-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2012:052 http://www.mandriva.com/security/ _______________________________________________________________________ Package : libvorbis Date : April 3, 2012 Affected: 2010.1, 2011. _______________________________________________________________________ Problem Description: A vulnerability has been found and corrected in libvorbis: If a specially-crafted Ogg Vorbis media file was opened by an application using libvorbis, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application (CVE-2012-0444). The updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0444 https://bugzilla.redhat.com/show_bug.cgi?id=786026 _______________________________________________________________________ Updated Packages: Mandriva Linux 2010.1: 1988aa7b0b3773e86f59341c3890fecc 2010.1/i586/libvorbis0-1.3.1-1.1mdv2010.2.i586.rpm 41141ef6beef7a8b1d10ca5bb210e754 2010.1/i586/libvorbis-devel-1.3.1-1.1mdv2010.2.i586.rpm 00f754bf8b46ebba579198940d91243c 2010.1/i586/libvorbisenc2-1.3.1-1.1mdv2010.2.i586.rpm 75f27d2c2fba5c99a5e13465eb151177 2010.1/i586/libvorbisfile3-1.3.1-1.1mdv2010.2.i586.rpm 8fa4839b849bea59f1441c35f846a8da 2010.1/SRPMS/libvorbis-1.3.1-1.1mdv2010.2.src.rpm Mandriva Linux 2010.1/X86_64: 0ee2d498d35985bcb62622f1368ec54c 2010.1/x86_64/lib64vorbis0-1.3.1-1.1mdv2010.2.x86_64.rpm 2446454c44801577fd702d801600c288 2010.1/x86_64/lib64vorbis-devel-1.3.1-1.1mdv2010.2.x86_64.rpm 8f53515ff179f034f676adc95e2305a6 2010.1/x86_64/lib64vorbisenc2-1.3.1-1.1mdv2010.2.x86_64.rpm 8f9bba6fffcc6e4def1480cf23386013 2010.1/x86_64/lib64vorbisfile3-1.3.1-1.1mdv2010.2.x86_64.rpm 8fa4839b849bea59f1441c35f846a8da 2010.1/SRPMS/libvorbis-1.3.1-1.1mdv2010.2.src.rpm Mandriva Linux 2011: 56e5c3dcd97394cd44cdb112bc83d9ec 2011/i586/libvorbis0-1.3.2-2.1-mdv2011.0.i586.rpm 8e5d957f73abe2c6775150f4b241df8d 2011/i586/libvorbis-devel-1.3.2-2.1-mdv2011.0.i586.rpm 77282d58acf14e2b87668c2b1693c536 2011/i586/libvorbisenc2-1.3.2-2.1-mdv2011.0.i586.rpm 8a95da986acd948c4ad12ea38b72bca6 2011/i586/libvorbisfile3-1.3.2-2.1-mdv2011.0.i586.rpm 2492a4bb659adc775f82a45f039a377e 2011/SRPMS/libvorbis-1.3.2-2.1.src.rpm Mandriva Linux 2011/X86_64: b3fb66334012be5673505223d30446d5 2011/x86_64/lib64vorbis0-1.3.2-2.1-mdv2011.0.x86_64.rpm 2245e22a93f58d6fce63ad6f4ebadf22 2011/x86_64/lib64vorbis-devel-1.3.2-2.1-mdv2011.0.x86_64.rpm 8d44e8e485617f0dce374e15637d89f8 2011/x86_64/lib64vorbisenc2-1.3.2-2.1-mdv2011.0.x86_64.rpm 1c9edebad3eef19d47e892266547356d 2011/x86_64/lib64vorbisfile3-1.3.2-2.1-mdv2011.0.x86_64.rpm 2492a4bb659adc775f82a45f039a377e 2011/SRPMS/libvorbis-1.3.2-2.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iD8DBQFPetyXmqjQ0CJFipgRAgvWAJ99fJ6twIiKyU0KKJWlrZxd3tDuPACfbobq +sIy0Votu+lJ6g/y8tY5nDc= =lO4w -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/