LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: April 7th, 2014
Linux Advisory Watch: April 4th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Ubuntu: libvorbis vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu It was discovered that libvorbis did not correctly handle certain malformed sound files. If a user were tricked into opening a specially crafted sound file with an application that uses libvorbis, an attacker could execute arbitrary code with the user's privileges.
===========================================================
Ubuntu Security Notice USN-682-1          December 01, 2008
libvorbis vulnerabilities
CVE-2008-1419, CVE-2008-1420, CVE-2008-1423
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 7.10
Ubuntu 8.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  libvorbis0a                     1.1.2-0ubuntu2.3

Ubuntu 7.10:
  libvorbis0a                     1.2.0.dfsg-1ubuntu0.1

Ubuntu 8.04 LTS:
  libvorbis0a                     1.2.0.dfsg-2ubuntu0.1

After a standard system upgrade you need to restart any applications that
use libvorbis, such as Totem and gtkpod, to effect the necessary changes.

Details follow:

It was discovered that libvorbis did not correctly handle certain malformed
sound files. If a user were tricked into opening a specially crafted sound
file with an application that uses libvorbis, an attacker could execute
arbitrary code with the user's privileges.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis_1.1.2-0ubuntu2.3.diff.gz
      Size/MD5:    11735 23f3260732f1b61563011034bf9aff5a
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis_1.1.2-0ubuntu2.3.dsc
      Size/MD5:      706 0758a89dc0616697d3cb128b0f42e475
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis_1.1.2.orig.tar.gz
      Size/MD5:  1316434 37847626b8e1b53ae79a34714c7b3211

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis-dev_1.1.2-0ubuntu2.3_amd64.deb
      Size/MD5:   487988 6ac00dab1115b85c27189621c06c008f
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis0a_1.1.2-0ubuntu2.3_amd64.deb
      Size/MD5:   101856 0c92f61c2c777cce1d5277ed840fffcc
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisenc2_1.1.2-0ubuntu2.3_amd64.deb
      Size/MD5:   100908 78d05f9a2670e1a87740c9cc629782fd
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisfile3_1.1.2-0ubuntu2.3_amd64.deb
      Size/MD5:    18646 4df2145dff94106c81ee2fcac873a75b

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis-dev_1.1.2-0ubuntu2.3_i386.deb
      Size/MD5:   469316 1f9bdb104c24279d1c92c363640afce1
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis0a_1.1.2-0ubuntu2.3_i386.deb
      Size/MD5:    96240 844260578e93b48388975720d845c033
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisenc2_1.1.2-0ubuntu2.3_i386.deb
      Size/MD5:    82932 6c614ab9888672510e947f1d246db071
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisfile3_1.1.2-0ubuntu2.3_i386.deb
      Size/MD5:    19584 a206c9c5fb541f709fd4a4dce8c606ca

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis-dev_1.1.2-0ubuntu2.3_powerpc.deb
      Size/MD5:   503692 f929a9177343adbf367e74c0ea5cbee7
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis0a_1.1.2-0ubuntu2.3_powerpc.deb
      Size/MD5:   106230 f01391134bebdff866c694f14b8be256
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisenc2_1.1.2-0ubuntu2.3_powerpc.deb
      Size/MD5:    86804 5d328592302bc7d23742c0d32d3322f4
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisfile3_1.1.2-0ubuntu2.3_powerpc.deb
      Size/MD5:    22616 921a35c6e272fd4c00a8ed82d2855aca

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis-dev_1.1.2-0ubuntu2.3_sparc.deb
      Size/MD5:   478580 e7b9e3d3444aa9b2516e2de383ad0212
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis0a_1.1.2-0ubuntu2.3_sparc.deb
      Size/MD5:    99560 c7a45c44998fff502735a1a555c533ef
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisenc2_1.1.2-0ubuntu2.3_sparc.deb
      Size/MD5:    84760 b12349cd58f4c20dd510f7bc4018ceba
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisfile3_1.1.2-0ubuntu2.3_sparc.deb
      Size/MD5:    19434 2865e544cff32fffeb9e5b91d2d9f5b9

Updated packages for Ubuntu 7.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis_1.2.0.dfsg-1ubuntu0.1.diff.gz
      Size/MD5:     6803 eba88f0d5ed7e99f23c390ac5b061aa6
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis_1.2.0.dfsg-1ubuntu0.1.dsc
      Size/MD5:      936 0afaeb24889965a41966dbce3d9bd8e6
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis_1.2.0.dfsg.orig.tar.gz
      Size/MD5:  1477935 3c7fff70c0989ab3c1c85366bf670818

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-1ubuntu0.1_amd64.deb
      Size/MD5:   475590 7a6503ea10ce1550dfa80f4d3cce5fb3
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-1ubuntu0.1_amd64.deb
      Size/MD5:   104288 0c60601a0a2b44caf7789c6d4a20965e
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-1ubuntu0.1_amd64.deb
      Size/MD5:    94172 f617ece4bdf424c66614e1ed29e1e3b0
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-1ubuntu0.1_amd64.deb
      Size/MD5:    19202 a1831a3dd4389bff251d4aa9a127a80e

