Package name
libvorbis
Date
2008-05-16
Advisory ID
MDVSA-2008:102
Affected versions
CS4.0 i586 , CS4.0 x86_64 , MNF2.0 i586 , 2008.0 i586 , 2007.1 i586 , CS3.0 x86_64 , 2008.0 x86_64 , CS3.0 i586 , 2008.1 x86_64 , 2008.1 i586 , 2007.1 x86_64

Problem description

Will Drewry of the Google Security Team reported several
vulnerabilities in how libvorbis processed audio data. An attacker
could create a carefuly crafted OGG audio file in such a way that it
would cause an application linked to libvorbis to crash or possibly
execute arbitray code when opened (CVE-2008-1419, CVE-2008-1420,
CVE-2008-1423).

The updated packages have been patched to correct these issues.

Updated packages

CS4.0 i586

 d6512287aa943a0ead7045d10ff0fd64  corporate/4.0/i586/libvorbis0-1.1.1-1.3.20060mlcs4.i586.rpm
 2e924c490578d23e17475749377b4e63  corporate/4.0/i586/libvorbis0-devel-1.1.1-1.3.20060mlcs4.i586.rpm
 24a4682c88a7560dc5396eb5d850a725  corporate/4.0/i586/libvorbisenc2-1.1.1-1.3.20060mlcs4.i586.rpm
 9b24d1fdfaf9fe3f60c69442b9642a2c  corporate/4.0/i586/libvorbisfile3-1.1.1-1.3.20060mlcs4.i586.rpm 
 0f71f35769e8af7da0d774575341092f  corporate/4.0/SRPMS/libvorbis-1.1.1-1.3.20060mlcs4.src.rpm

CS4.0 x86_64

 284c2f25348352c5387aa0e9e6187ce4  corporate/4.0/x86_64/lib64vorbis0-1.1.1-1.3.20060mlcs4.x86_64.rpm
 28c199ffc00ed7cc4c3672c72f659827  corporate/4.0/x86_64/lib64vorbis0-devel-1.1.1-1.3.20060mlcs4.x86_64.rpm
 5522f8715b0777be6f54e9c70b124fa5  corporate/4.0/x86_64/lib64vorbisenc2-1.1.1-1.3.20060mlcs4.x86_64.rpm
 2f1475ff87cefaa186cf5cd76c838e48  corporate/4.0/x86_64/lib64vorbisfile3-1.1.1-1.3.20060mlcs4.x86_64.rpm 
 0f71f35769e8af7da0d774575341092f  corporate/4.0/SRPMS/libvorbis-1.1.1-1.3.20060mlcs4.src.rpm

MNF2.0 i586

 1e7d371f824f6d901cd5e64efba6e126  mnf/2.0/i586/libvorbis0-1.0.1-4.3.M20mdk.i586.rpm
 025c72d0ebf296dc5caa5696d88a5658  mnf/2.0/i586/libvorbisenc2-1.0.1-4.3.M20mdk.i586.rpm
 e1ba96367ba4c4421f8b0d4a9971fc81  mnf/2.0/i586/libvorbisfile3-1.0.1-4.3.M20mdk.i586.rpm 
 5b4c410db83ca6c2fea55e4655f7d69f  mnf/2.0/SRPMS/libvorbis-1.0.1-4.3.M20mdk.src.rpm

2008.0 i586

 afc28b1fe16565fb2565248c0e5eb86f  2008.0/i586/libvorbis0-1.2.0-1.1mdv2008.0.i586.rpm
 9d4802aadad40250b556bff207975af1  2008.0/i586/libvorbis-devel-1.2.0-1.1mdv2008.0.i586.rpm
 cacd71dfd157ad08f26f479fed9317bc  2008.0/i586/libvorbisenc2-1.2.0-1.1mdv2008.0.i586.rpm
 a0314cab211a753715e297dbed4626d8  2008.0/i586/libvorbisfile3-1.2.0-1.1mdv2008.0.i586.rpm 
 d1dda60c16843e2bd15aa7b933b0e6a3  2008.0/SRPMS/libvorbis-1.2.0-1.1mdv2008.0.src.rpm

2007.1 i586

 988704757ac8c3bead6de547b251838b  2007.1/i586/libvorbis0-1.1.2-1.4mdv2007.1.i586.rpm
 8f60e571ac7e9333b02fc3c40ace8b01  2007.1/i586/libvorbis0-devel-1.1.2-1.4mdv2007.1.i586.rpm
 e2bc6642ebf24401edcd8948ddfcffb5  2007.1/i586/libvorbisenc2-1.1.2-1.4mdv2007.1.i586.rpm
 57327a105e98b85378db9ddbfd84d4f0  2007.1/i586/libvorbisfile3-1.1.2-1.4mdv2007.1.i586.rpm 
 63bf4d76e37622526f9ed49f7d18659d  2007.1/SRPMS/libvorbis-1.1.2-1.4mdv2007.1.src.rpm

