what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2007.167

Mandriva Linux Security Advisory 2007.167
Posted Aug 20, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - David Thiel discovered that libvorbis did not correctly verify the size of certain headers, and did not correctly clean up a broken stream. If a user were tricked into processing a specially crafted Vorbis stream, a remote attacker could possibly cause a denial of service or execute arbitrary code with the user's privileges.

tags | advisory, remote, denial of service, arbitrary
systems | linux, mandriva
advisories | CVE-2007-3106, CVE-2007-4029
SHA-256 | 2a84deee1c87a340c848a8dee55fb79a9600e63608ef2b7655ad0d42cfc1ac6d
Download | Favorite | View

Mandriva Linux Security Advisory 2007.167

Change Mirror Download

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2007:167
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : libvorbis
 Date    : August 18, 2007
 Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0,
           Multi Network Firewall 2.0
 _______________________________________________________________________
 
 Problem Description:
 
 David Thiel discovered that libvorbis did not correctly verify the size
 of certain headers, and did not correctly clean up a broken stream.
 If a user were tricked into processing a specially crafted Vorbis
 stream, a remote attacker could possibly cause a denial of service
 or execute arbitrary code with the user's privileges.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3106
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4029
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 0bfa4cc649993f774280778e3c58495f  2007.0/i586/libvorbis0-1.1.2-1.1mdv2007.0.i586.rpm
 4b030b008428afe795321c7420952618  2007.0/i586/libvorbis0-devel-1.1.2-1.1mdv2007.0.i586.rpm
 4041c5cc0add74ccb124aa15aa218592  2007.0/i586/libvorbisenc2-1.1.2-1.1mdv2007.0.i586.rpm
 c58d053da7865572f41c18441c8c56d1  2007.0/i586/libvorbisfile3-1.1.2-1.1mdv2007.0.i586.rpm 
 15bad7c2b4bf8bdf8e6bcee7847111e4  2007.0/SRPMS/libvorbis-1.1.2-1.1mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 757ee33c7b37949c73409d35439b468a  2007.0/x86_64/lib64vorbis0-1.1.2-1.1mdv2007.0.x86_64.rpm
 1312680e091c8253b2fb4eebdd8a43e2  2007.0/x86_64/lib64vorbis0-devel-1.1.2-1.1mdv2007.0.x86_64.rpm
 3fde1e05260a803dcbf7c3cd99327678  2007.0/x86_64/lib64vorbisenc2-1.1.2-1.1mdv2007.0.x86_64.rpm
 30d835e56cd104b267637d746cd21dcd  2007.0/x86_64/lib64vorbisfile3-1.1.2-1.1mdv2007.0.x86_64.rpm 
 15bad7c2b4bf8bdf8e6bcee7847111e4  2007.0/SRPMS/libvorbis-1.1.2-1.1mdv2007.0.src.rpm

 Mandriva Linux 2007.1:
 338c7cd9a41b58f2a67314752d6fc78f  2007.1/i586/libvorbis0-1.1.2-1.1mdv2007.1.i586.rpm
 a874c420d346f1f93a25c57d7b44de68  2007.1/i586/libvorbis0-devel-1.1.2-1.1mdv2007.1.i586.rpm
 c356eb38131c845d4bc0b7467058f489  2007.1/i586/libvorbisenc2-1.1.2-1.1mdv2007.1.i586.rpm
 b5be4af1bce5579c8b13eef29741230a  2007.1/i586/libvorbisfile3-1.1.2-1.1mdv2007.1.i586.rpm 
 19c41a0b80895c32ef4cfcfad049a90f  2007.1/SRPMS/libvorbis-1.1.2-1.1mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 bd4d2ae801b03613e04791c995bf3afc  2007.1/x86_64/lib64vorbis0-1.1.2-1.1mdv2007.1.x86_64.rpm
 f8f29239115bf2a0dcd6efd4320f3d7a  2007.1/x86_64/lib64vorbis0-devel-1.1.2-1.1mdv2007.1.x86_64.rpm
 9b06895406cc6132e177388b99a876ba  2007.1/x86_64/lib64vorbisenc2-1.1.2-1.1mdv2007.1.x86_64.rpm
 777b438ea72926805deaf657f578530d  2007.1/x86_64/lib64vorbisfile3-1.1.2-1.1mdv2007.1.x86_64.rpm 
 19c41a0b80895c32ef4cfcfad049a90f  2007.1/SRPMS/libvorbis-1.1.2-1.1mdv2007.1.src.rpm