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-1ubuntu0.1_i386.deb
      Size/MD5:   455008 d98ab2c958d7ab2afaefed5084cf7d57
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-1ubuntu0.1_i386.deb
      Size/MD5:    99594 0fd621c1950703339239f5aed7f4c805
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-1ubuntu0.1_i386.deb
      Size/MD5:    75998 3843a868a9bfc8f330270e5ea966b753
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-1ubuntu0.1_i386.deb
      Size/MD5:    20064 a69d1699effba03d8de9b98ddbcb9748

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-1ubuntu0.1_lpia.deb
      Size/MD5:   457286 030878c8e2394ce9ecd92c03de803098
    http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-1ubuntu0.1_lpia.deb
      Size/MD5:   100054 68f25494c3ec5217af8263d60b67915b
    http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-1ubuntu0.1_lpia.deb
      Size/MD5:    76134 68219cdf66ec0aa276c695fface59427
    http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-1ubuntu0.1_lpia.deb
      Size/MD5:    19900 8e45f8dc189f83d860066975e178712e

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-1ubuntu0.1_powerpc.deb
      Size/MD5:   484714 a6c8845587f6a2b27e054dac925340b3
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-1ubuntu0.1_powerpc.deb
      Size/MD5:   109326 dced4c6926117ed364d36b83ebc5722a
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-1ubuntu0.1_powerpc.deb
      Size/MD5:    83698 6f2af6040278913dae5e595fbe2de6c1
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-1ubuntu0.1_powerpc.deb
      Size/MD5:    23756 4f74ee6f4f17466807770592e4cc1262

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-1ubuntu0.1_sparc.deb
      Size/MD5:   462312 f378e16a892a6613391579ebd78a1cb8
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-1ubuntu0.1_sparc.deb
      Size/MD5:   100548 fa60ade69e538ab433a4f29c39d47626
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-1ubuntu0.1_sparc.deb
      Size/MD5:    80566 992176befcc1e4b0f5c9e8623446d388
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-1ubuntu0.1_sparc.deb
      Size/MD5:    19260 42b606b63d8d534776b805cd089e7208

Updated packages for Ubuntu 8.04 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis_1.2.0.dfsg-2ubuntu0.1.diff.gz
      Size/MD5:     6859 229d235964b97a77019007f465e6be12
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis_1.2.0.dfsg-2ubuntu0.1.dsc
      Size/MD5:      936 cb80528452572db8df019ee48022bfec
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis_1.2.0.dfsg.orig.tar.gz
      Size/MD5:  1477935 3c7fff70c0989ab3c1c85366bf670818

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-2ubuntu0.1_amd64.deb
      Size/MD5:   474602 019214230eddd04a756dcd6eb206f4d5
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-2ubuntu0.1_amd64.deb
      Size/MD5:   103554 105de05b983d65a404f60af6eea67e68
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-2ubuntu0.1_amd64.deb
      Size/MD5:    94216 c6c2e356c2dc96d4af547fb2a1dd5b34
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-2ubuntu0.1_amd64.deb
      Size/MD5:    18928 82c4d54a4f30c7e41da333543e2d1370

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-2ubuntu0.1_i386.deb
      Size/MD5:   455286 75d65fe98e008eb426c47822221b8903
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-2ubuntu0.1_i386.deb
      Size/MD5:    98426 3d03860f8b0271c7f04e5eb5681800b9
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-2ubuntu0.1_i386.deb
      Size/MD5:    76012 2190470c51c85850e153416e10cb9583
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-2ubuntu0.1_i386.deb
      Size/MD5:    19782 943c8d8a7b3cbface595f47b87d4129e

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-2ubuntu0.1_lpia.deb
      Size/MD5:   457272 6b6c65e2e8a4883c567723a31c970909
    http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-2ubuntu0.1_lpia.deb
      Size/MD5:    99072 af5d515bb4159f811df31789606cf6fa
    http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-2ubuntu0.1_lpia.deb
      Size/MD5:    76154 39f582ff09a3e43c6690ece11c1272de
    http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-2ubuntu0.1_lpia.deb
      Size/MD5:    19778 2482fd35cdcfaf93af997a11f2277859

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-2ubuntu0.1_powerpc.deb
      Size/MD5:   484204 128ddaebf7ab8c95288de20b309b7b39
    http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-2ubuntu0.1_powerpc.deb
      Size/MD5:   108516 a15c110e58da00ce9e851f8f04909673
    http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-2ubuntu0.1_powerpc.deb
      Size/MD5:    83532 be00dcbd1f6a209ff7e59669ea3bcf33
    http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-2ubuntu0.1_powerpc.deb
      Size/MD5:    23644 d07be5c602f3714cf0701226fef5bfa4

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-2ubuntu0.1_sparc.deb
      Size/MD5:   461822 9396b9f159e3e96ce44c140f02dcf3cb
    http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-2ubuntu0.1_sparc.deb
      Size/MD5:    99428 8dbbaf70afa928a5d2407d1eef3b1922
    http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-2ubuntu0.1_sparc.deb
      Size/MD5:    80484 e5592f1cd6297a630fd7358d6c88c82e
    http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-2ubuntu0.1_sparc.deb
      Size/MD5:    19054 66c63c0e4024661e9d905b22862450c5



 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Heartbleed: Security experts reality-check the 3 most hysterical fears
Open source trounces proprietary software for code defects, Coverity analysis finds
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.