Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:19950
HistoryJun 04, 2008 - 12:00 a.m.

[SECURITY] [DSA 1591-1] New libvorbis packages fix several vulnerabilities

2008-06-0400:00:00
vulners.com
16
JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Debian Security Advisory DSA-1591-1 [email protected]
http://www.debian.org/security/ Thijs Kinkhorst
June 03, 2008 http://www.debian.org/security/faq

Package : libvorbis
Vulnerability : several
Problem type : local (remote)
Debian-specific: no
CVE Id(s) : CVE-2008-1419 CVE-2008-1420 CVE-2008-1423
Debian Bug : 482518

Several local (remote) vulnerabilities have been discovered in libvorbis,
a library for the Vorbis general-purpose compressed audio codec. The Common
Vulnerabilities and Exposures project identifies the following problems:

CVE-2008-1419

libvorbis does not properly handle a zero value which allows remote
attackers to cause a denial of service (crash or infinite loop) or
trigger an integer overflow.

CVE-2008-1420

Integer overflow in libvorbis allows remote attackers to execute
arbitrary code via a crafted OGG file, which triggers a heap overflow.

CVE-2008-1423

Integer overflow in libvorbis allows remote attackers to cause a denial
of service (crash) or execute arbitrary code via a crafted OGG file
which triggers a heap overflow.

For the stable distribution (etch), these problems have been fixed in version
1.1.2.dfsg-1.4.

For the unstable distribution (sid), these problems have been fixed in
version 1.2.0.dfsg-3.1.

We recommend that you upgrade your libvorbis package.

Upgrade instructions

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch

Source archives:

http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis_1.1.2.dfsg-1.4.dsc
Size/MD5 checksum: 787 2f0bfd28fb368c43c56332e7de7a2e3d
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis_1.1.2.dfsg.orig.tar.gz
Size/MD5 checksum: 1312540 44cf09fef7f78e7c6ba7dd63b6137412
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis_1.1.2.dfsg-1.4.diff.gz
Size/MD5 checksum: 15782 62527e6adcff1dca42018a0252b19b91

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.4_alpha.deb
Size/MD5 checksum: 94500 edb2728b48cd6fc0357f62a7dc8fca5c
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.4_alpha.deb
Size/MD5 checksum: 110468 8273babee8a08c373671b468469b2ede

http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.4_alpha.deb
Size/MD5 checksum: 19202 925dfba3f212e8b69c760c433b119716
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.4_alpha.deb
Size/MD5 checksum: 494958 0052fe78f4be43cb9a7f42ea2b25f7fe

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.4_amd64.deb
Size/MD5 checksum: 17790 f49da89a8b972614687f3a5e2f6c5bac
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.4_amd64.deb
Size/MD5 checksum: 93498 241499415b96f3e348d1ec9c66a45981
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.4_amd64.deb
Size/MD5 checksum: 101508 63e1e8392876a822dc664e21b19e0185
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.4_amd64.deb
Size/MD5 checksum: 468670 8c6c80eb7b8e7f8b49be1447357ebce1

arm architecture (ARM)

http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.4_arm.deb
Size/MD5 checksum: 75744 03dad28341cde24fbbfd20444bf346c2
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.4_arm.deb
Size/MD5 checksum: 18528 508cb939f65a367447c44add9dd8c11a
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.4_arm.deb
Size/MD5 checksum: 98190 a09c2d3021f7b9d2d9b2bf04b2d30957
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.4_arm.deb
Size/MD5 checksum: 458578 6dcadbb28c56a0a9368bfcd67b28d3fa

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.4_hppa.deb
Size/MD5 checksum: 483196 0435784553fb2b9c08c915da58c3c7e1
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.4_hppa.deb
Size/MD5 checksum: 21978 6ade3e3b040f8e01c4fe023df6faf2de
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.4_hppa.deb
Size/MD5 checksum: 108084 7d263ee14d29b787b0f32710ae2bffdf
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.4_hppa.deb
Size/MD5 checksum: 92430 72180513d203103e56e4929ca6da035f

