=========================================================== Ubuntu Security Notice USN-611-1 May 08, 2008 speex vulnerability CVE-2008-1686 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libspeex1 1.1.11.1-1ubuntu0.3 Ubuntu 7.04: libspeex1 1.1.12-3ubuntu0.7.04.1 Ubuntu 7.10: libspeex1 1.1.12-3ubuntu0.7.10.1 Ubuntu 8.04 LTS: libspeex1 1.1.12-3ubuntu0.8.04.1 After a standard system upgrade you need to restart applications linked against Speex to effect the necessary changes. Details follow: It was discovered that Speex did not properly validate its input when processing Speex file headers. If a user or automated system were tricked into opening a specially crafted Speex file, an attacker could create a denial of service in applications linked against Speex or possibly execute arbitrary code as the user invoking the program. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/s/speex/speex_1.1.11.1-1ubuntu0.3.diff.gz Size/MD5: 16334 3043ac1b83c4f616ee9e7ce0445f6f4a http://security.ubuntu.com/ubuntu/pool/main/s/speex/speex_1.1.11.1-1ubuntu0.3.dsc Size/MD5: 891 a47ed95c32a7f46195117b0940003512 http://security.ubuntu.com/ubuntu/pool/main/s/speex/speex_1.1.11.1.orig.tar.gz Size/MD5: 720528 5282d23ea605232be05b537cca7af242 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/s/speex/speex-doc_1.1.11.1-1ubuntu0.3_all.deb Size/MD5: 1175164 88a00eb0263c884a7fb2f8e86f7085cf amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/s/speex/libspeex-dev_1.1.11.1-1ubuntu0.3_amd64.deb Size/MD5: 99344 ff9c32a2add83695f263ab665bfeea2e http://security.ubuntu.com/ubuntu/pool/main/s/speex/libspeex1_1.1.11.1-1ubuntu0.3_amd64.deb Size/MD5: 73114 fb8d379b7b59a01dfbdc71061ec55d2f http://security.ubuntu.com/ubuntu/pool/universe/s/speex/speex_1.1.11.1-1ubuntu0.3_amd64.deb Size/MD5: 25730 3024d74692a5284a7d3c3c7a0ea731f4 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/s/speex/libspeex-dev_1.1.11.1-1ubuntu0.3_i386.deb Size/MD5: 85844 103f5455a185b5f7b67e1e9db8e09bf5 http://security.ubuntu.com/ubuntu/pool/main/s/speex/libspeex1_1.1.11.1-1ubuntu0.3_i386.deb Size/MD5: 68198 e49b7fcbe1dac385ea3dd3531b3578ab http://security.ubuntu.com/ubuntu/pool/universe/s/speex/speex_1.1.11.1-1ubuntu0.3_i386.deb Size/MD5: 24506 f313ba989a11acfc1d087f0cbf32ec1c powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/s/speex/libspeex-dev_1.1.11.1-1ubuntu0.3_powerpc.deb Size/MD5: 102896 6f060fc21867cb58ebbc2bc2610a89e4 http://security.ubuntu.com/ubuntu/pool/main/s/speex/libspeex1_1.1.11.1-1ubuntu0.3_powerpc.deb Size/MD5: 78074 139b3f33a76ace71235795c5a5d5c257 http://security.ubuntu.com/ubuntu/pool/universe/s/speex/speex_1.1.11.1-1ubuntu0.3_powerpc.deb Size/MD5: 27502 9abaa0c5f9c85fc61bf7dbae3c367b24 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/s/speex/libspeex-dev_1.1.11.1-1ubuntu0.3_sparc.deb Size/MD5: 93950 60cd3a6214b4131804e04ef726512706 http://security.ubuntu.com/ubuntu/pool/main/s/speex/libspeex1_1.1.11.1-1ubuntu0.3_sparc.deb Size/MD5: 72626 3bc63bc48594cfb32dba17c63c9278a1 http://security.ubuntu.com/ubuntu/pool/universe/s/speex/speex_1.1.11.1-1ubuntu0.3_sparc.deb Size/MD5: 25564 f44fac017d8f1cad870b8b7d865ae704 Updated packages for Ubuntu 7.