bugtraq August 2007 archive
Main Archive Page > Month Archives  > bugtraq archives
bugtraq: [ MDKSA-2007:167-1 ] - Updated libvorbis packages fix v

[ MDKSA-2007:167-1 ] - Updated libvorbis packages fix vulnerabilities

From: <security_at_nospam>
Date: Mon Aug 20 2007 - 19:25:25 GMT
To: bugtraq@securityfocus.com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


  Mandriva Linux Security Advisory MDKSA-2007:167-1  http://www.mandriva.com/security/
  Package : libvorbis Date : August 20, 2007 Affected: 2007.1
_______________________________________________________________________

 Problem Description:  

 David Thiel discovered that libvorbis did not correctly verify the size  of certain headers, and did not correctly clean up a broken stream.  If a user were tricked into processing a specially crafted Vorbis  stream, a remote attacker could possibly cause a denial of service  or execute arbitrary code with the user's privileges.

 Update:

 Due to a packaging problem, the libvorbis development package was not  able to be upgraded on Mandriva Linux 2007.1 This has been corrected  with this new update.


 References:  

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3106  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4029


 

 Updated Packages:  

 Mandriva Linux 2007.1: 2e0f3ba6bab84829f4eb5602610f0283 2007.1/i586/libvorbis0-1.1.2-1.2mdv2007.1.i586.rpm 4c1f8bf27383b5e60a83c877e82c6d28 2007.1/i586/libvorbis0-devel-1.1.2-1.2mdv2007.1.i586.rpm bb34b14893244635f9babcec95f0a4c6 2007.1/i586/libvorbisenc2-1.1.2-1.2mdv2007.1.i586.rpm 70a25cd8bd2d7401d0e6856cac302181 2007.1/i586/libvorbisfile3-1.1.2-1.2mdv2007.1.i586.rpm 74aafd22d2b5a3bbb22b22256436cc24 2007.1/SRPMS/libvorbis-1.1.2-1.2mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64: 7dfa1037d95c4a177486d1a86bd53541 2007.1/x86_64/lib64vorbis0-1.1.2-1.2mdv2007.1.x86_64.rpm 036c3670b57f6a0b142562e21134a103 2007.1/x86_64/lib64vorbis0-devel-1.1.2-1.2mdv2007.1.x86_64.rpm bf09716e4000c8fd92870fd037e7eef8 2007.1/x86_64/lib64vorbisenc2-1.1.2-1.2mdv2007.1.x86_64.rpm 88c10d6028086f241ae32b20ee192a87 2007.1/x86_64/lib64vorbisfile3-1.1.2-1.2mdv2007.1.x86_64.rpm 74aafd22d2b5a3bbb22b22256436cc24 2007.1/SRPMS/libvorbis-1.1.2-1.2mdv2007.1.src.rpm
_______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi. The verification  of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security. You can obtain the  GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com


 Type Bits/KeyID Date User ID
 pub 1024D/22458A98 2000-07-10 Mandriva Security Team   <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGycBYmqjQ0CJFipgRAsIaAKCNKOjD/hvRK/l4Ux5CGAR90n3YYgCgiRTp Ch5TP/RwBTZ4GudyHdXm5qo=
=ssHw
-----END PGP SIGNATURE-----