=========================================================== Ubuntu Security Notice USN-498-1 August 16, 2007 libvorbis vulnerabilities CVE-2007-3106, CVE-2007-4029 ===========================================================
A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libvorbis0a 1.1.2-0ubuntu2.2 Ubuntu 6.10: libvorbis0a 1.1.2-1ubuntu1.2 Ubuntu 7.04: libvorbis0a 1.1.2.dfsg-1.2ubuntu2 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: David Thiel discovered that libvorbis did not correctly verify the size of certain headers, and did not correctly clean up a broken stream. If a user were tricked into processing a specially crafted Vorbis stream, a remote attacker could execute arbitrary code with the user's privileges. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis_1.1.2-0ubuntu2.2.diff.gz Size/MD5: 1945 86c1fc2f0361eb0db830f867693a548e http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis_1.1.2-0ubuntu2.2.dsc Size/MD5: 697 c620f1d709ab55f55b183fd3c91bce93 http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis_1.1.2.orig.tar.gz Size/MD5: 1316434 37847626b8e1b53ae79a34714c7b3211 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis-dev_1.1.2-0ubuntu2.2_amd64.deb Size/MD5: 488058 fcd99f10a7fb558a943974dbb563c9f0 http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis0a_1.1.2-0ubuntu2.2_amd64.deb Size/MD5: 101362 35ee478f24e55bb802928d63ed50987c http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisenc2_1.1.2-0ubuntu2.2_amd64.deb Size/MD5: 100724 9e207785d1061752b9c6a775021c5a72 http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisfile3_1.1.2-0ubuntu2.2_amd64.deb Size/MD5: 18634 ca50aa565c499a5e1e852683dc9b3eed i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis-dev_1.1.2-0ubuntu2.2_i386.deb Size/MD5: 468650 99c44c0a44e97b14c60b2792f68dfa46 http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis0a_1.1.2-0ubuntu2.2_i386.deb Size/MD5: 95664 a54dc7b20cc26bc3f9310e44ac4c5302 http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisenc2_1.1.2-0ubuntu2.2_i386.deb Size/MD5: 82654 b8925d42ec69fad0e5369cb058279ac3 http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisfile3_1.1.2-0ubuntu2.2_i386.deb Size/MD5: 18758 a3e870b7c250e1ad382273351a2c0c01 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis-dev_1.1.2-0ubuntu2.2_powerpc.deb Size/MD5: 503142 de3fa1e43f1969c184a2830a3bada1a3 http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis0a_1.1.2-0ubuntu2.2_powerpc.deb Size/MD5: 105654 238300db6aa1e8ba618cf97de53adb40 http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisenc2_1.1.2-0ubuntu2.2_powerpc.deb Size/MD5: 86510 cea1dd0b049c9cf7709ff9addbc9ce9e http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisfile3_1.1.2-0ubuntu2.2_powerpc.deb Size/MD5: 21872 a5ccde83452225ee9572591b3ac12089 sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis-dev_1.1.2-0ubuntu2.2_sparc.deb Size/MD5: 478886 e1b097b2557761166b4c72cb1941a8d5 http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis0a_1.1.2-0ubuntu2.2_sparc.deb Size/MD5: 98930 ddaa87cf4d545ed435ce6b5d2d7686dc http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisenc2_1.1.2-0ubuntu2.2_sparc.deb Size/MD5: 84502 aba0dee287ffe6cc9dd31410cdf0c480 http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisfile3_1.1.2-0ubuntu2.2_sparc.deb Size/MD5: 19474 9ca0632d7eec2b2c5357ff0cf6dd5bd5 Updated packages for Ubuntu 6.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis_1.1.2-1ubuntu1.2.diff.gz Size/MD5: 4485 ddcf8d4ff7fd81dab82dcadc27fbab2b http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis_1.1.2-1ubuntu1.2.dsc Size/MD5: 785 a8d9b7dd0e10ad85880e1865487a1068 http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis_1.1.2.orig.tar.gz Size/MD5: 1316434 37847626b8e1b53ae79a34714c7b3211 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis-dev_1.1.2-1ubuntu1.2_amd64.deb Size/MD5: 695786 8d1ae488647ead2db58b9de1b9be0943 http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis0a_1.1.2-1ubuntu1.2_amd64.deb Size/MD5: 101874 dc9a4bdad9bb0dfe665d42016b089d8f http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisenc2_1.1.2-1ubuntu1.2_amd64.deb Size/MD5: 93610 f78f454f33964fc2d907432a838d61e9 http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisfile3_1.1.2-1ubuntu1.2_amd64.deb