Secunia Security Advisory 37411

Secunia Security Advisory 37411: Posted Nov 25, 2009; Authored by Secunia | Site secunia.com; Secunia Security Advisory - Ubuntu has issued an update for libvorbis. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using this library.; tags | advisory, denial of service, vulnerability; systems | linux, ubuntu; SHA-256 | 2c993ce046bd3ff7656a7d84d7e91b00093f3ec1e2b6ec63ec25d322246300fe; Download | Favorite | View

Secunia Security Advisory 37411

----------------------------------------------------------------------

Do you have VARM strategy implemented?

(Vulnerability Assessment Remediation Management)  

If not, then implement it through the most reliable vulnerability
intelligence source on the market. 

Implement it through Secunia. 

For more information visit:
http://secunia.com/advisories/business_solutions/

Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com

----------------------------------------------------------------------

TITLE:
Ubuntu update for libvorbis

SECUNIA ADVISORY ID:
SA37411

VERIFY ADVISORY:
http://secunia.com/advisories/37411/

DESCRIPTION:
Ubuntu has issued an update for libvorbis.  This fixes multiple
vulnerabilities, which can be exploited by malicious people to cause
a DoS (Denial of Service) or potentially compromise an application
using this library.

For more information:
SA36711

SOLUTION:
Apply updated packages.

-- Ubuntu 8.04 LTS --

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis_1.2.0.dfsg-2ubuntu0.3.diff.gz
Size/MD5: 12991 d7ac1cea7fd18471b0366844c4f2d434
http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis_1.2.0.dfsg-2ubuntu0.3.dsc
Size/MD5: 937 b9ab7e79ef09dbe4cc523245a179853c
http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis_1.2.0.dfsg.orig.tar.gz
Size/MD5: 1477935 3c7fff70c0989ab3c1c85366bf670818

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-2ubuntu0.3_amd64.deb
Size/MD5: 476030 a96358bb558f637d96a4354101f9bb2c
http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-2ubuntu0.3_amd64.deb
Size/MD5: 104488 5463be3057e6f7e8db31b1acf3c8502d
http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-2ubuntu0.3_amd64.deb
Size/MD5: 94894 2c21a6d370070b7d12bed48f96036463
http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-2ubuntu0.3_amd64.deb
Size/MD5: 19630 a5a80fc2df2729b88590addfe3982cfb

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-2ubuntu0.3_i386.deb
Size/MD5: 456398 9e41b7ea54511a6b6127c5c643eddb1e
http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-2ubuntu0.3_i386.deb
Size/MD5: 99448 ffc9abdb63cc0312fef0566473f4c13d
http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-2ubuntu0.3_i386.deb
Size/MD5: 76726 8dc17f35d4699557bff77dc8a2673de8
http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-2ubuntu0.3_i386.deb
Size/MD5: 20402 cc111d8b13c33c5b03a364b0d1bb95d1

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-2ubuntu0.3_lpia.deb
Size/MD5: 458366 c2d4e954201ef68cc3d241a7dda3ea93
http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-2ubuntu0.3_lpia.deb
Size/MD5: 100038 b371e7f6d202b427614a656cd618e407
http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-2ubuntu0.3_lpia.deb
Size/MD5: 76912 b219d40cdaadb9aa368b4e3449a0de0b
http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-2ubuntu0.3_lpia.deb
Size/MD5: 20406 cc10625815d7cb3516ad3e2e7325e7f8

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-2ubuntu0.3_powerpc.deb
Size/MD5: 485154 86ff174f93f9000e89aa84ae7ba8e702
http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-2ubuntu0.3_powerpc.deb
Size/MD5: 109396 5e52e396225668911249ad4840ba89d2
http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-2ubuntu0.3_powerpc.deb
Size/MD5: 84090 053277cac971a8dd5854b25bc82f1275
http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-2ubuntu0.3_powerpc.deb
Size/MD5: 24256 7b644a68479f137d1c31cb7bc6e11239