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.4_i386.deb
Size/MD5 checksum: 453652 55bc31f817b6806d19d8f0696cc288cd
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.4_i386.deb
Size/MD5 checksum: 18884 5d4f1bccf5efa0d5ba5767b49f97d253
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.4_i386.deb
Size/MD5 checksum: 75346 f11509bd2b430f8be62706a13748d6bc
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.4_i386.deb
Size/MD5 checksum: 98176 d5b46716c8ab083b9c00b523a73a81b9

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.4_ia64.deb
Size/MD5 checksum: 98022 dabf436427e867a81074bdca0c53ef6e
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.4_ia64.deb
Size/MD5 checksum: 510180 1c4e1c58e7d63f10ff7efaf3a6555f46
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.4_ia64.deb
Size/MD5 checksum: 24700 8dadf685db0738f52c4b47420eff588a
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.4_ia64.deb
Size/MD5 checksum: 136046 b5d657cad9154915f0a9c0779e68cf1c

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.4_mips.deb
Size/MD5 checksum: 104986 3d6d14fff3621ed344e88e7bb57ae627
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.4_mips.deb
Size/MD5 checksum: 81588 e776156e4d5647f0aa591ea8b01d3aad
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.4_mips.deb
Size/MD5 checksum: 20946 5f5eca06d6b715087a4298d2db944fcf
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.4_mips.deb
Size/MD5 checksum: 479286 4a9404dab651fd387901d6eb223bd835

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.4_mipsel.deb
Size/MD5 checksum: 76982 63638be1a06154fa1126e5be3a4ac95e

http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.4_mipsel.deb
Size/MD5 checksum: 469086 9c31f061ab04690bf52876821a9383ea

http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.4_mipsel.deb
Size/MD5 checksum: 20944 5f59636c00cbe76590ac1ef23235cd8d
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.4_mipsel.deb
Size/MD5 checksum: 104948 be1bf5fd730d239f5cd62a92cd4b75e4

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.4_powerpc.deb
Size/MD5 checksum: 105760 ba397af813b092de9bea72accb46db4b

http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.4_powerpc.deb
Size/MD5 checksum: 21394 7e12a198ce7bed6922d20da108e5bad5

http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.4_powerpc.deb
Size/MD5 checksum: 82558 1299949b45c3a6fdba4fa64fcf48dc53

http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.4_powerpc.deb
Size/MD5 checksum: 475206 7cda1ebdffc9b47d90efa594bea5d5b8

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.4_s390.deb
Size/MD5 checksum: 452736 403af241544bf4fd66f4993003f0f192
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.4_s390.deb
Size/MD5 checksum: 90546 f2f4a9e7410b946b91c4d44cef18f5af
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.4_s390.deb
Size/MD5 checksum: 102548 ad43cb11ddff398ee0a83ded1a024321
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.4_s390.deb
Size/MD5 checksum: 20920 7ffdc1f9962394073efae81356780428

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.4_sparc.deb
Size/MD5 checksum: 98252 fad4afe3566e986fe819a0fff6a2376e
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.4_sparc.deb
Size/MD5 checksum: 453410 ce3775bb59d55b9ba7e34469225e0d20

http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.4_sparc.deb
Size/MD5 checksum: 17888 4eaf8a0cfd4f3b1c6f8332ccf1bf6ef4
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.4_sparc.deb
Size/MD5 checksum: 79796 57795226ac31a7b5bf7793e4e14dc89a

These files will probably be moved into the stable distribution on
its next update.

For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: [email protected]
Package info: `apt-cache show <pkg>' and http://packages.debian.org/&lt;pkg&gt;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iQEVAwUBSEUOemz0hbPcukPfAQKlCwf/RNQkhN5GiXzWbIPQDNuXCa9Gri63UI6Z
yUpFdhpcitk0JKDznD67BwrVjEFOOhInCDMiVftX53oAGoUhW/kEbQ4A+gzqf9cJ
B6OfyEjzV9JLEZ5OMlRQCigQpbUqQVwx6ISBM/RuzbuQSXEpYtUPztPAqHmVZDdU
WjiVKEioP6T64ql9xxEu15ekuWJpcaglkHSOEGPmJZwP/9sLCQrVUwciMSWR/fr+
kdV47I292yfyhdVMnmszpncAtO1ZWAyDV8DZS2yMXlqxfK/nMadz4PWj39gISr6e
677OU3WzrE+tj7hKGvutvivwTEzNzhrHq5/oYFnQn/mgoHfgKFsNlQ==
=52+x
-----END PGP SIGNATURE-----

