lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20080508201559.GM9973@severus.strandboge.com>
Date: Thu, 8 May 2008 16:15:59 -0400
From: Jamie Strandboge <jamie@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk
Subject: [USN-611-1] Speex vulnerability

=========================================================== 
Ubuntu Security Notice USN-611-1               May 08, 2008
speex vulnerability
CVE-2008-1686
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 7.04
Ubuntu 7.10
Ubuntu 8.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  libspeex1                       1.1.11.1-1ubuntu0.3

Ubuntu 7.04:
  libspeex1                       1.1.12-3ubuntu0.7.04.1

Ubuntu 7.10:
  libspeex1                       1.1.12-3ubuntu0.7.10.1

Ubuntu 8.04 LTS:
  libspeex1                       1.1.12-3ubuntu0.8.04.1

After a standard system upgrade you need to restart applications linked against
Speex to effect the necessary changes.

Details follow:

It was discovered that Speex did not properly validate its input when
processing Speex file headers. If a user or automated system were
tricked into opening a specially crafted Speex file, an attacker could
create a denial of service in applications linked against Speex or
possibly execute arbitrary code as the user invoking the program.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/s/speex/speex_1.1.11.1-1ubuntu0.3.diff.gz
      Size/MD5:    16334 3043ac1b83c4f616ee9e7ce0445f6f4a
    http://security.ubuntu.com/ubuntu/pool/main/s/speex/speex_1.1.11.1-1ubuntu0.3.dsc
      Size/MD5:      891 a47ed95c32a7f46195117b0940003512
    http://security.ubuntu.com/ubuntu/pool/main/s/speex/speex_1.1.11.1.orig.tar.gz
      Size/MD5:   720528 5282d23ea605232be05b537cca7af242

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/s/speex/speex-doc_1.1.11.1-1ubuntu0.3_all.deb
      Size/MD5:  1175164 88a00eb0263c884a7fb2f8e86f7085cf

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/s/speex/libspeex-dev_1.1.11.1-1ubuntu0.3_amd64.deb
      Size/MD5:    99344 ff9c32a2add83695f263ab665bfeea2e
    http://security.ubuntu.com/ubuntu/pool/main/s/speex/libspeex1_1.1.11.1-1ubuntu0.3_amd64.deb
      Size/MD5:    73114 fb8d379b7b59a01dfbdc71061ec55d2f
    http://security.ubuntu.com/ubuntu/pool/universe/s/speex/speex_1.1.11.1-1ubuntu0.3_amd64.deb
      Size/MD5:    25730 3024d74692a5284a7d3c3c7a0ea731f4

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/s/speex/libspeex-dev_1.1.11.1-1ubuntu0.3_i386.deb
      Size/MD5:    85844 103f5455a185b5f7b67e1e9db8e09bf5
    http://security.ubuntu.com/ubuntu/pool/main/s/speex/libspeex1_1.1.11.1-1ubuntu0.3_i386.deb
      Size/MD5:    68198 e49b7fcbe1dac385ea3dd3531b3578ab
    http://security.ubuntu.com/ubuntu/pool/universe/s/speex/speex_1.1.11.1-1ubuntu0.3_i386.deb
      Size/MD5:    24506 f313ba989a11acfc1d087f0cbf32ec1c

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/s/speex/libspeex-dev_1.1.11.1-1ubuntu0.3_powerpc.deb
      Size/MD5:   102896 6f060fc21867cb58ebbc2bc2610a89e4
    http://security.ubuntu.com/ubuntu/pool/main/s/speex/libspeex1_1.1.11.1-1ubuntu0.3_powerpc.deb
      Size/MD5:    78074 139b3f33a76ace71235795c5a5d5c257
    http://security.ubuntu.com/ubuntu/pool/universe/s/speex/speex_1.1.11.1-1ubuntu0.3_powerpc.deb
      Size/MD5:    27502 9abaa0c5f9c85fc61bf7dbae3c367b24