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-2ubuntu0.3_sparc.deb
Size/MD5: 462624 43611553a9ff71736ad1829ee2d48ee6
http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-2ubuntu0.3_sparc.deb
Size/MD5: 100454 5d94a781fafacdb33752fbe8c687f4a6
http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-2ubuntu0.3_sparc.deb
Size/MD5: 81230 e7c3fcb35cd9f255af91fb850fce7718
http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-2ubuntu0.3_sparc.deb
Size/MD5: 19678 5c6725ecf7ad2f5697ddd80ec7181d99

-- Ubuntu 8.10 --

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis_1.2.0.dfsg-3.1ubuntu0.8.10.2.diff.gz
Size/MD5: 14099 3b381e5b9d4ff995371549d0f4049b17
http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis_1.2.0.dfsg-3.1ubuntu0.8.10.2.dsc
Size/MD5: 1391 f693d0a5b8d382d11eafee3eeaec74b5
http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis_1.2.0.dfsg.orig.tar.gz
Size/MD5: 1477935 3c7fff70c0989ab3c1c85366bf670818

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-3.1ubuntu0.8.10.2_amd64.deb
Size/MD5: 479892 fa93b658c3490a316a40440d66791937
http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-3.1ubuntu0.8.10.2_amd64.deb
Size/MD5: 109252 ef6627a20fb4892a1069ded79fe379be
http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-3.1ubuntu0.8.10.2_amd64.deb
Size/MD5: 96200 4fe223431c6c290695ae9c27fac0966a
http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-3.1ubuntu0.8.10.2_amd64.deb
Size/MD5: 20768 cb51f1c14be4d5bd735bc2ac74c4084f

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-3.1ubuntu0.8.10.2_i386.deb
Size/MD5: 460236 8d03a67ad77c3065462e07bfac250e79
http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-3.1ubuntu0.8.10.2_i386.deb
Size/MD5: 102638 29966392d03df0d2523aa3177434a158
http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-3.1ubuntu0.8.10.2_i386.deb
Size/MD5: 77906 10ad5e56f23d2b8f4ebb385df163b676
http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-3.1ubuntu0.8.10.2_i386.deb
Size/MD5: 21822 877561be88e24e6de4874c393257ba62

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-3.1ubuntu0.8.10.2_lpia.deb
Size/MD5: 462006 8e817bd23febab8094cd11e99864bc92
http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-3.1ubuntu0.8.10.2_lpia.deb
Size/MD5: 103306 3d377b2b715e457858f7a3afa72e3a34
http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-3.1ubuntu0.8.10.2_lpia.deb
Size/MD5: 78054 87197ab70eab21d293d06a03b925a30a
http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-3.1ubuntu0.8.10.2_lpia.deb
Size/MD5: 21654 916bdeadfed79e9521fc44c10f414f23

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-3.1ubuntu0.8.10.2_powerpc.deb
Size/MD5: 491454 62a722a76f9169182787e6646a01549b
http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-3.1ubuntu0.8.10.2_powerpc.deb
Size/MD5: 115404 d951d55225968eebf9464d18f6faab2f
http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-3.1ubuntu0.8.10.2_powerpc.deb
Size/MD5: 85524 cb9fa0eff43344cbcd177c44455ca863
http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-3.1ubuntu0.8.10.2_powerpc.deb
Size/MD5: 25540 6252523c4b9cb8e91af913dfa94a4509

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-3.1ubuntu0.8.10.2_sparc.deb
Size/MD5: 465890 7bb9b029adab1877f2ae9b66ad650da6
http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-3.1ubuntu0.8.10.2_sparc.deb
Size/MD5: 105036 b5efdeab1f1ae5bf0f68032fae4de733
http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-3.1ubuntu0.8.10.2_sparc.deb
Size/MD5: 82522 217424eb3438493636c8e2e2e947a951
http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-3.1ubuntu0.8.10.2_sparc.deb
Size/MD5: 21210 fe7a01c235dcde80427cdc1c4218c650