CS3.0 x86_64

 db476417d6b6797a8a6091a3b0ae26a2  corporate/3.0/x86_64/lib64vorbis0-1.0.1-4.3.C30mdk.x86_64.rpm
 c0cbdb841085563bcd867ac8e13ae59b  corporate/3.0/x86_64/lib64vorbis0-devel-1.0.1-4.3.C30mdk.x86_64.rpm
 2313621be14f858b20370cd7f00cf63b  corporate/3.0/x86_64/lib64vorbisenc2-1.0.1-4.3.C30mdk.x86_64.rpm
 f265e6fd50a970aa8dc592b7a08b7811  corporate/3.0/x86_64/lib64vorbisfile3-1.0.1-4.3.C30mdk.x86_64.rpm 
 cacdfed7916ecb3234f375bb02e9c249  corporate/3.0/SRPMS/libvorbis-1.0.1-4.3.C30mdk.src.rpm

2008.0 x86_64

 c2433a2b905824a4f4de99aa667076e4  2008.0/x86_64/lib64vorbis0-1.2.0-1.1mdv2008.0.x86_64.rpm
 4279d736bcde722c2b29b417362d0409  2008.0/x86_64/lib64vorbis-devel-1.2.0-1.1mdv2008.0.x86_64.rpm
 860f090cdfb3df8eb5e5b35ebbfa89ba  2008.0/x86_64/lib64vorbisenc2-1.2.0-1.1mdv2008.0.x86_64.rpm
 7d4731bda5c3f88bbf1f9f331a8d7375  2008.0/x86_64/lib64vorbisfile3-1.2.0-1.1mdv2008.0.x86_64.rpm 
 d1dda60c16843e2bd15aa7b933b0e6a3  2008.0/SRPMS/libvorbis-1.2.0-1.1mdv2008.0.src.rpm

CS3.0 i586

 2c140f7bb5e1743b92798fa29210f620  corporate/3.0/i586/libvorbis0-1.0.1-4.3.C30mdk.i586.rpm
 b5b0c19e2816af0ea3093165b3647445  corporate/3.0/i586/libvorbis0-devel-1.0.1-4.3.C30mdk.i586.rpm
 d747674f772ab16e4548679b32d79aba  corporate/3.0/i586/libvorbisenc2-1.0.1-4.3.C30mdk.i586.rpm
 ad19edfeab15ed5337e573f26955dfc9  corporate/3.0/i586/libvorbisfile3-1.0.1-4.3.C30mdk.i586.rpm 
 cacdfed7916ecb3234f375bb02e9c249  corporate/3.0/SRPMS/libvorbis-1.0.1-4.3.C30mdk.src.rpm

2008.1 x86_64

 7e94c0757ed2c8c4ef4c16c07adb4f22  2008.1/x86_64/lib64vorbis0-1.2.0-3.1mdv2008.1.x86_64.rpm
 83c2cfef1a65545b0df9176d58e416d1  2008.1/x86_64/lib64vorbis-devel-1.2.0-3.1mdv2008.1.x86_64.rpm
 17865f92f4468532489038d1cae048b0  2008.1/x86_64/lib64vorbisenc2-1.2.0-3.1mdv2008.1.x86_64.rpm
 efb5d10d9ad6e8ada31048866e1df6d9  2008.1/x86_64/lib64vorbisfile3-1.2.0-3.1mdv2008.1.x86_64.rpm 
 be801c948ffb9957bd622889760aecce  2008.1/SRPMS/libvorbis-1.2.0-3.1mdv2008.1.src.rpm

2008.1 i586

 468279e3844cc8090b40a9b887aa8b19  2008.1/i586/libvorbis0-1.2.0-3.1mdv2008.1.i586.rpm
 be40e608a2c1b68b52defcedab7b2215  2008.1/i586/libvorbis-devel-1.2.0-3.1mdv2008.1.i586.rpm
 06e54777aa4a9574e1683ba1a3a639e0  2008.1/i586/libvorbisenc2-1.2.0-3.1mdv2008.1.i586.rpm
 381e3925d9cf0fff52cfbdefee15cd37  2008.1/i586/libvorbisfile3-1.2.0-3.1mdv2008.1.i586.rpm 
 be801c948ffb9957bd622889760aecce  2008.1/SRPMS/libvorbis-1.2.0-3.1mdv2008.1.src.rpm

2007.1 x86_64

 1ccecfb9dc31f68306098e276eed2f03  2007.1/x86_64/lib64vorbis0-1.1.2-1.4mdv2007.1.x86_64.rpm
 235be7e026a0517fd8df0c64afa2c142  2007.1/x86_64/lib64vorbis0-devel-1.1.2-1.4mdv2007.1.x86_64.rpm
 da0e6f4cd91bb0c6b2d7998383213286  2007.1/x86_64/lib64vorbisenc2-1.1.2-1.4mdv2007.1.x86_64.rpm
 73343cb9c55ea9d5ce194ac1f8576619  2007.1/x86_64/lib64vorbisfile3-1.1.2-1.4mdv2007.1.x86_64.rpm 
 63bf4d76e37622526f9ed49f7d18659d  2007.1/SRPMS/libvorbis-1.1.2-1.4mdv2007.1.src.rpm

References