=========================================================== 
Ubuntu Security Notice USN-611-2               May 08, 2008
vorbis-tools vulnerability
CVE-2008-1686
==========================================================
A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 7.04
Ubuntu 7.10
Ubuntu 8.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  vorbis-tools                    1.1.1-3ubuntu0.1

Ubuntu 7.04:
  vorbis-tools                    1.1.1-6ubuntu0.1

Ubuntu 7.10:
  vorbis-tools                    1.1.1-13ubuntu0.1

Ubuntu 8.04 LTS:
  vorbis-tools                    1.1.1-15ubuntu0.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

USN-611-1 fixed a vulnerability in Speex. This update provides the
corresponding update for ogg123, part of vorbis-tools.

Original advisory details:

 It was discovered that Speex did not properly validate its input when
 processing Speex file headers. If a user or automated system were
 tricked into opening a specially crafted Speex file, an attacker could
 create a denial of service in applications linked against Speex or
 possibly execute arbitrary code as the user invoking the program.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

          Size/MD5:    29084 20fb2753a882cb5770c352cd957f41c1
          Size/MD5:      826 d40b247eda78ab928d2501e538c91b2d
          Size/MD5:   950614 6b4c7fea98b2cd12bef440d42fdfb2f1

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:   107424 4fa2d0ff3ac663e039679bc3f947118e

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:    92986 294efb535da9ff1dda7bc8d881e9d46e

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:   109956 70ffe2ed8d86419387a15d77e589eef4

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:    95528 35e5d78f7b692863232e45e555da35b2

Updated packages for Ubuntu 7.04:

  Source archives:

          Size/MD5:    31401 3c24fe5828a5790f7f724ae98467c1a7
          Size/MD5:      859 28c969727377cf6f1591c3f1e9fe5cdb
          Size/MD5:   950614 6b4c7fea98b2cd12bef440d42fdfb2f1

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:   110322 d31b543e6a06d35e1b0297228660dcc1

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:   100934 56c48cb1157f2644fdc8954f07630b9e

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:   125222 ed7a79c193355330d500b322d6a256d0

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:   102134 d0d3e30a89102d11ca88a656a5619978

Updated packages for Ubuntu 7.10:

  Source archives:

          Size/MD5:    40975 d7e5ba00f7629c843779ec00f50831e5
          Size/MD5:      902 787ae85eff1f2533e68aa3b9377622a9
          Size/MD5:   950614 6b4c7fea98b2cd12bef440d42fdfb2f1

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:   108396 79fe314fab4f5e1afe658afece63d4f9

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:    99358 6a1222becc5ad41d8e26104c1770511d

  lpia architecture (Low Power Intel Architecture):

          Size/MD5:    98500 44203df14c92be6ff616d71c3843ffe4

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:   123072 bb20a39e83b5c5e80904b77abe35be0b

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:   100534 00e0b3c6fc2aed27afda7db0573b1277

Updated packages for Ubuntu 8.04 LTS:

  Source archives:

          Size/MD5:    41129 adee01388a841943dfc773e69aa7c991
          Size/MD5:      902 ced28a3a9262f207bf920767f2076c9d
          Size/MD5:   950614 6b4c7fea98b2cd12bef440d42fdfb2f1

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:   108286 fc09e3da4299f2d872307f4d560ac3fa

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:    99124 80df06b6c861b4ff067b732ef7dd1714

  lpia architecture (Low Power Intel Architecture):

          Size/MD5:    98766 8ed8a4db3d6c8e187082fc419b6f064a

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:   123398 ffad34172472d3a81afad2e4ad5b4814

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:   100092 7f5f744ffacb4f27fb1b3ebfb3c86ea2

Ubuntu: vorbis-tools vulnerability

May 8, 2008
It was discovered that Speex did not properly validate its input when processing Speex file headers

Summary

Update Instructions

References

Severity
Ubuntu Security Notice USN-611-2 May 08, 2008

Package Information

Related News

5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved