lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Tue,  3 Jun 2008 11:27:35 +0200 (CEST)
From: (Thijs Kinkhorst)
Subject: [SECURITY] [DSA 1591-1] New libvorbis packages fix several vulnerabilities

Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1591-1                                  Thijs Kinkhorst
June 03, 2008               
- ------------------------------------------------------------------------

Package        : libvorbis
Vulnerability  : several
Problem type   : local (remote)
Debian-specific: no
CVE Id(s)      : CVE-2008-1419 CVE-2008-1420 CVE-2008-1423
Debian Bug     : 482518

Several local (remote) vulnerabilities have been discovered in libvorbis,
a library for the Vorbis general-purpose compressed audio codec. The Common
Vulnerabilities and Exposures project identifies the following problems:


    libvorbis does not properly handle a zero value which allows remote
    attackers to cause a denial of service (crash or infinite loop) or
    trigger an integer overflow.


    Integer overflow in libvorbis allows remote attackers to execute
    arbitrary code via a crafted OGG file, which triggers a heap overflow.


    Integer overflow in libvorbis allows remote attackers to cause a denial
    of service (crash) or execute arbitrary code via a crafted OGG file
    which triggers a heap overflow.

For the stable distribution (etch), these problems have been fixed in version

For the unstable distribution (sid), these problems have been fixed in
version 1.2.0.dfsg-3.1. 

We recommend that you upgrade your libvorbis package.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch
- -------------------------------

Source archives:
    Size/MD5 checksum:      787 2f0bfd28fb368c43c56332e7de7a2e3d
    Size/MD5 checksum:  1312540 44cf09fef7f78e7c6ba7dd63b6137412
    Size/MD5 checksum:    15782 62527e6adcff1dca42018a0252b19b91

alpha architecture (DEC Alpha)
    Size/MD5 checksum:    94500 edb2728b48cd6fc0357f62a7dc8fca5c
    Size/MD5 checksum:   110468 8273babee8a08c373671b468469b2ede
    Size/MD5 checksum:    19202 925dfba3f212e8b69c760c433b119716
    Size/MD5 checksum:   494958 0052fe78f4be43cb9a7f42ea2b25f7fe

amd64 architecture (AMD x86_64 (AMD64))
    Size/MD5 checksum:    17790 f49da89a8b972614687f3a5e2f6c5bac
    Size/MD5 checksum:    93498 241499415b96f3e348d1ec9c66a45981
    Size/MD5 checksum:   101508 63e1e8392876a822dc664e21b19e0185
    Size/MD5 checksum:   468670 8c6c80eb7b8e7f8b49be1447357ebce1

arm architecture (ARM)
    Size/MD5 checksum:    75744 03dad28341cde24fbbfd20444bf346c2
    Size/MD5 checksum:    18528 508cb939f65a367447c44add9dd8c11a
    Size/MD5 checksum:    98190 a09c2d3021f7b9d2d9b2bf04b2d30957
    Size/MD5 checksum:   458578 6dcadbb28c56a0a9368bfcd67b28d3fa

hppa architecture (HP PA RISC)
    Size/MD5 checksum:   483196 0435784553fb2b9c08c915da58c3c7e1
    Size/MD5 checksum:    21978 6ade3e3b040f8e01c4fe023df6faf2de
    Size/MD5 checksum:   108084 7d263ee14d29b787b0f32710ae2bffdf
    Size/MD5 checksum:    92430 72180513d203103e56e4929ca6da035f

i386 architecture (Intel ia32)
    Size/MD5 checksum:   453652 55bc31f817b6806d19d8f0696cc288cd
    Size/MD5 checksum:    18884 5d4f1bccf5efa0d5ba5767b49f97d253
    Size/MD5 checksum:    75346 f11509bd2b430f8be62706a13748d6bc
    Size/MD5 checksum:    98176 d5b46716c8ab083b9c00b523a73a81b9

ia64 architecture (Intel ia64)
    Size/MD5 checksum:    98022 dabf436427e867a81074bdca0c53ef6e
    Size/MD5 checksum:   510180 1c4e1c58e7d63f10ff7efaf3a6555f46
    Size/MD5 checksum:    24700 8dadf685db0738f52c4b47420eff588a
    Size/MD5 checksum:   136046 b5d657cad9154915f0a9c0779e68cf1c

mips architecture (MIPS (Big Endian))
    Size/MD5 checksum:   104986 3d6d14fff3621ed344e88e7bb57ae627
    Size/MD5 checksum:    81588 e776156e4d5647f0aa591ea8b01d3aad
    Size/MD5 checksum:    20946 5f5eca06d6b715087a4298d2db944fcf
    Size/MD5 checksum:   479286 4a9404dab651fd387901d6eb223bd835

mipsel architecture (MIPS (Little Endian))
    Size/MD5 checksum:    76982 63638be1a06154fa1126e5be3a4ac95e
    Size/MD5 checksum:   469086 9c31f061ab04690bf52876821a9383ea
    Size/MD5 checksum:    20944 5f59636c00cbe76590ac1ef23235cd8d
    Size/MD5 checksum:   104948 be1bf5fd730d239f5cd62a92cd4b75e4

powerpc architecture (PowerPC)
    Size/MD5 checksum:   105760 ba397af813b092de9bea72accb46db4b
    Size/MD5 checksum:    21394 7e12a198ce7bed6922d20da108e5bad5
    Size/MD5 checksum:    82558 1299949b45c3a6fdba4fa64fcf48dc53
    Size/MD5 checksum:   475206 7cda1ebdffc9b47d90efa594bea5d5b8

s390 architecture (IBM S/390)
    Size/MD5 checksum:   452736 403af241544bf4fd66f4993003f0f192
    Size/MD5 checksum:    90546 f2f4a9e7410b946b91c4d44cef18f5af
    Size/MD5 checksum:   102548 ad43cb11ddff398ee0a83ded1a024321
    Size/MD5 checksum:    20920 7ffdc1f9962394073efae81356780428

sparc architecture (Sun SPARC/UltraSPARC)
    Size/MD5 checksum:    98252 fad4afe3566e986fe819a0fff6a2376e
    Size/MD5 checksum:   453410 ce3775bb59d55b9ba7e34469225e0d20
    Size/MD5 checksum:    17888 4eaf8a0cfd4f3b1c6f8332ccf1bf6ef4
    Size/MD5 checksum:    79796 57795226ac31a7b5bf7793e4e14dc89a

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list:
Package info: `apt-cache show <pkg>' and<pkg>
Version: GnuPG v1.4.6 (GNU/Linux)


Powered by blists - more mailing lists