[USN-611-1] Speex vulnerability
Date: Thu, 8 May 2008 16:15:59 -0400
From: Jamie Strandboge <jamie@canonical.com.>
To: [email protected]
Subject: [USN-611-1] Speex vulnerability
Message-ID: <20080508201559.GM9973@severus.strandboge.com.>
Reply-To: Jamie Strandboge <jamie@canonical.com.>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="HBg0C3yr6HVa1ZCc"
Content-Disposition: inline
User-Agent: Mutt/1.5.17+20080114 (2008-01-14)
X-Virus-Scanned: antivirus-gw at tyumen.ru
--HBg0C3yr6HVa1ZCc
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=20
Ubuntu Security Notice USN-611-1 May 08, 2008
speex vulnerability
CVE-2008-1686
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 7.04
Ubuntu 7.10
Ubuntu 8.04 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
libspeex1 1.1.11.1-1ubuntu0.3
Ubuntu 7.04:
libspeex1 1.1.12-3ubuntu0.7.04.1
Ubuntu 7.10:
libspeex1 1.1.12-3ubuntu0.7.10.1
Ubuntu 8.04 LTS:
libspeex1 1.1.12-3ubuntu0.8.04.1
After a standard system upgrade you need to restart applications linked aga=
inst
Speex to effect the necessary changes.
Details follow:
It was discovered that Speex did not properly validate its input when
processing Speex file headers. If a user or automated system were
tricked into opening a specially crafted Speex file, an attacker could
create a denial of service in applications linked against Speex or
possibly execute arbitrary code as the user invoking the program.
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/s/speex/speex_1.1.11.1-1ubu=
ntu0.3.diff.gz
Size/MD5: 16334 3043ac1b83c4f616ee9e7ce0445f6f4a
http://security.ubuntu.com/ubuntu/pool/main/s/speex/speex_1.1.11.1-1ubu=
ntu0.3.dsc
Size/MD5: 891 a47ed95c32a7f46195117b0940003512
http://security.ubuntu.com/ubuntu/pool/main/s/speex/speex_1.1.11.1.orig=
=2Etar.gz
Size/MD5: 720528 5282d23ea605232be05b537cca7af242
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/s/speex/speex-doc_1.1.11.1-=
1ubuntu0.3_all.deb
Size/MD5: 1175164 88a00eb0263c884a7fb2f8e86f7085cf
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/s/speex/libspeex-dev_1.1.11=
=2E1-1ubuntu0.3_amd64.deb
Size/MD5: 99344 ff9c32a2add83695f263ab665bfeea2e
http://security.ubuntu.com/ubuntu/pool/main/s/speex/libspeex1_1.1.11.1-=
1ubuntu0.3_amd64.deb
Size/MD5: 73114 fb8d379b7b59a01dfbdc71061ec55d2f
http://security.ubuntu.com/ubuntu/pool/universe/s/speex/speex_1.1.11.1-=
1ubuntu0.3_amd64.deb
Size/MD5: 25730 3024d74692a5284a7d3c3c7a0ea731f4
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/s/speex/libspeex-dev_1.1.11=
=2E1-1ubuntu0.3_i386.deb
Size/MD5: 85844 103f5455a185b5f7b67e1e9db8e09bf5
http://security.ubuntu.com/ubuntu/pool/main/s/speex/libspeex1_1.1.11.1-=
1ubuntu0.3_i386.deb
Size/MD5: 68198 e49b7fcbe1dac385ea3dd3531b3578ab
http://security.ubuntu.com/ubuntu/pool/universe/s/speex/speex_1.1.11.1-=
1ubuntu0.3_i386.deb
Size/MD5: 24506 f313ba989a11acfc1d087f0cbf32ec1c
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/s/speex/libspeex-dev_1.1.11=
=2E1-1ubuntu0.3_powerpc.deb
Size/MD5: 102896 6f060fc21867cb58ebbc2bc2610a89e4
http://security.ubuntu.com/ubuntu/pool/main/s/speex/libspeex1_1.1.11.1-=
1ubuntu0.3_powerpc.deb
Size/MD5: 78074 139b3f33a76ace71235795c5a5d5c257
http://security.ubuntu.com/ubuntu/pool/universe/s/speex/speex_1.1.11.1-=
1ubuntu0.3_powerpc.deb
Size/MD5: 27502 9abaa0c5f9c85fc61bf7dbae3c367b24
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/s/speex/libspeex-dev_1.1.11=
=2E1-1ubuntu0.3_sparc.deb
Size/MD5: 93950 60cd3a6214b4131804e04ef726512706
http://security.ubuntu.com/ubuntu/pool/main/s/speex/libspeex1_1.1.11.1-=
1ubuntu0.3_sparc.deb
Size/MD5: 72626 3bc63bc48594cfb32dba17c63c9278a1
http://security.ubuntu.com/ubuntu/pool/universe/s/speex/speex_1.1.11.1-=
1ubuntu0.3_sparc.deb
Size/MD5: 25564 f44fac017d8f1cad870b8b7d865ae704
Updated packages for Ubuntu 7.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/s/speex/speex_1.1.12-3ubunt=
u0.7.04.1.diff.gz
Size/MD5: 16462 8f5c4ba40a9d55f67207def20fd0d8f8
http://security.ubuntu.com/ubuntu/pool/main/s/speex/speex_1.1.12-3ubunt=
u0.7.04.1.dsc
Size/MD5: 896 bf22d92d6a3d9e152c7e3d8e5516e5aa
http://security.ubuntu.com/ubuntu/pool/main/s/speex/speex_1.1.12.orig.t=
ar.gz
Size/MD5: 740110 1bd6cdf3a0ebabf818cd72a3401e2610
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/s/speex/speex-doc_1.1.12-3u=
buntu0.7.04.1_all.deb
Size/MD5: 1621198 e693f69bee4af4022f1426628d8fa874
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/s/speex/libspeex-dev_1.1.12=
-3ubuntu0.7.04.1_amd64.deb
Size/MD5: 107898 ca461c3a1137db04b701f6abf359221c
http://security.ubuntu.com/ubuntu/pool/main/s/speex/libspeex1_1.1.12-3u=
buntu0.7.04.1_amd64.deb
Size/MD5: 81248 63a3b920764b3c7a8c440ece3d5a6628
http://security.ubuntu.com/ubuntu/pool/universe/s/speex/speex_1.1.12-3u=
buntu0.7.04.1_amd64.deb
Size/MD5: 26278 1e0bb2a94c4f8cb9d7b8a879c87d77a5
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/s/speex/libspeex-dev_1.1.12=
-3ubuntu0.7.04.1_i386.deb
Size/MD5: 93276 3fc302a1d7250759c05cdb9266795512
http://security.ubuntu.com/ubuntu/pool/main/s/speex/libspeex1_1.1.12-3u=
buntu0.7.04.1_i386.deb
Size/MD5: 76948 54b210c5e9aa7165b2e3574d4ec22129
http://security.ubuntu.com/ubuntu/pool/universe/s/speex/speex_1.1.12-3u=
buntu0.7.04.1_i386.deb
Size/MD5: 25348 d40840a2b30852980cb8abe33f8f52b4
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/s/speex/libspeex-dev_1.1.12=
-3ubuntu0.7.04.1_powerpc.deb
Size/MD5: 111304 fecf9674ed877ee012d4481dbfd28ff7
http://security.ubuntu.com/ubuntu/pool/main/s/speex/libspeex1_1.1.12-3u=
buntu0.7.04.1_powerpc.deb
Size/MD5: 88048 dea6b4205ec628871f6ff16eaf50c2f1
http://security.ubuntu.com/ubuntu/pool/universe/s/speex/speex_1.1.12-3u=
buntu0.7.04.1_powerpc.deb
Size/MD5: 29860 5925a4f45f770f209fff316f78dba6cc
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/s/speex/libspeex-dev_1.1.12=
