d16238ff1d9
mnf/2.0/i586/libvorbis0-devel-1.0.1-4.1.M20mdk.i586.rpm
d62687627f764d222afc1a3bc2ecc1c3
mnf/2.0/i586/libvorbisenc2-1.0.1-4.1.M20mdk.i586.rpm
07d320206547edc9834f290c06818419
mnf/2.0/i586/libvorbisfile3-1.0.1-4.1.M20mdk.i586.rpm
f27ea3b094bb95cc9f03e444d193dd77
mnf/2.0/SRPMS/libvorbis-1.0.1-4.1.M20mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFGx2aVmqjQ0CJFipgRAnEAAKCEuiw4gdnlPnywk27GOQ45zkSq0wCgvn6Q
+m+DVZ4AzY2XGNFCKcnIdo4=
=4/Uh
-----END PGP SIGNATURE-----