MDVSA-2008:093
- Package name
- vorbis-tools
- Date
- 2008-04-29
- Advisory ID
- MDVSA-2008:093
- Affected versions
- 2008.0 i586 , CS3.0 x86_64 , 2008.0 x86_64 , CS3.0 i586 , 2008.1 x86_64 , 2008.1 i586
Problem description
A vulnerability in the Speex library was found where it did not
properly validate input values read from the Speex files headers.
An attacker could create a malicious Speex file that would crash an
application or potentially allow the execution of arbitrary code
with the privileges of the application calling the Speex library
(CVE-2008-1686).
The ogg123 application in vorbis-tools is similarly affected by
this issue.
The updated packages have been patched to correct this issue.
Updated packages
2008.0 i586
a4331899942b05ebd3909c13148b74ef 2008.0/i586/vorbis-tools-1.1.1-5.3mdv2008.0.i586.rpm 6d6c9af915f5554705ff21e3ac7899c6 2008.0/SRPMS/vorbis-tools-1.1.1-5.3mdv2008.0.src.rpm
CS3.0 x86_64
564ba6fd1866c2ae816392bd99151392 corporate/3.0/x86_64/vorbis-tools-1.0.1-3.1.C30mdk.x86_64.rpm 04e82f3cee374dfa96abda8c8d8c13cf corporate/3.0/SRPMS/vorbis-tools-1.0.1-3.1.C30mdk.src.rpm
2008.0 x86_64
bf29349d9039c06444fb022961656b33 2008.0/x86_64/vorbis-tools-1.1.1-5.3mdv2008.0.x86_64.rpm 6d6c9af915f5554705ff21e3ac7899c6 2008.0/SRPMS/vorbis-tools-1.1.1-5.3mdv2008.0.src.rpm
CS3.0 i586
a83ba9f3b42ec7f02686edfe04b99ad3 corporate/3.0/i586/vorbis-tools-1.0.1-3.1.C30mdk.i586.rpm 04e82f3cee374dfa96abda8c8d8c13cf corporate/3.0/SRPMS/vorbis-tools-1.0.1-3.1.C30mdk.src.rpm
2008.1 x86_64
c5f3b5b9128a792a49aea637a2e62e69 2008.1/x86_64/vorbis-tools-1.2.0-1.1mdv2008.1.x86_64.rpm 71cd7bb0c31e359536ee1e8b19c2a90a 2008.1/SRPMS/vorbis-tools-1.2.0-1.1mdv2008.1.src.rpm
2008.1 i586
6cccd5ec7704043dd7904cbe2a0cd884 2008.1/i586/vorbis-tools-1.2.0-1.1mdv2008.1.i586.rpm 71cd7bb0c31e359536ee1e8b19c2a90a 2008.1/SRPMS/vorbis-tools-1.2.0-1.1mdv2008.1.src.rpm