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/s/speex/speex_1.1.12-3ubuntu0.7.04.1.diff.gz Size/MD5: 16462 8f5c4ba40a9d55f67207def20fd0d8f8 http://security.ubuntu.com/ubuntu/pool/main/s/speex/speex_1.1.12-3ubuntu0.7.04.1.dsc Size/MD5: 896 bf22d92d6a3d9e152c7e3d8e5516e5aa http://security.ubuntu.com/ubuntu/pool/main/s/speex/speex_1.1.12.orig.tar.gz Size/MD5: 740110 1bd6cdf3a0ebabf818cd72a3401e2610 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/s/speex/speex-doc_1.1.12-3ubuntu0.7.04.1_all.deb Size/MD5: 1621198 e693f69bee4af4022f1426628d8fa874 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/s/speex/libspeex-dev_1.1.12-3ubuntu0.7.04.1_amd64.deb Size/MD5: 107898 ca461c3a1137db04b701f6abf359221c http://security.ubuntu.com/ubuntu/pool/main/s/speex/libspeex1_1.1.12-3ubuntu0.7.04.1_amd64.deb Size/MD5: 81248 63a3b920764b3c7a8c440ece3d5a6628 http://security.ubuntu.com/ubuntu/pool/universe/s/speex/speex_1.1.12-3ubuntu0.7.04.1_amd64.deb Size/MD5: 26278 1e0bb2a94c4f8cb9d7b8a879c87d77a5 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/s/speex/libspeex-dev_1.1.12-3ubuntu0.7.04.1_i386.deb Size/MD5: 93276 3fc302a1d7250759c05cdb9266795512 http://security.ubuntu.com/ubuntu/pool/main/s/speex/libspeex1_1.1.12-3ubuntu0.7.04.1_i386.deb Size/MD5: 76948 54b210c5e9aa7165b2e3574d4ec22129 http://security.ubuntu.com/ubuntu/pool/universe/s/speex/speex_1.1.12-3ubuntu0.7.04.1_i386.deb Size/MD5: 25348 d40840a2b30852980cb8abe33f8f52b4 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/s/speex/libspeex-dev_1.1.12-3ubuntu0.7.04.1_powerpc.deb Size/MD5: 111304 fecf9674ed877ee012d4481dbfd28ff7 http://security.ubuntu.com/ubuntu/pool/main/s/speex/libspeex1_1.1.12-3ubuntu0.7.04.1_powerpc.deb Size/MD5: 88048 dea6b4205ec628871f6ff16eaf50c2f1 http://security.ubuntu.com/ubuntu/pool/universe/s/speex/speex_1.1.12-3ubuntu0.7.04.1_powerpc.deb Size/MD5: 29860 5925a4f45f770f209fff316f78dba6cc sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/s/speex/libspeex-dev_1.1.12-3ubuntu0.7.04.1_sparc.deb Size/MD5: 100622 b4f79870679d10a746122d62824520a5 http://security.ubuntu.com/ubuntu/pool/main/s/speex/libspeex1_1.1.12-3ubuntu0.7.04.1_sparc.deb Size/MD5: 79974 363d994497fbe56da99c9e3d190159aa http://security.ubuntu.com/ubuntu/pool/universe/s/speex/speex_1.1.12-3ubuntu0.7.04.1_sparc.deb Size/MD5: 26626 17839bcc3c1c7f8e093527a9b012b5c1 Updated packages for Ubuntu 7.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/s/speex/speex_1.1.12-3ubuntu0.7.10.1.diff.gz Size/MD5: 16464 a9f2cc5874334105f139fe4658d6932a http://security.ubuntu.com/ubuntu/pool/main/s/speex/speex_1.1.12-3ubuntu0.7.10.1.dsc Size/MD5: 896 19296f16fadc226b5bfa661c5c60446a http://security.ubuntu.com/ubuntu/pool/main/s/speex/speex_1.1.12.orig.tar.gz Size/MD5: 740110 1bd6cdf3a0ebabf818cd72a3401e2610 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/s/speex/speex-doc_1.1.12-3ubuntu0.7.10.1_all.deb Size/MD5: 2739332 950760db17a4a3ddd98819b664e2cade amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/s/speex/libspeex-dev_1.1.12-3ubuntu0.7.10.1_amd64.deb Size/MD5: 108820 fb59780481a14fd71d7404dcbd468de2 http://security.ubuntu.com/ubuntu/pool/main/s/speex/libspeex1_1.1.12-3ubuntu0.7.10.1_amd64.deb Size/MD5: 81928 26a27b1731508bcbcf30927f016deb13 http://security.ubuntu.com/ubuntu/pool/universe/s/speex/speex_1.1.12-3ubuntu0.7.10.1_amd64.deb Size/MD5: 26320 e0d3ddab4c85093e3510f724bad4328a i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/s/speex/libspeex-dev_1.1.12-3ubuntu0.7.10.1_i386.deb Size/MD5: 93644 b36263803f01174d6bb1577064aa3528 http://security.ubuntu.com/ubuntu/pool/main/s/speex/libspeex1_1.1.12-3ubuntu0.7.10.1_i386.deb Size/MD5: 77590 d0e00ef79d2c4ee88815cebcd327b73a http://security.ubuntu.com/ubuntu/pool/universe/s/speex/speex_1.1.12-3ubuntu0.7.10.1_i386.deb Size/MD5: 25242 d34367d6b1842d636d3cd7e184c4fb3c lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/s/speex/libspeex-dev_1.1.12-3ubuntu0.7.10.1_lpia.deb Size/MD5: 92996 b875296d5217f2102f5d3913a11856a2 http://ports.ubuntu.com/pool/main/s/speex/libspeex1_1.1.12-3ubuntu0.7.10.1_lpia.deb Size/MD5: 76334 8b44f386012576e364aa5051cb496c29 http://ports.ubuntu.com/pool/universe/s/speex/speex_1.1.12-3ubuntu0.7.10.1_lpia.deb Size/MD5: 25432 a38ad81fba60b956968e54722ff82dcc powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/s/speex/libspeex-dev_1.1.12-3ubuntu0.7.10.1_powerpc.deb Size/MD5: 111450 d505aff351cb6b59dfa101b7fe902443 http://security.ubuntu.com/ubuntu/pool/main/s/speex/libspeex1_1.1.12-3ubuntu0.7.10.1_powerpc.deb Size/MD5: 88112 e06e4db8125927e9078742bfaba8e56c http://security.ubuntu.com/ubuntu/pool/universe/s/speex/speex_1.1.12-3ubuntu0.7.10.1_powerpc.deb Size/MD5: 29808 798c8763dbecb9d00234aca8f29ce4ee sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/s/speex/libspeex-dev_1.1.12-3ubuntu0.7.10.1_sparc.deb Size/MD5: 100846 715db8b55820a946decb096afff83cc7 http://security.ubuntu.com/ubuntu/pool/main/s/speex/libspeex1_1.1.12-3ubuntu0.7.10.1_sparc.deb Size/MD5: 80278 0ef531ecf94d3f86bd0b262625f7f046 http://security.ubuntu.com/ubuntu/pool/universe/s/speex/speex_1.1.12-3ubuntu0.7.10.1_sparc.deb Size/MD5: 26644 0bbb348bd1845c929bac9060c17c3440 Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/s/speex/speex_1.1.12-3ubuntu0.8.04.1.diff.gz Size/MD5: 16463 ffe6236efeb0636cf1bb82e35e62040c http://security.ubuntu.com/ubuntu/pool/main/s/speex/speex_1.1.12-3ubuntu0.8.04.1.dsc Size/MD5: 896 4b325c8f915dccda407ecd3d9674d227 http://security.ubuntu.com/ubuntu/pool/main/s/speex/speex_1.1.12.orig.tar.gz Size/MD5: 740110 1bd6cdf3a0ebabf818cd72a3401e2610 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/s/speex/speex-doc_1.1.12-3ubuntu0.8.04.1_all.deb Size/MD5: 1374930 cff30859bb6d6d297eb0a67bb1ed4a68 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/s/speex/libspeex-dev_1.1.12-3ubuntu0.8.04.1_amd64.deb Size/MD5: 107162 d2cca372509a36921f7df4c6d91764c4 http://security.ubuntu.com/ubuntu/pool/main/s/speex/libspeex1_1.1.12-3ubuntu0.8.04.1_amd64.deb Size/MD5: 80596 0474f2424b6ef876744af59abf9a3b9e http://security.ubuntu.com/ubuntu/pool/universe/s/speex/speex_1.1.12-3ubuntu0.8.04.1_amd64.deb Size/MD5: 26366 6738274b4274e17566979a13dd8f00e2 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/s/speex/libspeex-dev_1.1.12-3ubuntu0.8.04.1_i386.deb Size/MD5: 92798 ce4b30f29cb5251fa9646d2c51d0ad5b http://security.ubuntu.com/ubuntu/pool/main/s/speex/libspeex1_1.1.12-3ubuntu0.8.04.1_i386.deb Size/MD5: 75300 85cf718906c94e92f7abf54233610779 http://security.ubuntu.com/ubuntu/pool/universe/s/speex/speex_1.1.12-3ubuntu0.8.04.1_i386.deb Size/MD5: 25470 1f49095ca5a425fbf0bcafd3bf61deae lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/s/speex/libspeex-dev_1.1.12-3ubuntu0.8.04.1_lpia.deb Size/MD5: 93058 7c59131c5b33638da73ce607443af0f3 http://ports.ubuntu.com/pool/main/s/speex/libspeex1_1.1.12-3ubuntu0.8.04.1_lpia.deb Size/MD5: 75470 142296715793d59b602509996b012386 http://ports.ubuntu.com/pool/universe/s/speex/speex_1.1.12-3ubuntu0.8.04.1_lpia.deb Size/MD5: 25448 fb2e0288d95179ddcd381b90ed51ed74 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/s/speex/libspeex-dev_1.1.12-3ubuntu0.8.04.1_powerpc.deb Size/MD5: 110910 aec0ff1c13d10e5a4240e9e228e17476 http://ports.ubuntu.com/pool/main/s/speex/libspeex1_1.1.12-3ubuntu0.8.04.1_powerpc.deb Size/MD5: 85722 99aa4c03960bc31c1aa11b5c6dd3b78c http://ports.ubuntu.com/pool/universe/s/speex/speex_1.1.12-3ubuntu0.8.04.1_powerpc.deb Size/MD5: 30130 fae12b25bb03ead975f0717a9a9ccf4f sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/s/speex/libspeex-dev_1.1.12-3ubuntu0.8.04.1_sparc.deb Size/MD5: 100536 bbe537676e242db9d9f032327a4ef82f http://ports.ubuntu.com/pool/main/s/speex/libspeex1_1.1.12-3ubuntu0.8.04.1_sparc.deb Size/MD5: 79398 101308f94e0dcb27bd429eaab076927e http://ports.ubuntu.com/pool/universe/s/speex/speex_1.1.12-3ubuntu0.8.04.1_sparc.deb Size/MD5: 26430 4203e6d8b4f6612d0ed2250a84970820