[Security Announce] [ MDKSA-2007:194 ] - Updated libvorbis packages fix vulnerabilities
Posted on: 10/11/2007 06:00 AM

The Mandriva Security Team published a new security update for Mandriva Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2007:194
http://www.mandriva.com/security/
_______________________________________________________________________

Package : libvorbis
Date : October 10, 2007
Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0,
Multi Network Firewall 2.0
_______________________________________________________________________

Problem Description:

More vulnerabilities in libvorbis were found that could be used to
cause an application linked to libvorbis to crash or execute arbitrary
code if used to open a carefully crafted OGG file.

Updated packages have been patched to prevent this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4065
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4066
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2007.0:
d41be27509ec3be88b202966d4a59550 2007.0/i586/libvorbis0-1.1.2-1.2mdv2007.0.i586.rpm
e75b4f86a4c5d58f77373d50fbea8768 2007.0/i586/libvorbis0-devel-1.1.2-1.2mdv2007.0.i586.rpm
23f95877a057ba9cec80183affdbcd26 2007.0/i586/libvorbisenc2-1.1.2-1.2mdv2007.0.i586.rpm
5f32c9d9d23d2cca8814ad11c6992695 2007.0/i586/libvorbisfile3-1.1.2-1.2mdv2007.0.i586.rpm
3307e950d4b3918d358e9b82df6001cf 2007.0/SRPMS/libvorbis-1.1.2-1.2mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
402d3b03c86b0137011d1e46b51c5882 2007.0/x86_64/lib64vorbis0-1.1.2-1.2mdv2007.0.x86_64.rpm
f2ac23af2f02fa7ae18eff8251a7187f 2007.0/x86_64/lib64vorbis0-devel-1.1.2-1.2mdv2007.0.x86_64.rpm
26edae58c4d13b1d3231eb5dc1560dac 2007.0/x86_64/lib64vorbisenc2-1.1.2-1.2mdv2007.0.x86_64.rpm
63e13185eeaa037dbc4fc583b85c0143 2007.0/x86_64/lib64vorbisfile3-1.1.2-1.2mdv2007.0.x86_64.rpm
3307e950d4b3918d358e9b82df6001cf 2007.0/SRPMS/libvorbis-1.1.2-1.2mdv2007.0.src.rpm

Mandriva Linux 2007.1:
f8d07dd2d52e2876abb97609b29c7dde 2007.1/i586/libvorbis0-1.1.2-1.3mdv2007.1.i586.rpm
3fec84f53226b408bba6dbd1e2cf4968 2007.1/i586/libvorbis0-devel-1.1.2-1.3mdv2007.1.i586.rpm
2901cdc64be56cb289b217ed1a05b8f1 2007.1/i586/libvorbisenc2-1.1.2-1.3mdv2007.1.i586.rpm
e98cb9e44e1f3067e1fb7d1620c5ef27 2007.1/i586/libvorbisfile3-1.1.2-1.3mdv2007.1.i586.rpm
cce00e65c8cbe511018f520bca49c6a7 2007.1/SRPMS/libvorbis-1.1.2-1.3mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64:
891d901f29fe9a1d0fd82e9b47d38122 2007.1/x86_64/lib64vorbis0-1.1.2-1.3mdv2007.1.x86_64.rpm
c6c00add1ff7bcc5e636e3ae2b4f5b30 2007.1/x86_64/lib64vorbis0-devel-1.1.2-1.3mdv2007.1.x86_64.rpm
510934712584a9578ed4a2a946870b06 2007.1/x86_64/lib64vorbisenc2-1.1.2-1.3mdv2007.1.x86_64.rpm
c52b5f4388c30d163f57144b882b3089 2007.1/x86_64/lib64vorbisfile3-1.1.2-1.3mdv2007.1.x86_64.rpm
cce00e65c8cbe511018f520bca49c6a7 2007.1/SRPMS/libvorbis-1.1.2-1.3mdv2007.1.src.rpm

