LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: October 20th, 2014
Linux Advisory Watch: October 17th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Ubuntu: libvorbis vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu David Thiel discovered that libvorbis did not correctly verify the size of certain headers, and did not correctly clean up a broken stream. If a user were tricked into processing a specially crafted Vorbis stream, a remote attacker could execute arbitrary code with the user's privileges.
=========================================================== 
Ubuntu Security Notice USN-498-1            August 16, 2007
libvorbis vulnerabilities
CVE-2007-3106, CVE-2007-4029
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  libvorbis0a                              1.1.2-0ubuntu2.2

Ubuntu 6.10:
  libvorbis0a                              1.1.2-1ubuntu1.2

Ubuntu 7.04:
  libvorbis0a                              1.1.2.dfsg-1.2ubuntu2

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

David Thiel discovered that libvorbis did not correctly verify the size
of certain headers, and did not correctly clean up a broken stream.
If a user were tricked into processing a specially crafted Vorbis stream,
a remote attacker could execute arbitrary code with the user's privileges.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis_1.1.2-0ubuntu2.2.diff.gz
      Size/MD5:     1945 86c1fc2f0361eb0db830f867693a548e
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis_1.1.2-0ubuntu2.2.dsc
      Size/MD5:      697 c620f1d709ab55f55b183fd3c91bce93
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis_1.1.2.orig.tar.gz
      Size/MD5:  1316434 37847626b8e1b53ae79a34714c7b3211

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis-dev_1.1.2-0ubuntu2.2_amd64.deb
      Size/MD5:   488058 fcd99f10a7fb558a943974dbb563c9f0
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis0a_1.1.2-0ubuntu2.2_amd64.deb
      Size/MD5:   101362 35ee478f24e55bb802928d63ed50987c
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisenc2_1.1.2-0ubuntu2.2_amd64.deb
      Size/MD5:   100724 9e207785d1061752b9c6a775021c5a72
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisfile3_1.1.2-0ubuntu2.2_amd64.deb
      Size/MD5:    18634 ca50aa565c499a5e1e852683dc9b3eed

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis-dev_1.1.2-0ubuntu2.2_i386.deb
      Size/MD5:   468650 99c44c0a44e97b14c60b2792f68dfa46
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis0a_1.1.2-0ubuntu2.2_i386.deb
      Size/MD5:    95664 a54dc7b20cc26bc3f9310e44ac4c5302
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisenc2_1.1.2-0ubuntu2.2_i386.deb
      Size/MD5:    82654 b8925d42ec69fad0e5369cb058279ac3
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisfile3_1.1.2-0ubuntu2.2_i386.deb
      Size/MD5:    18758 a3e870b7c250e1ad382273351a2c0c01

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis-dev_1.1.2-0ubuntu2.2_powerpc.deb
      Size/MD5:   503142 de3fa1e43f1969c184a2830a3bada1a3
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis0a_1.1.2-0ubuntu2.2_powerpc.deb
      Size/MD5:   105654 238300db6aa1e8ba618cf97de53adb40
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisenc2_1.1.2-0ubuntu2.2_powerpc.deb
      Size/MD5:    86510 cea1dd0b049c9cf7709ff9addbc9ce9e
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisfile3_1.1.2-0ubuntu2.2_powerpc.deb
      Size/MD5:    21872 a5ccde83452225ee9572591b3ac12089

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis-dev_1.1.2-0ubuntu2.2_sparc.deb
      Size/MD5:   478886 e1b097b2557761166b4c72cb1941a8d5
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis0a_1.1.2-0ubuntu2.2_sparc.deb
      Size/MD5:    98930 ddaa87cf4d545ed435ce6b5d2d7686dc
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisenc2_1.1.2-0ubuntu2.2_sparc.deb
      Size/MD5:    84502 aba0dee287ffe6cc9dd31410cdf0c480
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisfile3_1.1.2-0ubuntu2.2_sparc.deb
      Size/MD5:    19474 9ca0632d7eec2b2c5357ff0cf6dd5bd5

Updated packages for Ubuntu 6.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis_1.1.2-1ubuntu1.2.diff.gz
      Size/MD5:     4485 ddcf8d4ff7fd81dab82dcadc27fbab2b
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis_1.1.2-1ubuntu1.2.dsc
      Size/MD5:      785 a8d9b7dd0e10ad85880e1865487a1068
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis_1.1.2.orig.tar.gz
      Size/MD5:  1316434 37847626b8e1b53ae79a34714c7b3211

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis-dev_1.1.2-1ubuntu1.2_amd64.deb
      Size/MD5:   695786 8d1ae488647ead2db58b9de1b9be0943
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis0a_1.1.2-1ubuntu1.2_amd64.deb
      Size/MD5:   101874 dc9a4bdad9bb0dfe665d42016b089d8f
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisenc2_1.1.2-1ubuntu1.2_amd64.deb
      Size/MD5:    93610 f78f454f33964fc2d907432a838d61e9
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisfile3_1.1.2-1ubuntu1.2_amd64.deb
      Size/MD5:    17482 59760f0b1a0ee7c21decc3f7cee8646f