-- Ubuntu 9.04 --

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis_1.2.0.dfsg-3.1ubuntu0.9.04.2.diff.gz
Size/MD5: 14106 806c51558b40e8a0173258e322126dfc
http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis_1.2.0.dfsg-3.1ubuntu0.9.04.2.dsc
Size/MD5: 1391 8237287820fda9e5caaf1645917012a9
http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis_1.2.0.dfsg.orig.tar.gz
Size/MD5: 1477935 3c7fff70c0989ab3c1c85366bf670818

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-3.1ubuntu0.9.04.2_amd64.deb
Size/MD5: 479954 ed840c38ac73f07d2594485992810cf3
http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-3.1ubuntu0.9.04.2_amd64.deb
Size/MD5: 109254 fa9ecb0116a031ea24c068f7c104a6c5
http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-3.1ubuntu0.9.04.2_amd64.deb
Size/MD5: 96190 92cce557b7dc8367962bd71f5d2e16ed
http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-3.1ubuntu0.9.04.2_amd64.deb
Size/MD5: 20752 b092b5312c1fdc3ca3b68efb67c6d788

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-3.1ubuntu0.9.04.2_i386.deb
Size/MD5: 460350 dcab6f09451ee399e6c3718fd7a290b4
http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-3.1ubuntu0.9.04.2_i386.deb
Size/MD5: 102774 c0294bc33be421dc97b5a41f0962a305
http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-3.1ubuntu0.9.04.2_i386.deb
Size/MD5: 77908 4f631989517676b33426d8196ce86089
http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-3.1ubuntu0.9.04.2_i386.deb
Size/MD5: 21798 fd715839d6a485a560dc4ba3d6bd25f9

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-3.1ubuntu0.9.04.2_lpia.deb
Size/MD5: 462086 df504130bd6ba53055514188ae319608
http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-3.1ubuntu0.9.04.2_lpia.deb
Size/MD5: 103382 81883010e7f156576925e34ee1bf3650
http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-3.1ubuntu0.9.04.2_lpia.deb
Size/MD5: 78050 4b0c1e4270759a4ebb0a4a3b3e819921
http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-3.1ubuntu0.9.04.2_lpia.deb
Size/MD5: 21628 f598818f8da06a03e82811d325a0d6aa

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-3.1ubuntu0.9.04.2_powerpc.deb
Size/MD5: 491462 de9941dcdf7fbcce2ce1771157283b41
http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-3.1ubuntu0.9.04.2_powerpc.deb
Size/MD5: 115408 bf40900dd80d91fc9ba0da14079ba8ba
http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-3.1ubuntu0.9.04.2_powerpc.deb
Size/MD5: 85526 476aadeedd5fe54e094dd754eaf67a1a
http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-3.1ubuntu0.9.04.2_powerpc.deb
Size/MD5: 25534 2ce93cbcb6112d91c6b9099cb1f750ce

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-3.1ubuntu0.9.04.2_sparc.deb
Size/MD5: 465896 ab3725414d6572e1d7297a9374aa29c7
http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-3.1ubuntu0.9.04.2_sparc.deb
Size/MD5: 105040 70accc7b795a5d0871ba555377860b77
http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-3.1ubuntu0.9.04.2_sparc.deb
Size/MD5: 82470 e9e0d296fac9c00496f07d743c52c7a9
http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-3.1ubuntu0.9.04.2_sparc.deb
Size/MD5: 21170 efa8d7e1d2a14f843d14f80dae9c755c

ORIGINAL ADVISORY:
USN-861-1:
https://lists.ubuntu.com/archives/ubuntu-security-announce/2009-November/001002.html

OTHER REFERENCES:
SA36711:
http://secunia.com/advisories/36711/

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Top Authors In Last 30 Days

Red Hat 232 files
Ubuntu 59 files
Debian 27 files
Valentin Lobstein 11 files
LiquidWorm 11 files
nu11secur1ty 9 files
Apple 6 files
Milad Karimi 5 files
Google Security Research 5 files
Yevhenii Butenko 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,022)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,318)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,567)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,456)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

Secunia Security Advisory 37411

Secunia Security Advisory 37411

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Secunia Security Advisory 37411

Share This

Secunia Security Advisory 37411

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems