Paketname
vorbis-tools
Datum
2008-04-29
Advisory ID
MDVSA-2008:093
Betroffene Versionen
2008.0 i586 , CS3.0 x86_64 , 2008.0 x86_64 , CS3.0 i586 , 2008.1 x86_64 , 2008.1 i586

Problembeschreibung

A vulnerability in the Speex library was found where it did not
properly validate input values read from the Speex files headers.
An attacker could create a malicious Speex file that would crash an
application or potentially allow the execution of arbitrary code
with the privileges of the application calling the Speex library
(CVE-2008-1686).

The ogg123 application in vorbis-tools is similarly affected by
this issue.

The updated packages have been patched to correct this issue.

Aktualisierte Pakete

2008.0 i586

 a4331899942b05ebd3909c13148b74ef  2008.0/i586/vorbis-tools-1.1.1-5.3mdv2008.0.i586.rpm 
 6d6c9af915f5554705ff21e3ac7899c6  2008.0/SRPMS/vorbis-tools-1.1.1-5.3mdv2008.0.src.rpm

CS3.0 x86_64

 564ba6fd1866c2ae816392bd99151392  corporate/3.0/x86_64/vorbis-tools-1.0.1-3.1.C30mdk.x86_64.rpm 
 04e82f3cee374dfa96abda8c8d8c13cf  corporate/3.0/SRPMS/vorbis-tools-1.0.1-3.1.C30mdk.src.rpm

2008.0 x86_64

 bf29349d9039c06444fb022961656b33  2008.0/x86_64/vorbis-tools-1.1.1-5.3mdv2008.0.x86_64.rpm 
 6d6c9af915f5554705ff21e3ac7899c6  2008.0/SRPMS/vorbis-tools-1.1.1-5.3mdv2008.0.src.rpm

CS3.0 i586

 a83ba9f3b42ec7f02686edfe04b99ad3  corporate/3.0/i586/vorbis-tools-1.0.1-3.1.C30mdk.i586.rpm 
 04e82f3cee374dfa96abda8c8d8c13cf  corporate/3.0/SRPMS/vorbis-tools-1.0.1-3.1.C30mdk.src.rpm

2008.1 x86_64

 c5f3b5b9128a792a49aea637a2e62e69  2008.1/x86_64/vorbis-tools-1.2.0-1.1mdv2008.1.x86_64.rpm 
 71cd7bb0c31e359536ee1e8b19c2a90a  2008.1/SRPMS/vorbis-tools-1.2.0-1.1mdv2008.1.src.rpm

2008.1 i586

 6cccd5ec7704043dd7904cbe2a0cd884  2008.1/i586/vorbis-tools-1.2.0-1.1mdv2008.1.i586.rpm 
 71cd7bb0c31e359536ee1e8b19c2a90a  2008.1/SRPMS/vorbis-tools-1.2.0-1.1mdv2008.1.src.rpm

Referenzen