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/s/speex/libspeex-dev_1.1.11.1-1ubuntu0.3_sparc.deb
      Size/MD5:    93950 60cd3a6214b4131804e04ef726512706
    http://security.ubuntu.com/ubuntu/pool/main/s/speex/libspeex1_1.1.11.1-1ubuntu0.3_sparc.deb
      Size/MD5:    72626 3bc63bc48594cfb32dba17c63c9278a1
    http://security.ubuntu.com/ubuntu/pool/universe/s/speex/speex_1.1.11.1-1ubuntu0.3_sparc.deb
      Size/MD5:    25564 f44fac017d8f1cad870b8b7d865ae704

Updated packages for Ubuntu 7.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/s/speex/speex_1.1.12-3ubuntu0.7.04.1.diff.gz
      Size/MD5:    16462 8f5c4ba40a9d55f67207def20fd0d8f8
    http://security.ubuntu.com/ubuntu/pool/main/s/speex/speex_1.1.12-3ubuntu0.7.04.1.dsc
      Size/MD5:      896 bf22d92d6a3d9e152c7e3d8e5516e5aa
    http://security.ubuntu.com/ubuntu/pool/main/s/speex/speex_1.1.12.orig.tar.gz
      Size/MD5:   740110 1bd6cdf3a0ebabf818cd72a3401e2610

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/s/speex/speex-doc_1.1.12-3ubuntu0.7.04.1_all.deb
      Size/MD5:  1621198 e693f69bee4af4022f1426628d8fa874

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/s/speex/libspeex-dev_1.1.12-3ubuntu0.7.04.1_amd64.deb
      Size/MD5:   107898 ca461c3a1137db04b701f6abf359221c
    http://security.ubuntu.com/ubuntu/pool/main/s/speex/libspeex1_1.1.12-3ubuntu0.7.04.1_amd64.deb
      Size/MD5:    81248 63a3b920764b3c7a8c440ece3d5a6628
    http://security.ubuntu.com/ubuntu/pool/universe/s/speex/speex_1.1.12-3ubuntu0.7.04.1_amd64.deb
      Size/MD5:    26278 1e0bb2a94c4f8cb9d7b8a879c87d77a5

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/s/speex/libspeex-dev_1.1.12-3ubuntu0.7.04.1_i386.deb
      Size/MD5:    93276 3fc302a1d7250759c05cdb9266795512
    http://security.ubuntu.com/ubuntu/pool/main/s/speex/libspeex1_1.1.12-3ubuntu0.7.04.1_i386.deb
      Size/MD5:    76948 54b210c5e9aa7165b2e3574d4ec22129
    http://security.ubuntu.com/ubuntu/pool/universe/s/speex/speex_1.1.12-3ubuntu0.7.04.1_i386.deb
      Size/MD5:    25348 d40840a2b30852980cb8abe33f8f52b4

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/s/speex/libspeex-dev_1.1.12-3ubuntu0.7.04.1_powerpc.deb
      Size/MD5:   111304 fecf9674ed877ee012d4481dbfd28ff7
    http://security.ubuntu.com/ubuntu/pool/main/s/speex/libspeex1_1.1.12-3ubuntu0.7.04.1_powerpc.deb
      Size/MD5:    88048 dea6b4205ec628871f6ff16eaf50c2f1
    http://security.ubuntu.com/ubuntu/pool/universe/s/speex/speex_1.1.12-3ubuntu0.7.04.1_powerpc.deb
      Size/MD5:    29860 5925a4f45f770f209fff316f78dba6cc

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/s/speex/libspeex-dev_1.1.12-3ubuntu0.7.04.1_sparc.deb
      Size/MD5:   100622 b4f79870679d10a746122d62824520a5
    http://security.ubuntu.com/ubuntu/pool/main/s/speex/libspeex1_1.1.12-3ubuntu0.7.04.1_sparc.deb
      Size/MD5:    79974 363d994497fbe56da99c9e3d190159aa
    http://security.ubuntu.com/ubuntu/pool/universe/s/speex/speex_1.1.12-3ubuntu0.7.04.1_sparc.deb
      Size/MD5:    26626 17839bcc3c1c7f8e093527a9b012b5c1