-3ubuntu0.7.04.1_sparc.deb
Size/MD5: 100622 b4f79870679d10a746122d62824520a5
http://security.ubuntu.com/ubuntu/pool/main/s/speex/libspeex1_1.1.12-3u=
buntu0.7.04.1_sparc.deb
Size/MD5: 79974 363d994497fbe56da99c9e3d190159aa
http://security.ubuntu.com/ubuntu/pool/universe/s/speex/speex_1.1.12-3u=
buntu0.7.04.1_sparc.deb
Size/MD5: 26626 17839bcc3c1c7f8e093527a9b012b5c1
Updated packages for Ubuntu 7.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/s/speex/speex_1.1.12-3ubunt=
u0.7.10.1.diff.gz
Size/MD5: 16464 a9f2cc5874334105f139fe4658d6932a
http://security.ubuntu.com/ubuntu/pool/main/s/speex/speex_1.1.12-3ubunt=
u0.7.10.1.dsc
Size/MD5: 896 19296f16fadc226b5bfa661c5c60446a
http://security.ubuntu.com/ubuntu/pool/main/s/speex/speex_1.1.12.orig.t=
ar.gz
Size/MD5: 740110 1bd6cdf3a0ebabf818cd72a3401e2610
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/s/speex/speex-doc_1.1.12-3u=
buntu0.7.10.1_all.deb
Size/MD5: 2739332 950760db17a4a3ddd98819b664e2cade
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/s/speex/libspeex-dev_1.1.12=
-3ubuntu0.7.10.1_amd64.deb
Size/MD5: 108820 fb59780481a14fd71d7404dcbd468de2
http://security.ubuntu.com/ubuntu/pool/main/s/speex/libspeex1_1.1.12-3u=
buntu0.7.10.1_amd64.deb
Size/MD5: 81928 26a27b1731508bcbcf30927f016deb13
http://security.ubuntu.com/ubuntu/pool/universe/s/speex/speex_1.1.12-3u=
buntu0.7.10.1_amd64.deb
Size/MD5: 26320 e0d3ddab4c85093e3510f724bad4328a
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/s/speex/libspeex-dev_1.1.12=
-3ubuntu0.7.10.1_i386.deb
Size/MD5: 93644 b36263803f01174d6bb1577064aa3528
http://security.ubuntu.com/ubuntu/pool/main/s/speex/libspeex1_1.1.12-3u=
buntu0.7.10.1_i386.deb
Size/MD5: 77590 d0e00ef79d2c4ee88815cebcd327b73a
http://security.ubuntu.com/ubuntu/pool/universe/s/speex/speex_1.1.12-3u=
buntu0.7.10.1_i386.deb
Size/MD5: 25242 d34367d6b1842d636d3cd7e184c4fb3c
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/s/speex/libspeex-dev_1.1.12-3ubuntu0.=
7.10.1_lpia.deb
Size/MD5: 92996 b875296d5217f2102f5d3913a11856a2
http://ports.ubuntu.com/pool/main/s/speex/libspeex1_1.1.12-3ubuntu0.7.1=
0.1_lpia.deb
Size/MD5: 76334 8b44f386012576e364aa5051cb496c29
http://ports.ubuntu.com/pool/universe/s/speex/speex_1.1.12-3ubuntu0.7.1=
0.1_lpia.deb
Size/MD5: 25432 a38ad81fba60b956968e54722ff82dcc
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/s/speex/libspeex-dev_1.1.12=
-3ubuntu0.7.10.1_powerpc.deb
Size/MD5: 111450 d505aff351cb6b59dfa101b7fe902443
http://security.ubuntu.com/ubuntu/pool/main/s/speex/libspeex1_1.1.12-3u=
buntu0.7.10.1_powerpc.deb
Size/MD5: 88112 e06e4db8125927e9078742bfaba8e56c
http://security.ubuntu.com/ubuntu/pool/universe/s/speex/speex_1.1.12-3u=
buntu0.7.10.1_powerpc.deb
Size/MD5: 29808 798c8763dbecb9d00234aca8f29ce4ee
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/s/speex/libspeex-dev_1.1.12=
-3ubuntu0.7.10.1_sparc.deb
Size/MD5: 100846 715db8b55820a946decb096afff83cc7