 Corporate 3.0:
 2ab561a46d55e28a1f5c78b71fc67626  corporate/3.0/i586/libvorbis0-1.0.1-4.1.C30mdk.i586.rpm
 bf0210f58ecacfbacf36347770e13eba  corporate/3.0/i586/libvorbis0-devel-1.0.1-4.1.C30mdk.i586.rpm
 588ed731da2fa7fa47440576f604be6a  corporate/3.0/i586/libvorbisenc2-1.0.1-4.1.C30mdk.i586.rpm
 3b08dea676c8a4b48a950fc7dba02318  corporate/3.0/i586/libvorbisfile3-1.0.1-4.1.C30mdk.i586.rpm 
 c6d49fda4888842c50f3ba37d02ad9b4  corporate/3.0/SRPMS/libvorbis-1.0.1-4.1.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 86c34e72a62eabd0b6bbad34e5bb558f  corporate/3.0/x86_64/lib64vorbis0-1.0.1-4.1.C30mdk.x86_64.rpm
 9c873a72c1664175601e48bb01394876  corporate/3.0/x86_64/lib64vorbis0-devel-1.0.1-4.1.C30mdk.x86_64.rpm
 c4cbbd31f9f5936a16c314cd4e9581ad  corporate/3.0/x86_64/lib64vorbisenc2-1.0.1-4.1.C30mdk.x86_64.rpm
 84b8992786ba2df54fef7077d65207ab  corporate/3.0/x86_64/lib64vorbisfile3-1.0.1-4.1.C30mdk.x86_64.rpm 
 c6d49fda4888842c50f3ba37d02ad9b4  corporate/3.0/SRPMS/libvorbis-1.0.1-4.1.C30mdk.src.rpm

 Corporate 4.0:
 cc5f37360738c420d865218ab7ec031d  corporate/4.0/i586/libvorbis0-1.1.1-1.1.20060mlcs4.i586.rpm
 63111af08666d8b1f8468c86b78361cc  corporate/4.0/i586/libvorbis0-devel-1.1.1-1.1.20060mlcs4.i586.rpm
 0cc2a1d3a5ffafdde1b6a2ae85e0cd73  corporate/4.0/i586/libvorbisenc2-1.1.1-1.1.20060mlcs4.i586.rpm
 2b0d86648b8efef6ca39c1675826c43b  corporate/4.0/i586/libvorbisfile3-1.1.1-1.1.20060mlcs4.i586.rpm 
 8bfecd42db5df1e0588b8ccc115e930b  corporate/4.0/SRPMS/libvorbis-1.1.1-1.1.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 0f94de4c3754192f2cfda8a8b511835e  corporate/4.0/x86_64/lib64vorbis0-1.1.1-1.1.20060mlcs4.x86_64.rpm
 3fdd695420f2acde7bdaa0a2173c3fd8  corporate/4.0/x86_64/lib64vorbis0-devel-1.1.1-1.1.20060mlcs4.x86_64.rpm
 fbcb89b53aff9a67adec4287ef4a1ef2  corporate/4.0/x86_64/lib64vorbisenc2-1.1.1-1.1.20060mlcs4.x86_64.rpm
 2d6810940ebd6a3434d39f5aa6a5297e  corporate/4.0/x86_64/lib64vorbisfile3-1.1.1-1.1.20060mlcs4.x86_64.rpm 
 8bfecd42db5df1e0588b8ccc115e930b  corporate/4.0/SRPMS/libvorbis-1.1.1-1.1.20060mlcs4.src.rpm

 Multi Network Firewall 2.0:
 44164718fd13aea9c3a9b36b69b8727c  mnf/2.0/i586/libvorbis0-1.0.1-4.1.M20mdk.i586.rpm
 cf62f0f3376bcddb3d025d16238ff1d9  mnf/2.0/i586/libvorbis0-devel-1.0.1-4.1.M20mdk.i586.rpm
 d62687627f764d222afc1a3bc2ecc1c3  mnf/2.0/i586/libvorbisenc2-1.0.1-4.1.M20mdk.i586.rpm
 07d320206547edc9834f290c06818419  mnf/2.0/i586/libvorbisfile3-1.0.1-4.1.M20mdk.i586.rpm 
 f27ea3b094bb95cc9f03e444d193dd77  mnf/2.0/SRPMS/libvorbis-1.0.1-4.1.M20mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGx2aVmqjQ0CJFipgRAnEAAKCEuiw4gdnlPnywk27GOQ45zkSq0wCgvn6Q
+m+DVZ4AzY2XGNFCKcnIdo4=
=4/Uh
-----END PGP SIGNATURE-----

Login or Register to add favorites

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    6 Files
  • 17
    Jul 17th
    34 Files
  • 18
    Jul 18th
    6 Files
  • 19
    Jul 19th
    34 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    19 Files
  • 23
    Jul 23rd
    17 Files
  • 24
    Jul 24th
    47 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close