Updated packages for Ubuntu 7.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/s/speex/speex_1.1.12-3ubuntu0.7.10.1.diff.gz
      Size/MD5:    16464 a9f2cc5874334105f139fe4658d6932a
    http://security.ubuntu.com/ubuntu/pool/main/s/speex/speex_1.1.12-3ubuntu0.7.10.1.dsc
      Size/MD5:      896 19296f16fadc226b5bfa661c5c60446a
    http://security.ubuntu.com/ubuntu/pool/main/s/speex/speex_1.1.12.orig.tar.gz
      Size/MD5:   740110 1bd6cdf3a0ebabf818cd72a3401e2610

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/s/speex/speex-doc_1.1.12-3ubuntu0.7.10.1_all.deb
      Size/MD5:  2739332 950760db17a4a3ddd98819b664e2cade

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/s/speex/libspeex-dev_1.1.12-3ubuntu0.7.10.1_amd64.deb
      Size/MD5:   108820 fb59780481a14fd71d7404dcbd468de2
    http://security.ubuntu.com/ubuntu/pool/main/s/speex/libspeex1_1.1.12-3ubuntu0.7.10.1_amd64.deb
      Size/MD5:    81928 26a27b1731508bcbcf30927f016deb13
    http://security.ubuntu.com/ubuntu/pool/universe/s/speex/speex_1.1.12-3ubuntu0.7.10.1_amd64.deb
      Size/MD5:    26320 e0d3ddab4c85093e3510f724bad4328a

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/s/speex/libspeex-dev_1.1.12-3ubuntu0.7.10.1_i386.deb
      Size/MD5:    93644 b36263803f01174d6bb1577064aa3528
    http://security.ubuntu.com/ubuntu/pool/main/s/speex/libspeex1_1.1.12-3ubuntu0.7.10.1_i386.deb
      Size/MD5:    77590 d0e00ef79d2c4ee88815cebcd327b73a
    http://security.ubuntu.com/ubuntu/pool/universe/s/speex/speex_1.1.12-3ubuntu0.7.10.1_i386.deb
      Size/MD5:    25242 d34367d6b1842d636d3cd7e184c4fb3c

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/s/speex/libspeex-dev_1.1.12-3ubuntu0.7.10.1_lpia.deb
      Size/MD5:    92996 b875296d5217f2102f5d3913a11856a2
    http://ports.ubuntu.com/pool/main/s/speex/libspeex1_1.1.12-3ubuntu0.7.10.1_lpia.deb
      Size/MD5:    76334 8b44f386012576e364aa5051cb496c29
    http://ports.ubuntu.com/pool/universe/s/speex/speex_1.1.12-3ubuntu0.7.10.1_lpia.deb
      Size/MD5:    25432 a38ad81fba60b956968e54722ff82dcc

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/s/speex/libspeex-dev_1.1.12-3ubuntu0.7.10.1_powerpc.deb
      Size/MD5:   111450 d505aff351cb6b59dfa101b7fe902443
    http://security.ubuntu.com/ubuntu/pool/main/s/speex/libspeex1_1.1.12-3ubuntu0.7.10.1_powerpc.deb
      Size/MD5:    88112 e06e4db8125927e9078742bfaba8e56c
    http://security.ubuntu.com/ubuntu/pool/universe/s/speex/speex_1.1.12-3ubuntu0.7.10.1_powerpc.deb
      Size/MD5:    29808 798c8763dbecb9d00234aca8f29ce4ee

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/s/speex/libspeex-dev_1.1.12-3ubuntu0.7.10.1_sparc.deb
      Size/MD5:   100846 715db8b55820a946decb096afff83cc7
    http://security.ubuntu.com/ubuntu/pool/main/s/speex/libspeex1_1.1.12-3ubuntu0.7.10.1_sparc.deb
      Size/MD5:    80278 0ef531ecf94d3f86bd0b262625f7f046
    http://security.ubuntu.com/ubuntu/pool/universe/s/speex/speex_1.1.12-3ubuntu0.7.10.1_sparc.deb
      Size/MD5:    26644 0bbb348bd1845c929bac9060c17c3440

