Package name
libvorbis
Date
2007-08-20
Advisory ID
MDKSA-2007:167-1
Affected versions
2007.1 i586 , 2007.1 x86_64

Problem description

David Thiel discovered that libvorbis did not correctly verify the size
of certain headers, and did not correctly clean up a broken stream.
If a user were tricked into processing a specially crafted Vorbis
stream, a remote attacker could possibly cause a denial of service
or execute arbitrary code with the user's privileges.

Update:

Due to a packaging problem, the libvorbis development package was not
able to be upgraded on Mandriva Linux 2007.1 This has been corrected
with this new update.

Updated packages

2007.1 i586

 2e0f3ba6bab84829f4eb5602610f0283  2007.1/i586/libvorbis0-1.1.2-1.2mdv2007.1.i586.rpm
 4c1f8bf27383b5e60a83c877e82c6d28  2007.1/i586/libvorbis0-devel-1.1.2-1.2mdv2007.1.i586.rpm
 bb34b14893244635f9babcec95f0a4c6  2007.1/i586/libvorbisenc2-1.1.2-1.2mdv2007.1.i586.rpm
 70a25cd8bd2d7401d0e6856cac302181  2007.1/i586/libvorbisfile3-1.1.2-1.2mdv2007.1.i586.rpm 
 74aafd22d2b5a3bbb22b22256436cc24  2007.1/SRPMS/libvorbis-1.1.2-1.2mdv2007.1.src.rpm

2007.1 x86_64

 7dfa1037d95c4a177486d1a86bd53541  2007.1/x86_64/lib64vorbis0-1.1.2-1.2mdv2007.1.x86_64.rpm
 036c3670b57f6a0b142562e21134a103  2007.1/x86_64/lib64vorbis0-devel-1.1.2-1.2mdv2007.1.x86_64.rpm
 bf09716e4000c8fd92870fd037e7eef8  2007.1/x86_64/lib64vorbisenc2-1.1.2-1.2mdv2007.1.x86_64.rpm
 88c10d6028086f241ae32b20ee192a87  2007.1/x86_64/lib64vorbisfile3-1.1.2-1.2mdv2007.1.x86_64.rpm 
 74aafd22d2b5a3bbb22b22256436cc24  2007.1/SRPMS/libvorbis-1.1.2-1.2mdv2007.1.src.rpm

References