Size/MD5: 17482 59760f0b1a0ee7c21decc3f7cee8646f i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis-dev_1.1.2-1ubuntu1.2_i386.deb Size/MD5: 676534 d1a29786d59ee0e7e6e240959d1ab6a1 http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis0a_1.1.2-1ubuntu1.2_i386.deb Size/MD5: 97478 8638016bb0c0e62b81971a47319ed7c8 http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisenc2_1.1.2-1ubuntu1.2_i386.deb Size/MD5: 75224 614221bd1c481a18bf42f996c13a32e1 http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisfile3_1.1.2-1ubuntu1.2_i386.deb Size/MD5: 18342 adbef7bf8ba073b4717d612365f0b08c powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis-dev_1.1.2-1ubuntu1.2_powerpc.deb Size/MD5: 706602 dcf81e924180791236fec6e9bf712400 http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis0a_1.1.2-1ubuntu1.2_powerpc.deb Size/MD5: 105654 dd0324eddf31d102d002027fd539c1f8 http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisenc2_1.1.2-1ubuntu1.2_powerpc.deb Size/MD5: 82422 3760241cd611836dbcb9f807307d0d8c http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisfile3_1.1.2-1ubuntu1.2_powerpc.deb Size/MD5: 20996 68e46beb2de32aefd72b71e0efe2fccd sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis-dev_1.1.2-1ubuntu1.2_sparc.deb Size/MD5: 683458 9ef708b6975855aa8caef17efb999f5e http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis0a_1.1.2-1ubuntu1.2_sparc.deb Size/MD5: 98608 0d40f0736b9455d5ce8f455ad9aad730 http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisenc2_1.1.2-1ubuntu1.2_sparc.deb Size/MD5: 79702 d877de71ae6e6dd97af7181b8c8bda75 http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisfile3_1.1.2-1ubuntu1.2_sparc.deb Size/MD5: 17596 5557a677d2a30a8f305af3b2d0bb1992 Updated packages for Ubuntu 7.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis_1.1.2.dfsg-1.2ubuntu2.diff.gz Size/MD5: 6434 feb5fce1d4acf0bfdb35a37e1214bbb9 http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis_1.1.2.dfsg-1.2ubuntu2.dsc Size/MD5: 884 978e723bf7f45be6197bcdfbf889daf7 http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis_1.1.2.dfsg.orig.tar.gz Size/MD5: 1312540 44cf09fef7f78e7c6ba7dd63b6137412 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.2ubuntu2_amd64.deb Size/MD5: 464416 7b29fe0810e9fb3bb45d5349d0687248 http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.2ubuntu2_amd64.deb Size/MD5: 102890 6952444b08b0ac5ebd6cdca46f206f60 http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.2ubuntu2_amd64.deb Size/MD5: 93954 5d6036a45d9825510cecc78297ffa813 http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.2ubuntu2_amd64.deb Size/MD5: 17898 2e2171a70149edaaea92fafda5666283 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.2ubuntu2_i386.deb Size/MD5: 446040 473a312aa17991e5633887f8a3b9fdb9 http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.2ubuntu2_i386.deb Size/MD5: 98550 1da8d756d1fbfa690c8065c5a8ba9ca4 http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.2ubuntu2_i386.deb Size/MD5: 75590 c2d1d51370713ba3723dabdd6dcb2016 http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.2ubuntu2_i386.deb Size/MD5: 18752 ca2078842bcbaf8acf7ffd2a843ce0f5 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.2ubuntu2_powerpc.deb Size/MD5: 476100 3eb73300997f91608237cdda1272a79c http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.2ubuntu2_powerpc.deb Size/MD5: 108566 197afa15b66ea325cb0e1ae04e293258 http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.2ubuntu2_powerpc.deb Size/MD5: 83292 76d2ff890da1db655f5d4218685848dc http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.2ubuntu2_powerpc.deb Size/MD5: 22452 697172c76dfab90ce18dc15860b7f1f3 sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.2ubuntu2_sparc.deb Size/MD5: 453812 4824f081ef3fff15fcb99560bf8aaa28 http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.2ubuntu2_sparc.deb Size/MD5: 99654 b62609e378e0aa989785fa26aff76f31 http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.2ubuntu2_sparc.deb Size/MD5: 80136 2e47b864c9d92f3e7be8bcfd7069f88b http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.2ubuntu2_sparc.deb Size/MD5: 18040 3d6ee8bce626b81d9099f601fcff4fe2
signature.asc
Description: Digital signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/