-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2007:194 http://www.mandriva.com/security/ _______________________________________________________________________ Package : libvorbis Date : October 10, 2007 Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0, Multi Network Firewall 2.0 _______________________________________________________________________ Problem Description: More vulnerabilities in libvorbis were found that could be used to cause an application linked to libvorbis to crash or execute arbitrary code if used to open a carefully crafted OGG file. Updated packages have been patched to prevent this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4065 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4066 _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.0: d41be27509ec3be88b202966d4a59550 2007.0/i586/libvorbis0-1.1.2-1.2mdv2007.0.i586.rpm e75b4f86a4c5d58f77373d50fbea8768 2007.0/i586/libvorbis0-devel-1.1.2-1.2mdv2007.0.i586.rpm 23f95877a057ba9cec80183affdbcd26 2007.0/i586/libvorbisenc2-1.1.2-1.2mdv2007.0.i586.rpm 5f32c9d9d23d2cca8814ad11c6992695 2007.0/i586/libvorbisfile3-1.1.2-1.2mdv2007.0.i586.rpm 3307e950d4b3918d358e9b82df6001cf 2007.0/SRPMS/libvorbis-1.1.2-1.2mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: 402d3b03c86b0137011d1e46b51c5882 2007.0/x86_64/lib64vorbis0-1.1.2-1.2mdv2007.0.x86_64.rpm f2ac23af2f02fa7ae18eff8251a7187f 2007.0/x86_64/lib64vorbis0-devel-1.1.2-1.2mdv2007.0.x86_64.rpm 26edae58c4d13b1d3231eb5dc1560dac 2007.0/x86_64/lib64vorbisenc2-1.1.2-1.2mdv2007.0.x86_64.rpm 63e13185eeaa037dbc4fc583b85c0143 2007.0/x86_64/lib64vorbisfile3-1.1.2-1.2mdv2007.0.x86_64.rpm 3307e950d4b3918d358e9b82df6001cf 2007.0/SRPMS/libvorbis-1.1.2-1.2mdv2007.0.src.rpm Mandriva Linux 2007.1: f8d07dd2d52e2876abb97609b29c7dde 2007.1/i586/libvorbis0-1.1.2-1.3mdv2007.1.i586.rpm 3fec84f53226b408bba6dbd1e2cf4968 2007.1/i586/libvorbis0-devel-1.1.2-1.3mdv2007.1.i586.rpm 2901cdc64be56cb289b217ed1a05b8f1 2007.1/i586/libvorbisenc2-1.1.2-1.3mdv2007.1.i586.rpm e98cb9e44e1f3067e1fb7d1620c5ef27 2007.1/i586/libvorbisfile3-1.1.2-1.3mdv2007.1.i586.rpm cce00e65c8cbe511018f520bca49c6a7 2007.1/SRPMS/libvorbis-1.1.2-1.3mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: 891d901f29fe9a1d0fd82e9b47d38122 2007.1/x86_64/lib64vorbis0-1.1.2-1.3mdv2007.1.x86_64.rpm c6c00add1ff7bcc5e636e3ae2b4f5b30 2007.1/x86_64/lib64vorbis0-devel-1.1.2-1.3mdv2007.1.x86_64.rpm 510934712584a9578ed4a2a946870b06 2007.1/x86_64/lib64vorbisenc2-1.1.2-1.3mdv2007.1.x86_64.rpm c52b5f4388c30d163f57144b882b3089 2007.1/x86_64/lib64vorbisfile3-1.1.2-1.3mdv2007.1.x86_64.rpm cce00e65c8cbe511018f520bca49c6a7 