- ------------------------------------------------------------------------Debian Security Advisory DSA-1591-1                  security@debian.org
http://www.debian.org/security/                          Thijs Kinkhorst
June 03, 2008                         http://www.debian.org/security/faq
- ------------------------------------------------------------------------Package        : libvorbis
Vulnerability  : several
Problem type   : local (remote)
Debian-specific: no
CVE Id(s)      : CVE-2008-1419 CVE-2008-1420 CVE-2008-1423
Debian Bug     : 482518

Several local (remote) vulnerabilities have been discovered in libvorbis,
a library for the Vorbis general-purpose compressed audio codec. The Common
Vulnerabilities and Exposures project identifies the following problems:

CVE-2008-1419

    libvorbis does not properly handle a zero value which allows remote
    attackers to cause a denial of service (crash or infinite loop) or
    trigger an integer overflow.

CVE-2008-1420

    Integer overflow in libvorbis allows remote attackers to execute
    arbitrary code via a crafted OGG file, which triggers a heap overflow.

CVE-2008-1423

    Integer overflow in libvorbis allows remote attackers to cause a denial
    of service (crash) or execute arbitrary code via a crafted OGG file
    which triggers a heap overflow.

For the stable distribution (etch), these problems have been fixed in version
1.1.2.dfsg-1.4.

For the unstable distribution (sid), these problems have been fixed in
version 1.2.0.dfsg-3.1. 

We recommend that you upgrade your libvorbis package.

Upgrade instructions
- --------------------wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------Source archives:

      Size/MD5 checksum:      787 2f0bfd28fb368c43c56332e7de7a2e3d
      Size/MD5 checksum:  1312540 44cf09fef7f78e7c6ba7dd63b6137412
      Size/MD5 checksum:    15782 62527e6adcff1dca42018a0252b19b91

alpha architecture (DEC Alpha)

      Size/MD5 checksum:    94500 edb2728b48cd6fc0357f62a7dc8fca5c
      Size/MD5 checksum:   110468 8273babee8a08c373671b468469b2ede
      Size/MD5 checksum:    19202 925dfba3f212e8b69c760c433b119716
      Size/MD5 checksum:   494958 0052fe78f4be43cb9a7f42ea2b25f7fe

amd64 architecture (AMD x86_64 (AMD64))

      Size/MD5 checksum:    17790 f49da89a8b972614687f3a5e2f6c5bac
      Size/MD5 checksum:    93498 241499415b96f3e348d1ec9c66a45981
      Size/MD5 checksum:   101508 63e1e8392876a822dc664e21b19e0185
      Size/MD5 checksum:   468670 8c6c80eb7b8e7f8b49be1447357ebce1

arm architecture (ARM)

      Size/MD5 checksum:    75744 03dad28341cde24fbbfd20444bf346c2
      Size/MD5 checksum:    18528 508cb939f65a367447c44add9dd8c11a
      Size/MD5 checksum:    98190 a09c2d3021f7b9d2d9b2bf04b2d30957
      Size/MD5 checksum:   458578 6dcadbb28c56a0a9368bfcd67b28d3fa

hppa architecture (HP PA RISC)

      Size/MD5 checksum:   483196 0435784553fb2b9c08c915da58c3c7e1
      Size/MD5 checksum:    21978 6ade3e3b040f8e01c4fe023df6faf2de
      Size/MD5 checksum:   108084 7d263ee14d29b787b0f32710ae2bffdf
      Size/MD5 checksum:    92430 72180513d203103e56e4929ca6da035f

i386 architecture (Intel ia32)

      Size/MD5 checksum:   453652 55bc31f817b6806d19d8f0696cc288cd
      Size/MD5 checksum:    18884 5d4f1bccf5efa0d5ba5767b49f97d253
      Size/MD5 checksum:    75346 f11509bd2b430f8be62706a13748d6bc
      Size/MD5 checksum:    98176 d5b46716c8ab083b9c00b523a73a81b9

ia64 architecture (Intel ia64)

      Size/MD5 checksum:    98022 dabf436427e867a81074bdca0c53ef6e
      Size/MD5 checksum:   510180 1c4e1c58e7d63f10ff7efaf3a6555f46
      Size/MD5 checksum:    24700 8dadf685db0738f52c4b47420eff588a
      Size/MD5 checksum:   136046 b5d657cad9154915f0a9c0779e68cf1c

mips architecture (MIPS (Big Endian))

      Size/MD5 checksum:   104986 3d6d14fff3621ed344e88e7bb57ae627
      Size/MD5 checksum:    81588 e776156e4d5647f0aa591ea8b01d3aad
      Size/MD5 checksum:    20946 5f5eca06d6b715087a4298d2db944fcf
      Size/MD5 checksum:   479286 4a9404dab651fd387901d6eb223bd835

mipsel architecture (MIPS (Little Endian))

      Size/MD5 checksum:    76982 63638be1a06154fa1126e5be3a4ac95e
      Size/MD5 checksum:   469086 9c31f061ab04690bf52876821a9383ea
      Size/MD5 checksum:    20944 5f59636c00cbe76590ac1ef23235cd8d
      Size/MD5 checksum:   104948 be1bf5fd730d239f5cd62a92cd4b75e4

powerpc architecture (PowerPC)

      Size/MD5 checksum:   105760 ba397af813b092de9bea72accb46db4b
      Size/MD5 checksum:    21394 7e12a198ce7bed6922d20da108e5bad5
      Size/MD5 checksum:    82558 1299949b45c3a6fdba4fa64fcf48dc53
      Size/MD5 checksum:   475206 7cda1ebdffc9b47d90efa594bea5d5b8

s390 architecture (IBM S/390)

      Size/MD5 checksum:   452736 403af241544bf4fd66f4993003f0f192
      Size/MD5 checksum:    90546 f2f4a9e7410b946b91c4d44cef18f5af
      Size/MD5 checksum:   102548 ad43cb11ddff398ee0a83ded1a024321
      Size/MD5 checksum:    20920 7ffdc1f9962394073efae81356780428

sparc architecture (Sun SPARC/UltraSPARC)

      Size/MD5 checksum:    98252 fad4afe3566e986fe819a0fff6a2376e
      Size/MD5 checksum:   453410 ce3775bb59d55b9ba7e34469225e0d20
      Size/MD5 checksum:    17888 4eaf8a0cfd4f3b1c6f8332ccf1bf6ef4
      Size/MD5 checksum:    79796 57795226ac31a7b5bf7793e4e14dc89a


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp:  dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org

Debian: New libvorbis packages fix several vulnerabilities

June 3, 2008
libvorbis does not properly handle a zero value which allows remote attackers to cause a denial of service (crash or infinite loop) or trigger an integer overflow. ...

Summary

Severity

Related News

23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved