=========================================================== Ubuntu Security Notice USN-682-1 December 01, 2008 libvorbis vulnerabilities CVE-2008-1419, CVE-2008-1420, CVE-2008-1423 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.10 Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libvorbis0a 1.1.2-0ubuntu2.3 Ubuntu 7.10: libvorbis0a 1.2.0.dfsg-1ubuntu0.1 Ubuntu 8.04 LTS: libvorbis0a 1.2.0.dfsg-2ubuntu0.1 After a standard system upgrade you need to restart any applications that use libvorbis, such as Totem and gtkpod, to effect the necessary changes. Details follow: It was discovered that libvorbis did not correctly handle certain malformed sound files. If a user were tricked into opening a specially crafted sound file with an application that uses libvorbis, an attacker could execute arbitrary code with the user's privileges. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis_1.1.2-0ubuntu2.3.diff.gz Size/MD5: 11735 23f3260732f1b61563011034bf9aff5a http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis_1.1.2-0ubuntu2.3.dsc Size/MD5: 706 0758a89dc0616697d3cb128b0f42e475 http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis_1.1.2.orig.tar.gz Size/MD5: 1316434 37847626b8e1b53ae79a34714c7b3211 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis-dev_1.1.2-0ubuntu2.3_amd64.deb Size/MD5: 487988 6ac00dab1115b85c27189621c06c008f http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis0a_1.1.2-0ubuntu2.3_amd64.deb Size/MD5: 101856 0c92f61c2c777cce1d5277ed840fffcc http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisenc2_1.1.2-0ubuntu2.3_amd64.deb Size/MD5: 100908 78d05f9a2670e1a87740c9cc629782fd http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisfile3_1.1.2-0ubuntu2.3_amd64.deb Size/MD5: 18646 4df2145dff94106c81ee2fcac873a75b i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis-dev_1.1.2-0ubuntu2.3_i386.deb Size/MD5: 469316 1f9bdb104c24279d1c92c363640afce1 http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis0a_1.1.2-0ubuntu2.3_i386.deb Size/MD5: 96240 844260578e93b48388975720d845c033 http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisenc2_1.1.2-0ubuntu2.3_i386.deb Size/MD5: 82932 6c614ab9888672510e947f1d246db071 http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisfile3_1.1.2-0ubuntu2.3_i386.deb Size/MD5: 19584 a206c9c5fb541f709fd4a4dce8c606ca powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis-dev_1.1.2-0ubuntu2.3_powerpc.deb Size/MD5: 503692 f929a9177343adbf367e74c0ea5cbee7 http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis0a_1.1.2-0ubuntu2.3_powerpc.deb Size/MD5: 106230 f01391134bebdff866c694f14b8be256 http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisenc2_1.1.2-0ubuntu2.3_powerpc.deb Size/MD5: 86804 5d328592302bc7d23742c0d32d3322f4 http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisfile3_1.1.2-0ubuntu2.3_powerpc.deb Size/MD5: 22616 921a35c6e272fd4c00a8ed82d2855aca sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis-dev_1.1.2-0ubuntu2.3_sparc.deb Size/MD5: 478580 e7b9e3d3444aa9b2516e2de383ad0212 http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis0a_1.1.2-0ubuntu2.3_sparc.deb Size/MD5: 99560 c7a45c44998fff502735a1a555c533ef http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisenc2_1.1.2-0ubuntu2.3_sparc.deb Size/MD5: 84760 b12349cd58f4c20dd510f7bc4018ceba http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisfile3_1.1.2-0ubuntu2.3_sparc.deb Size/MD5: 19434 2865e544cff32fffeb9e5b91d2d9f5b9 Updated packages for Ubuntu 7.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis_1.2.0.dfsg-1ubuntu0.1.diff.gz Size/MD5: 6803 eba88f0d5ed7e99f23c390ac5b061aa6 http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis_1.2.0.dfsg-1ubuntu0.1.dsc Size/MD5: 936 0afaeb24889965a41966dbce3d9bd8e6 http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis_1.2.0.dfsg.orig.tar.gz Size/MD5: 1477935 3c7fff70c0989ab3c1c85366bf670818 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-1ubuntu0.1_amd64.deb Size/MD5: 475590 7a6503ea10ce1550dfa80f4d3cce5fb3 http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-1ubuntu0.1_amd64.deb Size/MD5: 104288 0c60601a0a2b44caf7789c6d4a20965e http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-1ubuntu0.1_amd64.deb Size/MD5: 94172 f617ece4bdf424c66614e1ed29e1e3b0 http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-1ubuntu0.1_amd64.deb Size/MD5: 19202 a1831a3dd4389bff251d4aa9a127a80e i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-1ubuntu0.1_i386.deb Size/MD5: 455008 d98ab2c958d7ab2afaefed5084cf7d57 http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-1ubuntu0.1_i386.deb Size/MD5: 99594 0fd621c1950703339239f5aed7f4c805 http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-1ubuntu0.1_i386.deb Size/MD5: 75998 3843a868a9bfc8f330270e5ea966b753 http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-1ubuntu0.1_i386.deb Size/MD5: 20064 a69d1699effba03d8de9b98ddbcb9748 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-1ubuntu0.1_lpia.deb Size/MD5: 457286 030878c8e2394ce9ecd92c03de803098 http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-1ubuntu0.1_lpia.deb Size/MD5: 100054 68f25494c3ec5217af8263d60b67915b http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-1ubuntu0.1_lpia.deb Size/MD5: 76134 68219cdf66ec0aa276c695fface59427 http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-1ubuntu0.1_lpia.deb Size/MD5: 19900 8e45f8dc189f83d860066975e178712e powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-1ubuntu0.1_powerpc.deb Size/MD5: 484714 a6c8845587f6a2b27e054dac925340b3 http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-1ubuntu0.1_powerpc.deb Size/MD5: 109326 dced4c6926117ed364d36b83ebc5722a http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-1ubuntu0.1_powerpc.deb Size/MD5: 83698 6f2af6040278913dae5e595fbe2de6c1 http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-1ubuntu0.1_powerpc.deb Size/MD5: 23756 4f74ee6f4f17466807770592e4cc1262 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-1ubuntu0.1_sparc.deb Size/MD5: 462312 f378e16a892a6613391579ebd78a1cb8 http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-1ubuntu0.1_sparc.deb Size/MD5: 100548 fa60ade69e538ab433a4f29c39d47626 http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-1ubuntu0.1_sparc.deb Size/MD5: 80566 992176befcc1e4b0f5c9e8623446d388 http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-1ubuntu0.1_sparc.deb Size/MD5: 19260 42b606b63d8d534776b805cd089e7208 Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis_1.2.0.dfsg-2ubuntu0.1.diff.gz Size/MD5: 6859 229d235964b97a77019007f465e6be12 http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis_1.2.0.dfsg-2ubuntu0.1.dsc Size/MD5: 936 cb80528452572db8df019ee48022bfec http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis_1.2.0.dfsg.orig.tar.gz Size/MD5: 1477935 3c7fff70c0989ab3c1c85366bf670818 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-2ubuntu0.1_amd64.deb Size/MD5: 474602 019214230eddd04a756dcd6eb206f4d5 http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-2ubuntu0.1_amd64.deb Size/MD5: 103554 105de05b983d65a404f60af6eea67e68 http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-2ubuntu0.1_amd64.deb Size/MD5: 94216 c6c2e356c2dc96d4af547fb2a1dd5b34 http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-2ubuntu0.1_amd64.deb Size/MD5: 18928 82c4d54a4f30c7e41da333543e2d1370 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-2ubuntu0.1_i386.deb Size/MD5: 455286 75d65fe98e008eb426c47822221b8903 http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-2ubuntu0.1_i386.deb Size/MD5: 98426 3d03860f8b0271c7f04e5eb5681800b9 http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-2ubuntu0.1_i386.deb Size/MD5: 76012 2190470c51c85850e153416e10cb9583 http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-2ubuntu0.1_i386.deb Size/MD5: 19782 943c8d8a7b3cbface595f47b87d4129e lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-2ubuntu0.1_lpia.deb Size/MD5: 457272 6b6c65e2e8a4883c567723a31c970909 http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-2ubuntu0.1_lpia.deb Size/MD5: 99072 af5d515bb4159f811df31789606cf6fa http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-2ubuntu0.1_lpia.deb Size/MD5: 76154 39f582ff09a3e43c6690ece11c1272de http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-2ubuntu0.1_lpia.deb Size/MD5: 19778 2482fd35cdcfaf93af997a11f2277859 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-2ubuntu0.1_powerpc.deb Size/MD5: 484204 128ddaebf7ab8c95288de20b309b7b39 http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-2ubuntu0.1_powerpc.deb Size/MD5: 108516 a15c110e58da00ce9e851f8f04909673 http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-2ubuntu0.1_powerpc.deb Size/MD5: 83532 be00dcbd1f6a209ff7e59669ea3bcf33 http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-2ubuntu0.1_powerpc.deb Size/MD5: 23644 d07be5c602f3714cf0701226fef5bfa4 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-2ubuntu0.1_sparc.deb Size/MD5: 461822 9396b9f159e3e96ce44c140f02dcf3cb http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-2ubuntu0.1_sparc.deb Size/MD5: 99428 8dbbaf70afa928a5d2407d1eef3b1922 http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-2ubuntu0.1_sparc.deb Size/MD5: 80484 e5592f1cd6297a630fd7358d6c88c82e http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-2ubuntu0.1_sparc.deb Size/MD5: 19054 66c63c0e4024661e9d905b22862450c5