LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: August 25th, 2014
Linux Advisory Watch: August 15th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Debian: New libfissound packages fix execution of arbitrary Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Debian It was discovered that libfishsound, a simple programming interface that wraps Xiph.Org audio codecs, didn't correctly handle negative values in a particular header field. This could allow malicious files to execute arbitrary code
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1584-1                  security@debian.org
http://www.debian.org/security/                               Steve Kemp
May 21, 2008                          http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : libfishsound
Vulnerability  : integer overflow
Problem type   : local
Debian-specific: no
CVE Id(s)      : CVE-2008-1686
Debian Bug     : 475152

It was discovered that libfishsound, a simple programming interface that
wraps Xiph.Org audio codecs, didn't correctly handle negative values in
a particular header field.  This could allow malicious files to execute
arbitrary code.

For the stable distribution (etch), this problem has been fixed in version
0.7.0-2etch1.

For the unstable distribution (sid), this problem has been fixed in
version 0.7.0-2.2.

We recommend that you upgrade your libfishsound package.


Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------

Source archives:

  http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound_0.7.0.orig.tar.gz
    Size/MD5 checksum:   426487 00ece8c9a0363b37957ce670bcf270d3
  http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound_0.7.0-2etch1.dsc
    Size/MD5 checksum:      659 d72d4922c70c6bb10dff6ace5a814455
  http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound_0.7.0-2etch1.diff.gz
    Size/MD5 checksum:    16054 c5842b27bd7a05ef9bd26e701dfc56dc

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound1-dev_0.7.0-2etch1_alpha.deb
    Size/MD5 checksum:    34582 9ef817deb3b892d9fa9f7fdc4a94e6a5
  http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound1_0.7.0-2etch1_alpha.deb
    Size/MD5 checksum:    15304 eed92cc88865ae99cc768c0a7b33019c
  http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound1-dbg_0.7.0-2etch1_alpha.deb
    Size/MD5 checksum:     7740 57cd0eae0976b9d78be65d0aeba32a3e

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound1-dev_0.7.0-2etch1_amd64.deb
    Size/MD5 checksum:    30786 64fd312521a927ceb867f63e5f4734a5
  http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound1-dbg_0.7.0-2etch1_amd64.deb
    Size/MD5 checksum:     7794 8fb36c5bdd40a8dc5c370802da6ec050
  http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound1_0.7.0-2etch1_amd64.deb
    Size/MD5 checksum:    14334 a6845973bc2f61f4783710a5797e5484

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound1-dev_0.7.0-2etch1_arm.deb
    Size/MD5 checksum:    29224 35d4c9d5a750ba8dd53ba6fd5bb248df
  http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound1_0.7.0-2etch1_arm.deb
    Size/MD5 checksum:    12462 6693b054221d19c6da6c2069466ef7dc
  http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound1-dbg_0.7.0-2etch1_arm.deb
    Size/MD5 checksum:     7882 560e18366ae1e15d5aef32855f0ab731

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound1_0.7.0-2etch1_hppa.deb
    Size/MD5 checksum:    15162 68e6bc1466fcfa4d73edb3d760a9e5b8
  http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound1-dbg_0.7.0-2etch1_hppa.deb
    Size/MD5 checksum:     7802 5922374807b136070b2f002ba716807f
  http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound1-dev_0.7.0-2etch1_hppa.deb
    Size/MD5 checksum:    31662 3c9fbc584f7942ff0ea88dd27daebbfd

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound1-dev_0.7.0-2etch1_i386.deb
    Size/MD5 checksum:    29344 74a5b956c3dc3450f3da2ec91dcf2a34
  http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound1_0.7.0-2etch1_i386.deb
    Size/MD5 checksum:    13384 559730ed3949728fc0dcf77d19a05712
  http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound1-dbg_0.7.0-2etch1_i386.deb
    Size/MD5 checksum:     7614 c2b9b6a8343bda423068fa8965411bf6

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound1-dbg_0.7.0-2etch1_ia64.deb
    Size/MD5 checksum:     7832 dfc5dbc81fb32225763581dbd7c04b9b
  http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound1_0.7.0-2etch1_ia64.deb
    Size/MD5 checksum:    18426 e0adf330dba7d6cc800de96e24897ccf
  http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound1-dev_0.7.0-2etch1_ia64.deb
    Size/MD5 checksum:    35658 671ac1c23579b0274ee4d11837ceaea1

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound1-dbg_0.7.0-2etch1_mips.deb
    Size/MD5 checksum:     8192 d2f144651551538d9eb7364408000d93
  http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound1_0.7.0-2etch1_mips.deb
    Size/MD5 checksum:    13568 c21ca7014120fb083d014adbb0a4b33f
  http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound1-dev_0.7.0-2etch1_mips.deb
    Size/MD5 checksum:    31578 4da77e051c94377ace4e567f96f22b07

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound1_0.7.0-2etch1_mipsel.deb
    Size/MD5 checksum:    16532 7c41c702fd586b8eea66ecc57c742829
  http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound1-dbg_0.7.0-2etch1_mipsel.deb
    Size/MD5 checksum:     8742 948111077a371b6b79a6e176c8844a5b
  http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound1-dev_0.7.0-2etch1_mipsel.deb
    Size/MD5 checksum:    35456 2baa784478f106c5cf10b4eaf003db8e

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound1-dbg_0.7.0-2etch1_powerpc.deb
    Size/MD5 checksum:     8984 df70ba8da43c86923cd88c74676ef9ef
  http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound1_0.7.0-2etch1_powerpc.deb
    Size/MD5 checksum:    15040 22e46a44ff17b0c1d60908cd0b61ccfc
  http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound1-dev_0.7.0-2etch1_powerpc.deb
    Size/MD5 checksum:    31074 fa6ab24dcf4e23f52a8d67dcaf56e40f

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound1-dev_0.7.0-2etch1_s390.deb
    Size/MD5 checksum:    31390 04834db2f07e1ea50eb590d95bc78dcd
  http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound1_0.7.0-2etch1_s390.deb
    Size/MD5 checksum:    14872 21e26171f0205856b65f6727a32b3edf
  http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound1-dbg_0.7.0-2etch1_s390.deb
    Size/MD5 checksum:     7540 fdc0a47c6522993232751be26725ce3b

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound1-dbg_0.7.0-2etch1_sparc.deb
    Size/MD5 checksum:     7686 8483df0677d953b7d10335a6063635fa
  http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound1_0.7.0-2etch1_sparc.deb
    Size/MD5 checksum:    12432 8c3643ab5a8cf220343e0e583d21b947
  http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound1-dev_0.7.0-2etch1_sparc.deb
    Size/MD5 checksum:    30008 3cf9fbcaf627dc07d64d2330b5149cce


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.