lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20080508211142.GN9973@severus.strandboge.com>
Date: Thu, 8 May 2008 17:11:42 -0400
From: Jamie Strandboge <jamie@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-611-2] vorbis-tools vulnerability

=========================================================== 
Ubuntu Security Notice USN-611-2               May 08, 2008
vorbis-tools vulnerability
CVE-2008-1686
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 7.04
Ubuntu 7.10
Ubuntu 8.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  vorbis-tools                    1.1.1-3ubuntu0.1

Ubuntu 7.04:
  vorbis-tools                    1.1.1-6ubuntu0.1

Ubuntu 7.10:
  vorbis-tools                    1.1.1-13ubuntu0.1

Ubuntu 8.04 LTS:
  vorbis-tools                    1.1.1-15ubuntu0.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

USN-611-1 fixed a vulnerability in Speex. This update provides the
corresponding update for ogg123, part of vorbis-tools.

Original advisory details:

 It was discovered that Speex did not properly validate its input when
 processing Speex file headers. If a user or automated system were
 tricked into opening a specially crafted Speex file, an attacker could
 create a denial of service in applications linked against Speex or
 possibly execute arbitrary code as the user invoking the program.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/v/vorbis-tools/vorbis-tools_1.1.1-3ubuntu0.1.diff.gz
      Size/MD5:    29084 20fb2753a882cb5770c352cd957f41c1
    http://security.ubuntu.com/ubuntu/pool/main/v/vorbis-tools/vorbis-tools_1.1.1-3ubuntu0.1.dsc
      Size/MD5:      826 d40b247eda78ab928d2501e538c91b2d
    http://security.ubuntu.com/ubuntu/pool/main/v/vorbis-tools/vorbis-tools_1.1.1.orig.tar.gz
      Size/MD5:   950614 6b4c7fea98b2cd12bef440d42fdfb2f1

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/v/vorbis-tools/vorbis-tools_1.1.1-3ubuntu0.1_amd64.deb
      Size/MD5:   107424 4fa2d0ff3ac663e039679bc3f947118e

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/v/vorbis-tools/vorbis-tools_1.1.1-3ubuntu0.1_i386.deb
      Size/MD5:    92986 294efb535da9ff1dda7bc8d881e9d46e

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/v/vorbis-tools/vorbis-tools_1.1.1-3ubuntu0.1_powerpc.deb
      Size/MD5:   109956 70ffe2ed8d86419387a15d77e589eef4

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/v/vorbis-tools/vorbis-tools_1.1.1-3ubuntu0.1_sparc.deb
      Size/MD5:    95528 35e5d78f7b692863232e45e555da35b2

Updated packages for Ubuntu 7.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/v/vorbis-tools/vorbis-tools_1.1.1-6ubuntu0.1.diff.gz
      Size/MD5:    31401 3c24fe5828a5790f7f724ae98467c1a7
    http://security.ubuntu.com/ubuntu/pool/main/v/vorbis-tools/vorbis-tools_1.1.1-6ubuntu0.1.dsc
      Size/MD5:      859 28c969727377cf6f1591c3f1e9fe5cdb
    http://security.ubuntu.com/ubuntu/pool/main/v/vorbis-tools/vorbis-tools_1.1.1.orig.tar.gz
      Size/MD5:   950614 6b4c7fea98b2cd12bef440d42fdfb2f1

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/v/vorbis-tools/vorbis-tools_1.1.1-6ubuntu0.1_amd64.deb
      Size/MD5:   110322 d31b543e6a06d35e1b0297228660dcc1

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/v/vorbis-tools/vorbis-tools_1.1.1-6ubuntu0.1_i386.deb
      Size/MD5:   100934 56c48cb1157f2644fdc8954f07630b9e

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/v/vorbis-tools/vorbis-tools_1.1.1-6ubuntu0.1_powerpc.deb
      Size/MD5:   125222 ed7a79c193355330d500b322d6a256d0

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/v/vorbis-tools/vorbis-tools_1.1.1-6ubuntu0.1_sparc.deb
      Size/MD5:   102134 d0d3e30a89102d11ca88a656a5619978

Updated packages for Ubuntu 7.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/v/vorbis-tools/vorbis-tools_1.1.1-13ubuntu0.1.diff.gz
      Size/MD5:    40975 d7e5ba00f7629c843779ec00f50831e5
    http://security.ubuntu.com/ubuntu/pool/main/v/vorbis-tools/vorbis-tools_1.1.1-13ubuntu0.1.dsc
      Size/MD5:      902 787ae85eff1f2533e68aa3b9377622a9
    http://security.ubuntu.com/ubuntu/pool/main/v/vorbis-tools/vorbis-tools_1.1.1.orig.tar.gz
      Size/MD5:   950614 6b4c7fea98b2cd12bef440d42fdfb2f1

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/v/vorbis-tools/vorbis-tools_1.1.1-13ubuntu0.1_amd64.deb
      Size/MD5:   108396 79fe314fab4f5e1afe658afece63d4f9

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/v/vorbis-tools/vorbis-tools_1.1.1-13ubuntu0.1_i386.deb
      Size/MD5:    99358 6a1222becc5ad41d8e26104c1770511d

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/v/vorbis-tools/vorbis-tools_1.1.1-13ubuntu0.1_lpia.deb
      Size/MD5:    98500 44203df14c92be6ff616d71c3843ffe4

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/v/vorbis-tools/vorbis-tools_1.1.1-13ubuntu0.1_powerpc.deb
      Size/MD5:   123072 bb20a39e83b5c5e80904b77abe35be0b

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/v/vorbis-tools/vorbis-tools_1.1.1-13ubuntu0.1_sparc.deb
      Size/MD5:   100534 00e0b3c6fc2aed27afda7db0573b1277

Updated packages for Ubuntu 8.04 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/v/vorbis-tools/vorbis-tools_1.1.1-15ubuntu0.1.diff.gz
      Size/MD5:    41129 adee01388a841943dfc773e69aa7c991
    http://security.ubuntu.com/ubuntu/pool/main/v/vorbis-tools/vorbis-tools_1.1.1-15ubuntu0.1.dsc
      Size/MD5:      902 ced28a3a9262f207bf920767f2076c9d
    http://security.ubuntu.com/ubuntu/pool/main/v/vorbis-tools/vorbis-tools_1.1.1.orig.tar.gz
      Size/MD5:   950614 6b4c7fea98b2cd12bef440d42fdfb2f1

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/v/vorbis-tools/vorbis-tools_1.1.1-15ubuntu0.1_amd64.deb
      Size/MD5:   108286 fc09e3da4299f2d872307f4d560ac3fa

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/v/vorbis-tools/vorbis-tools_1.1.1-15ubuntu0.1_i386.deb
      Size/MD5:    99124 80df06b6c861b4ff067b732ef7dd1714

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/v/vorbis-tools/vorbis-tools_1.1.1-15ubuntu0.1_lpia.deb
      Size/MD5:    98766 8ed8a4db3d6c8e187082fc419b6f064a

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/v/vorbis-tools/vorbis-tools_1.1.1-15ubuntu0.1_powerpc.deb
      Size/MD5:   123398 ffad34172472d3a81afad2e4ad5b4814

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/v/vorbis-tools/vorbis-tools_1.1.1-15ubuntu0.1_sparc.deb
      Size/MD5:   100092 7f5f744ffacb4f27fb1b3ebfb3c86ea2



Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