Ubuntu: libvorbis vulnerabilities
December 1, 2008
It was discovered that libvorbis did not correctly handle certain malformed
sound files
Summary
Update Instructions
References
Severity
libvorbis vulnerabilities
Package Information
==========================================================Ubuntu Security Notice USN-682-1 December 01, 2008
libvorbis vulnerabilities
CVE-2008-1419, CVE-2008-1420, CVE-2008-1423
==========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 7.10
Ubuntu 8.04 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
libvorbis0a 1.1.2-0ubuntu2.3
Ubuntu 7.10:
libvorbis0a 1.2.0.dfsg-1ubuntu0.1
Ubuntu 8.04 LTS:
libvorbis0a 1.2.0.dfsg-2ubuntu0.1
After a standard system upgrade you need to restart any applications that
use libvorbis, such as Totem and gtkpod, to effect the necessary changes.
Details follow:
It was discovered that libvorbis did not correctly handle certain malformed
sound files. If a user were tricked into opening a specially crafted sound
file with an application that uses libvorbis, an attacker could execute
arbitrary code with the user's privileges.
Updated packages for Ubuntu 6.06 LTS:
Source archives:
Size/MD5: 11735 23f3260732f1b61563011034bf9aff5a
Size/MD5: 706 0758a89dc0616697d3cb128b0f42e475
Size/MD5: 1316434 37847626b8e1b53ae79a34714c7b3211
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
Size/MD5: 487988 6ac00dab1115b85c27189621c06c008f
Size/MD5: 101856 0c92f61c2c777cce1d5277ed840fffcc
Size/MD5: 100908 78d05f9a2670e1a87740c9cc629782fd
Size/MD5: 18646 4df2145dff94106c81ee2fcac873a75b
i386 architecture (x86 compatible Intel/AMD):
Size/MD5: 469316 1f9bdb104c24279d1c92c363640afce1
Size/MD5: 96240 844260578e93b48388975720d845c033
Size/MD5: 82932 6c614ab9888672510e947f1d246db071
Size/MD5: 19584 a206c9c5fb541f709fd4a4dce8c606ca
powerpc architecture (Apple Macintosh G3/G4/G5):
Size/MD5: 503692 f929a9177343adbf367e74c0ea5cbee7
Size/MD5: 106230 f01391134bebdff866c694f14b8be256
Size/MD5: 86804 5d328592302bc7d23742c0d32d3322f4
Size/MD5: 22616 921a35c6e272fd4c00a8ed82d2855aca
sparc architecture (Sun SPARC/UltraSPARC):
Size/MD5: 478580 e7b9e3d3444aa9b2516e2de383ad0212
Size/MD5: 99560 c7a45c44998fff502735a1a555c533ef
Size/MD5: 84760 b12349cd58f4c20dd510f7bc4018ceba
Size/MD5: 19434 2865e544cff32fffeb9e5b91d2d9f5b9
Updated packages for Ubuntu 7.10:
Source archives:
Size/MD5: 6803 eba88f0d5ed7e99f23c390ac5b061aa6
Size/MD5: 936 0afaeb24889965a41966dbce3d9bd8e6
Size/MD5: 1477935 3c7fff70c0989ab3c1c85366bf670818
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
Size/MD5: 475590 7a6503ea10ce1550dfa80f4d3cce5fb3
Size/MD5: 104288 0c60601a0a2b44caf7789c6d4a20965e
Size/MD5: 94172 f617ece4bdf424c66614e1ed29e1e3b0
Size/MD5: 19202 a1831a3dd4389bff251d4aa9a127a80e
i386 architecture (x86 compatible Intel/AMD):
Size/MD5: 455008 d98ab2c958d7ab2afaefed5084cf7d57
Size/MD5: 99594 0fd621c1950703339239f5aed7f4c805
Size/MD5: 75998 3843a868a9bfc8f330270e5ea966b753
Size/MD5: 20064 a69d1699effba03d8de9b98ddbcb9748
lpia architecture (Low Power Intel Architecture):
Size/MD5: 457286 030878c8e2394ce9ecd92c03de803098
Size/MD5: 100054 68f25494c3ec5217af8263d60b67915b
Size/MD5: 76134 68219cdf66ec0aa276c695fface59427
Size/MD5: 19900 8e45f8dc189f83d860066975e178712e
powerpc architecture (Apple Macintosh G3/G4/G5):
Size/MD5: 484714 a6c8845587f6a2b27e054dac925340b3
Size/MD5: 109326 dced4c6926117ed364d36b83ebc5722a
Size/MD5: 83698 6f2af6040278913dae5e595fbe2de6c1
Size/MD5: 23756 4f74ee6f4f17466807770592e4cc1262
sparc architecture (Sun SPARC/UltraSPARC):
Size/MD5: 462312 f378e16a892a6613391579ebd78a1cb8
Size/MD5: 100548 fa60ade69e538ab433a4f29c39d47626
Size/MD5: 80566 992176befcc1e4b0f5c9e8623446d388
Size/MD5: 19260 42b606b63d8d534776b805cd089e7208
Updated packages for Ubuntu 8.04 LTS:
Source archives:
Size/MD5: 6859 229d235964b97a77019007f465e6be12
Size/MD5: 936 cb80528452572db8df019ee48022bfec
Size/MD5: 1477935 3c7fff70c0989ab3c1c85366bf670818
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
Size/MD5: 474602 019214230eddd04a756dcd6eb206f4d5
Size/MD5: 103554 105de05b983d65a404f60af6eea67e68
Size/MD5: 94216 c6c2e356c2dc96d4af547fb2a1dd5b34
Size/MD5: 18928 82c4d54a4f30c7e41da333543e2d1370
i386 architecture (x86 compatible Intel/AMD):
Size/MD5: 455286 75d65fe98e008eb426c47822221b8903
Size/MD5: 98426 3d03860f8b0271c7f04e5eb5681800b9
Size/MD5: 76012 2190470c51c85850e153416e10cb9583
Size/MD5: 19782 943c8d8a7b3cbface595f47b87d4129e
lpia architecture (Low Power Intel Architecture):
Size/MD5: 457272 6b6c65e2e8a4883c567723a31c970909
Size/MD5: 99072 af5d515bb4159f811df31789606cf6fa
Size/MD5: 76154 39f582ff09a3e43c6690ece11c1272de
Size/MD5: 19778 2482fd35cdcfaf93af997a11f2277859
powerpc architecture (Apple Macintosh G3/G4/G5):
Size/MD5: 484204 128ddaebf7ab8c95288de20b309b7b39
Size/MD5: 108516 a15c110e58da00ce9e851f8f04909673
Size/MD5: 83532 be00dcbd1f6a209ff7e59669ea3bcf33
Size/MD5: 23644 d07be5c602f3714cf0701226fef5bfa4
sparc architecture (Sun SPARC/UltraSPARC):
Size/MD5: 461822 9396b9f159e3e96ce44c140f02dcf3cb
Size/MD5: 99428 8dbbaf70afa928a5d2407d1eef3b1922
Size/MD5: 80484 e5592f1cd6297a630fd7358d6c88c82e
Size/MD5: 19054 66c63c0e4024661e9d905b22862450c5