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis-dev_1.1.2-1ubuntu1.2_i386.deb
      Size/MD5:   676534 d1a29786d59ee0e7e6e240959d1ab6a1
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis0a_1.1.2-1ubuntu1.2_i386.deb
      Size/MD5:    97478 8638016bb0c0e62b81971a47319ed7c8
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisenc2_1.1.2-1ubuntu1.2_i386.deb
      Size/MD5:    75224 614221bd1c481a18bf42f996c13a32e1
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisfile3_1.1.2-1ubuntu1.2_i386.deb
      Size/MD5:    18342 adbef7bf8ba073b4717d612365f0b08c

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis-dev_1.1.2-1ubuntu1.2_powerpc.deb
      Size/MD5:   706602 dcf81e924180791236fec6e9bf712400
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis0a_1.1.2-1ubuntu1.2_powerpc.deb
      Size/MD5:   105654 dd0324eddf31d102d002027fd539c1f8
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisenc2_1.1.2-1ubuntu1.2_powerpc.deb
      Size/MD5:    82422 3760241cd611836dbcb9f807307d0d8c
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisfile3_1.1.2-1ubuntu1.2_powerpc.deb
      Size/MD5:    20996 68e46beb2de32aefd72b71e0efe2fccd

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis-dev_1.1.2-1ubuntu1.2_sparc.deb
      Size/MD5:   683458 9ef708b6975855aa8caef17efb999f5e
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis0a_1.1.2-1ubuntu1.2_sparc.deb
      Size/MD5:    98608 0d40f0736b9455d5ce8f455ad9aad730
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisenc2_1.1.2-1ubuntu1.2_sparc.deb
      Size/MD5:    79702 d877de71ae6e6dd97af7181b8c8bda75
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisfile3_1.1.2-1ubuntu1.2_sparc.deb
      Size/MD5:    17596 5557a677d2a30a8f305af3b2d0bb1992

Updated packages for Ubuntu 7.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis_1.1.2.dfsg-1.2ubuntu2.diff.gz
      Size/MD5:     6434 feb5fce1d4acf0bfdb35a37e1214bbb9
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis_1.1.2.dfsg-1.2ubuntu2.dsc
      Size/MD5:      884 978e723bf7f45be6197bcdfbf889daf7
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis_1.1.2.dfsg.orig.tar.gz
      Size/MD5:  1312540 44cf09fef7f78e7c6ba7dd63b6137412

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.2ubuntu2_amd64.deb
      Size/MD5:   464416 7b29fe0810e9fb3bb45d5349d0687248
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.2ubuntu2_amd64.deb
      Size/MD5:   102890 6952444b08b0ac5ebd6cdca46f206f60
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.2ubuntu2_amd64.deb
      Size/MD5:    93954 5d6036a45d9825510cecc78297ffa813
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.2ubuntu2_amd64.deb
      Size/MD5:    17898 2e2171a70149edaaea92fafda5666283

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.2ubuntu2_i386.deb
      Size/MD5:   446040 473a312aa17991e5633887f8a3b9fdb9
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.2ubuntu2_i386.deb
      Size/MD5:    98550 1da8d756d1fbfa690c8065c5a8ba9ca4
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.2ubuntu2_i386.deb
      Size/MD5:    75590 c2d1d51370713ba3723dabdd6dcb2016
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.2ubuntu2_i386.deb
      Size/MD5:    18752 ca2078842bcbaf8acf7ffd2a843ce0f5

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.2ubuntu2_powerpc.deb
      Size/MD5:   476100 3eb73300997f91608237cdda1272a79c
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.2ubuntu2_powerpc.deb
      Size/MD5:   108566 197afa15b66ea325cb0e1ae04e293258
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.2ubuntu2_powerpc.deb
      Size/MD5:    83292 76d2ff890da1db655f5d4218685848dc
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.2ubuntu2_powerpc.deb
      Size/MD5:    22452 697172c76dfab90ce18dc15860b7f1f3

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.2ubuntu2_sparc.deb
      Size/MD5:   453812 4824f081ef3fff15fcb99560bf8aaa28
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.2ubuntu2_sparc.deb
      Size/MD5:    99654 b62609e378e0aa989785fa26aff76f31
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.2ubuntu2_sparc.deb
      Size/MD5:    80136 2e47b864c9d92f3e7be8bcfd7069f88b
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.2ubuntu2_sparc.deb
      Size/MD5:    18040 3d6ee8bce626b81d9099f601fcff4fe2


 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Mobile Device Encryption Could Lead to a ‘Very, Very Dark Place’, FBI Director Says
What a hacker can learn about your life from the coffee shop’s Wi-Fi network
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.