Updated packages for Ubuntu 8.04 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/s/speex/speex_1.1.12-3ubuntu0.8.04.1.diff.gz
      Size/MD5:    16463 ffe6236efeb0636cf1bb82e35e62040c
    http://security.ubuntu.com/ubuntu/pool/main/s/speex/speex_1.1.12-3ubuntu0.8.04.1.dsc
      Size/MD5:      896 4b325c8f915dccda407ecd3d9674d227
    http://security.ubuntu.com/ubuntu/pool/main/s/speex/speex_1.1.12.orig.tar.gz
      Size/MD5:   740110 1bd6cdf3a0ebabf818cd72a3401e2610

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/s/speex/speex-doc_1.1.12-3ubuntu0.8.04.1_all.deb
      Size/MD5:  1374930 cff30859bb6d6d297eb0a67bb1ed4a68

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/s/speex/libspeex-dev_1.1.12-3ubuntu0.8.04.1_amd64.deb
      Size/MD5:   107162 d2cca372509a36921f7df4c6d91764c4
    http://security.ubuntu.com/ubuntu/pool/main/s/speex/libspeex1_1.1.12-3ubuntu0.8.04.1_amd64.deb
      Size/MD5:    80596 0474f2424b6ef876744af59abf9a3b9e
    http://security.ubuntu.com/ubuntu/pool/universe/s/speex/speex_1.1.12-3ubuntu0.8.04.1_amd64.deb
      Size/MD5:    26366 6738274b4274e17566979a13dd8f00e2

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/s/speex/libspeex-dev_1.1.12-3ubuntu0.8.04.1_i386.deb
      Size/MD5:    92798 ce4b30f29cb5251fa9646d2c51d0ad5b
    http://security.ubuntu.com/ubuntu/pool/main/s/speex/libspeex1_1.1.12-3ubuntu0.8.04.1_i386.deb
      Size/MD5:    75300 85cf718906c94e92f7abf54233610779
    http://security.ubuntu.com/ubuntu/pool/universe/s/speex/speex_1.1.12-3ubuntu0.8.04.1_i386.deb
      Size/MD5:    25470 1f49095ca5a425fbf0bcafd3bf61deae

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/s/speex/libspeex-dev_1.1.12-3ubuntu0.8.04.1_lpia.deb
      Size/MD5:    93058 7c59131c5b33638da73ce607443af0f3
    http://ports.ubuntu.com/pool/main/s/speex/libspeex1_1.1.12-3ubuntu0.8.04.1_lpia.deb
      Size/MD5:    75470 142296715793d59b602509996b012386
    http://ports.ubuntu.com/pool/universe/s/speex/speex_1.1.12-3ubuntu0.8.04.1_lpia.deb
      Size/MD5:    25448 fb2e0288d95179ddcd381b90ed51ed74

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/s/speex/libspeex-dev_1.1.12-3ubuntu0.8.04.1_powerpc.deb
      Size/MD5:   110910 aec0ff1c13d10e5a4240e9e228e17476
    http://ports.ubuntu.com/pool/main/s/speex/libspeex1_1.1.12-3ubuntu0.8.04.1_powerpc.deb
      Size/MD5:    85722 99aa4c03960bc31c1aa11b5c6dd3b78c
    http://ports.ubuntu.com/pool/universe/s/speex/speex_1.1.12-3ubuntu0.8.04.1_powerpc.deb
      Size/MD5:    30130 fae12b25bb03ead975f0717a9a9ccf4f

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/s/speex/libspeex-dev_1.1.12-3ubuntu0.8.04.1_sparc.deb
      Size/MD5:   100536 bbe537676e242db9d9f032327a4ef82f
    http://ports.ubuntu.com/pool/main/s/speex/libspeex1_1.1.12-3ubuntu0.8.04.1_sparc.deb
      Size/MD5:    79398 101308f94e0dcb27bd429eaab076927e
    http://ports.ubuntu.com/pool/universe/s/speex/speex_1.1.12-3ubuntu0.8.04.1_sparc.deb
      Size/MD5:    26430 4203e6d8b4f6612d0ed2250a84970820



Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