2007.1/SRPMS/libvorbis-1.1.2-1.3mdv2007.1.src.rpm Corporate 3.0: cb5946414ffc05264f009a2dfb5cd5a4 corporate/3.0/i586/libvorbis0-1.0.1-4.2.C30mdk.i586.rpm b94b5dd7b09be0920ad46691550e6d5f corporate/3.0/i586/libvorbis0-devel-1.0.1-4.2.C30mdk.i586.rpm 2499e5ee054d10dea6576ecc1e5a0b47 corporate/3.0/i586/libvorbisenc2-1.0.1-4.2.C30mdk.i586.rpm d96e79ad3fa7183463d28e0e964625cb corporate/3.0/i586/libvorbisfile3-1.0.1-4.2.C30mdk.i586.rpm 6cd5308e5450210a1bd5ef1d75be045a corporate/3.0/SRPMS/libvorbis-1.0.1-4.2.C30mdk.src.rpm Corporate 3.0/X86_64: e8702d068c5780bb74aeeead7990cf1d corporate/3.0/x86_64/lib64vorbis0-1.0.1-4.2.C30mdk.x86_64.rpm 1839ae3b9df3a80728efefcd0d2c8924 corporate/3.0/x86_64/lib64vorbis0-devel-1.0.1-4.2.C30mdk.x86_64.rpm 6d503b73eb3997992a4a14686fa22bc2 corporate/3.0/x86_64/lib64vorbisenc2-1.0.1-4.2.C30mdk.x86_64.rpm 1fb747fa7937daf053ede6bf3c631e6b corporate/3.0/x86_64/lib64vorbisfile3-1.0.1-4.2.C30mdk.x86_64.rpm 6cd5308e5450210a1bd5ef1d75be045a corporate/3.0/SRPMS/libvorbis-1.0.1-4.2.C30mdk.src.rpm Corporate 4.0: 3354475793ef4eb0489fab6cbbb66b4b corporate/4.0/i586/libvorbis0-1.1.1-1.2.20060mlcs4.i586.rpm 98795f48ac6f58fe0c085ccddbc8b013 corporate/4.0/i586/libvorbis0-devel-1.1.1-1.2.20060mlcs4.i586.rpm ff749aafc57d36a7bea5d9911e1e0464 corporate/4.0/i586/libvorbisenc2-1.1.1-1.2.20060mlcs4.i586.rpm f3c1ce534e434ccb18d8a20e8131f645 corporate/4.0/i586/libvorbisfile3-1.1.1-1.2.20060mlcs4.i586.rpm a03a39326629aeac0b8089f16ac1669c corporate/4.0/SRPMS/libvorbis-1.1.1-1.2.20060mlcs4.src.rpm Corporate 4.0/X86_64: 1fd83d033b447bbe31b382b6ef406b04 corporate/4.0/x86_64/lib64vorbis0-1.1.1-1.2.20060mlcs4.x86_64.rpm 7277ef1839ff508bb82c7cfdabd08bbc corporate/4.0/x86_64/lib64vorbis0-devel-1.1.1-1.2.20060mlcs4.x86_64.rpm 85982268bb38fee83857e3d43b81e857 corporate/4.0/x86_64/lib64vorbisenc2-1.1.1-1.2.20060mlcs4.x86_64.rpm b2becf1d0654a3c7dc39d776ea06fef7 corporate/4.0/x86_64/lib64vorbisfile3-1.1.1-1.2.20060mlcs4.x86_64.rpm a03a39326629aeac0b8089f16ac1669c corporate/4.0/SRPMS/libvorbis-1.1.1-1.2.20060mlcs4.src.rpm Multi Network Firewall 2.0: 4aeb3e14e502a4985045faa4b78a06e6 mnf/2.0/i586/libvorbis0-1.0.1-4.2.M20mdk.i586.rpm d361415bee36020ea5b0b5fd42ccc260 mnf/2.0/i586/libvorbis0-devel-1.0.1-4.2.M20mdk.i586.rpm 7b9cf8d7bdf58bea8a77f05ffef744d3 mnf/2.0/i586/libvorbisenc2-1.0.1-4.2.M20mdk.i586.rpm 33e7c4ddc5a1cba04d0e238b2cbda192 mnf/2.0/i586/libvorbisfile3-1.0.1-4.2.M20mdk.i586.rpm 35f0157658f80c209b4bfd4557668aca mnf/2.0/SRPMS/libvorbis-1.0.1-4.2.M20mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHDVqEmqjQ0CJFipgRAoNiAKC8sak4VviFaKGNNIkVujrmYA+PSgCcDTDI QWEg84Lby+nroQbzWtPeWaY= =Zvfm -----END PGP SIGNATURE-----
