lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1NiYSG-0003e9-Vh@titan.mandriva.com>
Date: Fri, 19 Feb 2010 20:24:00 +0100
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2010:043 ] libtheora


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2010:043
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : libtheora
 Date    : February 19, 2010
 Affected: 2009.0, 2009.1, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability have been discovered and corrected in libtheora:
 
 Integer overflow in libtheora in Xiph.Org Theora before 1.1 allows
 remote attackers to cause a denial of service (application crash)
 or possibly execute arbitrary code via a video with large dimensions
 (CVE-2009-3389).
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3389
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2009.0:
 d0e867e4e25b4b789e5cdd32d5839ca6  2009.0/i586/libtheora0-1.0-0.beta3.2.1mdv2009.0.i586.rpm
 34c99cc3b86fe3e907d9081a7180661e  2009.0/i586/libtheoradec1-1.0-0.beta3.2.1mdv2009.0.i586.rpm
 e3b93763dc4b2b60dbfa2e742e9f7594  2009.0/i586/libtheora-devel-1.0-0.beta3.2.1mdv2009.0.i586.rpm
 de9ca7c7ddf8d5eb4cfcd45a09cf9595  2009.0/i586/libtheoraenc1-1.0-0.beta3.2.1mdv2009.0.i586.rpm 
 9bf2d88ba69041cfe697dc1628d7d9f3  2009.0/SRPMS/libtheora-1.0-0.beta3.2.1mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 c6e4b2eda4169e03037327745b1df1e9  2009.0/x86_64/lib64theora0-1.0-0.beta3.2.1mdv2009.0.x86_64.rpm
 57d6dce86edc17131ac6fa95fdd8b3eb  2009.0/x86_64/lib64theoradec1-1.0-0.beta3.2.1mdv2009.0.x86_64.rpm
 f97adc7a0af2a73d9e01869eaaf7e2d3  2009.0/x86_64/lib64theora-devel-1.0-0.beta3.2.1mdv2009.0.x86_64.rpm
 80ae795779eea976f4dbd86c877b6fdc  2009.0/x86_64/lib64theoraenc1-1.0-0.beta3.2.1mdv2009.0.x86_64.rpm 
 9bf2d88ba69041cfe697dc1628d7d9f3  2009.0/SRPMS/libtheora-1.0-0.beta3.2.1mdv2009.0.src.rpm

 Mandriva Linux 2009.1:
 48a5e1e01c199da61524665735baa348  2009.1/i586/libtheora0-1.0-2.1mdv2009.1.i586.rpm
 3f0cc15ffc144c26370b1d668e6c741f  2009.1/i586/libtheoradec1-1.0-2.1mdv2009.1.i586.rpm
 5b2c33714f77feb2cdb26c6c3f94a449  2009.1/i586/libtheora-devel-1.0-2.1mdv2009.1.i586.rpm
 4d91733d11aac7bcac9040e2847da58a  2009.1/i586/libtheoraenc1-1.0-2.1mdv2009.1.i586.rpm 
 6551546356f01d076af784a476639abe  2009.1/SRPMS/libtheora-1.0-2.1mdv2009.1.src.rpm

 Mandriva Linux 2009.1/X86_64:
 7873f3c1cc6c317c35f7ce06909c0b31  2009.1/x86_64/lib64theora0-1.0-2.1mdv2009.1.x86_64.rpm
 3c88506b5db69a6b5db667d77a3a9815  2009.1/x86_64/lib64theoradec1-1.0-2.1mdv2009.1.x86_64.rpm
 57c250186e12cdf8288d86a3dbe9653a  2009.1/x86_64/lib64theora-devel-1.0-2.1mdv2009.1.x86_64.rpm
 30f45754e42ef9a27b5324d9107916af  2009.1/x86_64/lib64theoraenc1-1.0-2.1mdv2009.1.x86_64.rpm 
 6551546356f01d076af784a476639abe  2009.1/SRPMS/libtheora-1.0-2.1mdv2009.1.src.rpm

 Mandriva Enterprise Server 5:
 157f767d89a1a3a235ff0193791b46d6  mes5/i586/libtheora0-1.0-0.beta3.2.1mdvmes5.i586.rpm
 29282becb9dd7eb1f13ed986a57b21d0  mes5/i586/libtheoradec1-1.0-0.beta3.2.1mdvmes5.i586.rpm
 73b740ca6290deab54bd5ff3e37ca6d7  mes5/i586/libtheora-devel-1.0-0.beta3.2.1mdvmes5.i586.rpm
 7fdae6488b2573a58038b86fa7bc71aa  mes5/i586/libtheoraenc1-1.0-0.beta3.2.1mdvmes5.i586.rpm 
 7e3e68726c181adef49bb4c3347b5e53  mes5/SRPMS/libtheora-1.0-0.beta3.2.1mdvmes5.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 273544d3b697ed79eb62a8857c12f0a0  mes5/x86_64/lib64theora0-1.0-0.beta3.2.1mdvmes5.x86_64.rpm
 a6be3b5eba73e091771cf8533fa6ab08  mes5/x86_64/lib64theoradec1-1.0-0.beta3.2.1mdvmes5.x86_64.rpm
 28ea0c309ff23a612e90e5ab2ee90f88  mes5/x86_64/lib64theora-devel-1.0-0.beta3.2.1mdvmes5.x86_64.rpm
 cf1ba4a59a2bb729b885652cb11f74f3  mes5/x86_64/lib64theoraenc1-1.0-0.beta3.2.1mdvmes5.x86_64.rpm 
 7e3e68726c181adef49bb4c3347b5e53  mes5/SRPMS/libtheora-1.0-0.beta3.2.1mdvmes5.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFLfrgbmqjQ0CJFipgRAgHiAJ0ZJRgNurGOwe+Cu4EIVChdz/a47ACeJE0W
cpn+v8nuoEUdvq7lYpfFU4E=
=5dbs
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