Corporate 3.0:
cb5946414ffc05264f009a2dfb5cd5a4 corporate/3.0/i586/libvorbis0-1.0.1-4.2.C30mdk.i586.rpm
b94b5dd7b09be0920ad46691550e6d5f corporate/3.0/i586/libvorbis0-devel-1.0.1-4.2.C30mdk.i586.rpm
2499e5ee054d10dea6576ecc1e5a0b47 corporate/3.0/i586/libvorbisenc2-1.0.1-4.2.C30mdk.i586.rpm
d96e79ad3fa7183463d28e0e964625cb corporate/3.0/i586/libvorbisfile3-1.0.1-4.2.C30mdk.i586.rpm
6cd5308e5450210a1bd5ef1d75be045a corporate/3.0/SRPMS/libvorbis-1.0.1-4.2.C30mdk.src.rpm

Corporate 3.0/X86_64:
e8702d068c5780bb74aeeead7990cf1d corporate/3.0/x86_64/lib64vorbis0-1.0.1-4.2.C30mdk.x86_64.rpm
1839ae3b9df3a80728efefcd0d2c8924 corporate/3.0/x86_64/lib64vorbis0-devel-1.0.1-4.2.C30mdk.x86_64.rpm
6d503b73eb3997992a4a14686fa22bc2 corporate/3.0/x86_64/lib64vorbisenc2-1.0.1-4.2.C30mdk.x86_64.rpm
1fb747fa7937daf053ede6bf3c631e6b corporate/3.0/x86_64/lib64vorbisfile3-1.0.1-4.2.C30mdk.x86_64.rpm
6cd5308e5450210a1bd5ef1d75be045a corporate/3.0/SRPMS/libvorbis-1.0.1-4.2.C30mdk.src.rpm

Corporate 4.0:
3354475793ef4eb0489fab6cbbb66b4b corporate/4.0/i586/libvorbis0-1.1.1-1.2.20060mlcs4.i586.rpm
98795f48ac6f58fe0c085ccddbc8b013 corporate/4.0/i586/libvorbis0-devel-1.1.1-1.2.20060mlcs4.i586.rpm
ff749aafc57d36a7bea5d9911e1e0464 corporate/4.0/i586/libvorbisenc2-1.1.1-1.2.20060mlcs4.i586.rpm
f3c1ce534e434ccb18d8a20e8131f645 corporate/4.0/i586/libvorbisfile3-1.1.1-1.2.20060mlcs4.i586.rpm
a03a39326629aeac0b8089f16ac1669c corporate/4.0/SRPMS/libvorbis-1.1.1-1.2.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
1fd83d033b447bbe31b382b6ef406b04 corporate/4.0/x86_64/lib64vorbis0-1.1.1-1.2.20060mlcs4.x86_64.rpm
7277ef1839ff508bb82c7cfdabd08bbc corporate/4.0/x86_64/lib64vorbis0-devel-1.1.1-1.2.20060mlcs4.x86_64.rpm
85982268bb38fee83857e3d43b81e857 corporate/4.0/x86_64/lib64vorbisenc2-1.1.1-1.2.20060mlcs4.x86_64.rpm
b2becf1d0654a3c7dc39d776ea06fef7 corporate/4.0/x86_64/lib64vorbisfile3-1.1.1-1.2.20060mlcs4.x86_64.rpm
a03a39326629aeac0b8089f16ac1669c corporate/4.0/SRPMS/libvorbis-1.1.1-1.2.20060mlcs4.src.rpm

Multi Network Firewall 2.0:
4aeb3e14e502a4985045faa4b78a06e6 mnf/2.0/i586/libvorbis0-1.0.1-4.2.M20mdk.i586.rpm
d361415bee36020ea5b0b5fd42ccc260 mnf/2.0/i586/libvorbis0-devel-1.0.1-4.2.M20mdk.i586.rpm
7b9cf8d7bdf58bea8a77f05ffef744d3 mnf/2.0/i586/libvorbisenc2-1.0.1-4.2.M20mdk.i586.rpm
33e7c4ddc5a1cba04d0e238b2cbda192 mnf/2.0/i586/libvorbisfile3-1.0.1-4.2.M20mdk.i586.rpm
35f0157658f80c209b4bfd4557668aca mnf/2.0/SRPMS/libvorbis-1.0.1-4.2.M20mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
lt;security*mandriva.comgt;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFHDVqEmqjQ0CJFipgRAoNiAKC8sak4VviFaKGNNIkVujrmYA+PSgCcDTDI
QWEg84Lby+nroQbzWtPeWaY=
=Zvfm
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/security_announce_mdksa_2007194__updated_libvorbis_packages_fix_vulnerabilities.html)