Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Advisory Watch: March 27th, 2015
Linux Security Week: March 23rd, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Debian: New libfissound packages fix execution of arbitrary Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Debian It was discovered that libfishsound, a simple programming interface that wraps Xiph.Org audio codecs, didn't correctly handle negative values in a particular header field. This could allow malicious files to execute arbitrary code
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1584-1                                       Steve Kemp
May 21, 2008                
- ------------------------------------------------------------------------

Package        : libfishsound
Vulnerability  : integer overflow
Problem type   : local
Debian-specific: no
CVE Id(s)      : CVE-2008-1686
Debian Bug     : 475152

It was discovered that libfishsound, a simple programming interface that
wraps Xiph.Org audio codecs, didn't correctly handle negative values in
a particular header field.  This could allow malicious files to execute
arbitrary code.

For the stable distribution (etch), this problem has been fixed in version

For the unstable distribution (sid), this problem has been fixed in
version 0.7.0-2.2.

We recommend that you upgrade your libfishsound package.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch
- -------------------------------

Source archives:
    Size/MD5 checksum:   426487 00ece8c9a0363b37957ce670bcf270d3
    Size/MD5 checksum:      659 d72d4922c70c6bb10dff6ace5a814455
    Size/MD5 checksum:    16054 c5842b27bd7a05ef9bd26e701dfc56dc

alpha architecture (DEC Alpha)
    Size/MD5 checksum:    34582 9ef817deb3b892d9fa9f7fdc4a94e6a5
    Size/MD5 checksum:    15304 eed92cc88865ae99cc768c0a7b33019c
    Size/MD5 checksum:     7740 57cd0eae0976b9d78be65d0aeba32a3e

amd64 architecture (AMD x86_64 (AMD64))
    Size/MD5 checksum:    30786 64fd312521a927ceb867f63e5f4734a5
    Size/MD5 checksum:     7794 8fb36c5bdd40a8dc5c370802da6ec050
    Size/MD5 checksum:    14334 a6845973bc2f61f4783710a5797e5484

arm architecture (ARM)
    Size/MD5 checksum:    29224 35d4c9d5a750ba8dd53ba6fd5bb248df
    Size/MD5 checksum:    12462 6693b054221d19c6da6c2069466ef7dc
    Size/MD5 checksum:     7882 560e18366ae1e15d5aef32855f0ab731

hppa architecture (HP PA RISC)
    Size/MD5 checksum:    15162 68e6bc1466fcfa4d73edb3d760a9e5b8
    Size/MD5 checksum:     7802 5922374807b136070b2f002ba716807f
    Size/MD5 checksum:    31662 3c9fbc584f7942ff0ea88dd27daebbfd

i386 architecture (Intel ia32)
    Size/MD5 checksum:    29344 74a5b956c3dc3450f3da2ec91dcf2a34
    Size/MD5 checksum:    13384 559730ed3949728fc0dcf77d19a05712
    Size/MD5 checksum:     7614 c2b9b6a8343bda423068fa8965411bf6

ia64 architecture (Intel ia64)
    Size/MD5 checksum:     7832 dfc5dbc81fb32225763581dbd7c04b9b
    Size/MD5 checksum:    18426 e0adf330dba7d6cc800de96e24897ccf
    Size/MD5 checksum:    35658 671ac1c23579b0274ee4d11837ceaea1

mips architecture (MIPS (Big Endian))
    Size/MD5 checksum:     8192 d2f144651551538d9eb7364408000d93
    Size/MD5 checksum:    13568 c21ca7014120fb083d014adbb0a4b33f
    Size/MD5 checksum:    31578 4da77e051c94377ace4e567f96f22b07

mipsel architecture (MIPS (Little Endian))
    Size/MD5 checksum:    16532 7c41c702fd586b8eea66ecc57c742829
    Size/MD5 checksum:     8742 948111077a371b6b79a6e176c8844a5b
    Size/MD5 checksum:    35456 2baa784478f106c5cf10b4eaf003db8e

powerpc architecture (PowerPC)
    Size/MD5 checksum:     8984 df70ba8da43c86923cd88c74676ef9ef
    Size/MD5 checksum:    15040 22e46a44ff17b0c1d60908cd0b61ccfc
    Size/MD5 checksum:    31074 fa6ab24dcf4e23f52a8d67dcaf56e40f

s390 architecture (IBM S/390)
    Size/MD5 checksum:    31390 04834db2f07e1ea50eb590d95bc78dcd
    Size/MD5 checksum:    14872 21e26171f0205856b65f6727a32b3edf
    Size/MD5 checksum:     7540 fdc0a47c6522993232751be26725ce3b

sparc architecture (Sun SPARC/UltraSPARC)
    Size/MD5 checksum:     7686 8483df0677d953b7d10335a6063635fa
    Size/MD5 checksum:    12432 8c3643ab5a8cf220343e0e583d21b947
    Size/MD5 checksum:    30008 3cf9fbcaf627dc07d64d2330b5149cce

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list:
< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
FBI Quietly Removes Recommendation To Encrypt Your Phone
And the prize for LEAST SECURE BROWSER goes to ... Chrome!
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.