Related

openvas 27
freebsd 3
nessus 19
centos 2
fedora 3
oraclelinux 1
seebug 1
osv 1
redhat 2
debian 1
ubuntu 2
gentoo 1
securityvulns 2
debiancve 3
prion 4
veracode 3
ubuntucve 4
cve 4
openvas
openvas
FreeBSD Ports: libvorbis
2008-09-04 00:00:00
Debian Security Advisory DSA 1591-1 (libvorbis)
2008-06-11 00:00:00
Oracle Linux Local Check: ELSA-2008-0270
2015-10-08 00:00:00
freebsd
freebsd
libvorbis -- various security issues
2008-05-14 00:00:00
libtremor -- multiple vulnerabilities
2008-03-19 00:00:00
libvorbis -- multiple vulnerabilities
2009-11-24 00:00:00
nessus
nessus
SuSE9 Security Update : libvorbis (YOU Patch Number 12159)
2009-09-24 00:00:00
SuSE 10 Security Update : libvorbis (ZYPP Patch Number 5259)
2008-05-29 00:00:00
Mandriva Linux Security Advisory : libvorbis (MDVSA-2008:102)
2009-04-23 00:00:00
centos
centos
libvorbis security update
2008-05-14 12:52:45
libvorbis security update
2008-05-16 03:59:20
fedora
fedora
[SECURITY] Fedora 9 Update: libvorbis-1.2.0-4.fc9
2008-05-14 22:10:23
[SECURITY] Fedora 8 Update: libvorbis-1.2.0-2.fc8
2008-05-14 22:08:15
[SECURITY] Fedora 7 Update: libvorbis-1.1.2-4.fc7
2008-05-14 22:08:55
oraclelinux
oraclelinux
libvorbis security update
2008-05-14 00:00:00
seebug
seebug
libvorbis倚δΈͺηΌ“ε†²εŒΊζΊ’ε‡ΊζΌζ΄ž
2008-05-17 00:00:00
osv
osv
libvorbis - several vulnerabilities
2008-06-03 00:00:00
redhat
redhat
(RHSA-2008:0270) Important: libvorbis security update
2008-05-14 00:00:00
(RHSA-2008:0271) Important: libvorbis security update
2008-05-14 00:00:00
debian
debian
[SECURITY] [DSA 1591-1] New libvorbis packages fix several vulnerabilities
2008-06-03 09:27:35
ubuntu
ubuntu
libvorbis vulnerabilities
2008-12-01 00:00:00
libvorbis vulnerability
2009-08-24 00:00:00
gentoo
gentoo
libvorbis: Multiple vulnerabilities
2008-06-23 00:00:00
securityvulns
securityvulns
libvorbis multiple security vulnerabilities
2009-08-25 00:00:00
[USN-825-1] libvorbis vulnerability
2009-08-25 00:00:00
debiancve
debiancve
CVE-2008-1423
2008-05-16 12:54:00
CVE-2008-1419
2008-05-16 12:54:00
CVE-2008-1420
2008-05-16 12:54:00
prion
prion
Integer overflow
2008-05-16 12:54:00
Integer overflow
2008-05-16 12:54:00
Integer overflow
2008-05-16 12:54:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:23:05
Arbitrary Code Execution
2020-04-10 00:23:05
Denial Of Service (DoS)
2020-04-10 00:23:05
ubuntucve
ubuntucve
CVE-2008-1423
2008-05-16 00:00:00
CVE-2008-1420
2008-05-16 00:00:00
CVE-2008-1419
2008-05-16 00:00:00
cve
cve
CVE-2008-1423
2008-05-16 12:54:00
CVE-2008-1419
2008-05-16 12:54:00
CVE-2008-1420
2008-05-16 12:54:00
JSON
Related for SECURITYVULNS:DOC:19950
openvas27freebsd3nessus19centos2fedora3oraclelinux1seebug1osv1redhat2debian1ubuntu2gentoo1securityvulns2debiancve3prion4veracode3ubuntucve4cve4