MDVSA-2012:051

Package name

libvorbis

Date

2012-04-03

Advisory ID

MDVSA-2012:051

Affected versions

MES5 i586 , MES5 x86_64

Problem description

Multiple vulnerabilities has been found and corrected in libvorbis:

A specially-crafted Ogg Vorbis media format file (Ogg) could cause an
application using libvorbis to crash or, possibly, execute arbitrary
code when opened (CVE-2009-3379).

If a specially-crafted Ogg Vorbis media file was opened by an
application using libvorbis, it could cause the application to crash
or, possibly, execute arbitrary code with the privileges of the user
running the application (CVE-2012-0444).

The updated packages have been patched to correct these issues.

Updated packages

MES5 i586

 ece659e54b7d1bac26e792b625232333  mes5/i586/libvorbis0-1.2.0-4.1mdvmes5.2.i586.rpm
 d2b835f7c68e29111de24ab129354e05  mes5/i586/libvorbis-devel-1.2.0-4.1mdvmes5.2.i586.rpm
 8bc83ee09d755048026d7aae6d82043d  mes5/i586/libvorbisenc2-1.2.0-4.1mdvmes5.2.i586.rpm
 5acf6147b305e97872a6c082e2f479a0  mes5/i586/libvorbisfile3-1.2.0-4.1mdvmes5.2.i586.rpm 
 35bb367ac29a9ac9b2e8d9cf1941efaa  mes5/SRPMS/libvorbis-1.2.0-4.1mdvmes5.2.src.rpm

MES5 x86_64

 0329275aa15b395baf905d14b63fc131  mes5/x86_64/lib64vorbis0-1.2.0-4.1mdvmes5.2.x86_64.rpm
 e43d4cee69f533242bf745e8ed07278c  mes5/x86_64/lib64vorbis-devel-1.2.0-4.1mdvmes5.2.x86_64.rpm
 3bbfbe421c62ff9285ed93247331237e  mes5/x86_64/lib64vorbisenc2-1.2.0-4.1mdvmes5.2.x86_64.rpm
 a2327dcc4ea9796068e0a0dfad899678  mes5/x86_64/lib64vorbisfile3-1.2.0-4.1mdvmes5.2.x86_64.rpm 
 35bb367ac29a9ac9b2e8d9cf1941efaa  mes5/SRPMS/libvorbis-1.2.0-4.1mdvmes5.2.src.rpm

References

• https://bugzilla.redhat.com/show_bug.cgi?id=531765
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0444
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3379
• https://bugzilla.redhat.com/show_bug.cgi?id=786026