http://security.ubuntu.com/ubuntu/pool/main/s/speex/libspeex1_1.1.12-3u=
buntu0.7.10.1_sparc.deb
Size/MD5: 80278 0ef531ecf94d3f86bd0b262625f7f046
http://security.ubuntu.com/ubuntu/pool/universe/s/speex/speex_1.1.12-3u=
buntu0.7.10.1_sparc.deb
Size/MD5: 26644 0bbb348bd1845c929bac9060c17c3440
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/s/speex/speex_1.1.12-3ubunt=
u0.8.04.1.diff.gz
Size/MD5: 16463 ffe6236efeb0636cf1bb82e35e62040c
http://security.ubuntu.com/ubuntu/pool/main/s/speex/speex_1.1.12-3ubunt=
u0.8.04.1.dsc
Size/MD5: 896 4b325c8f915dccda407ecd3d9674d227
http://security.ubuntu.com/ubuntu/pool/main/s/speex/speex_1.1.12.orig.t=
ar.gz
Size/MD5: 740110 1bd6cdf3a0ebabf818cd72a3401e2610
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/s/speex/speex-doc_1.1.12-3u=
buntu0.8.04.1_all.deb
Size/MD5: 1374930 cff30859bb6d6d297eb0a67bb1ed4a68
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/s/speex/libspeex-dev_1.1.12=
-3ubuntu0.8.04.1_amd64.deb
Size/MD5: 107162 d2cca372509a36921f7df4c6d91764c4
http://security.ubuntu.com/ubuntu/pool/main/s/speex/libspeex1_1.1.12-3u=
buntu0.8.04.1_amd64.deb
Size/MD5: 80596 0474f2424b6ef876744af59abf9a3b9e
http://security.ubuntu.com/ubuntu/pool/universe/s/speex/speex_1.1.12-3u=
buntu0.8.04.1_amd64.deb
Size/MD5: 26366 6738274b4274e17566979a13dd8f00e2
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/s/speex/libspeex-dev_1.1.12=
-3ubuntu0.8.04.1_i386.deb
Size/MD5: 92798 ce4b30f29cb5251fa9646d2c51d0ad5b
http://security.ubuntu.com/ubuntu/pool/main/s/speex/libspeex1_1.1.12-3u=
buntu0.8.04.1_i386.deb
Size/MD5: 75300 85cf718906c94e92f7abf54233610779
http://security.ubuntu.com/ubuntu/pool/universe/s/speex/speex_1.1.12-3u=
buntu0.8.04.1_i386.deb
Size/MD5: 25470 1f49095ca5a425fbf0bcafd3bf61deae
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/s/speex/libspeex-dev_1.1.12-3ubuntu0.=
8.04.1_lpia.deb
Size/MD5: 93058 7c59131c5b33638da73ce607443af0f3
http://ports.ubuntu.com/pool/main/s/speex/libspeex1_1.1.12-3ubuntu0.8.0=
4.1_lpia.deb
Size/MD5: 75470 142296715793d59b602509996b012386
http://ports.ubuntu.com/pool/universe/s/speex/speex_1.1.12-3ubuntu0.8.0=
4.1_lpia.deb
Size/MD5: 25448 fb2e0288d95179ddcd381b90ed51ed74
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/s/speex/libspeex-dev_1.1.12-3ubuntu0.=
8.04.1_powerpc.deb
Size/MD5: 110910 aec0ff1c13d10e5a4240e9e228e17476
http://ports.ubuntu.com/pool/main/s/speex/libspeex1_1.1.12-3ubuntu0.8.0=
4.1_powerpc.deb
Size/MD5: 85722 99aa4c03960bc31c1aa11b5c6dd3b78c
http://ports.ubuntu.com/pool/universe/s/speex/speex_1.1.12-3ubuntu0.8.0=
4.1_powerpc.deb
Size/MD5: 30130 fae12b25bb03ead975f0717a9a9ccf4f
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/s/speex/libspeex-dev_1.1.12-3ubuntu0.=
8.04.1_sparc.deb
Size/MD5: 100536 bbe537676e242db9d9f032327a4ef82f
http://ports.ubuntu.com/pool/main/s/speex/libspeex1_1.1.12-3ubuntu0.8.0=
4.1_sparc.deb
Size/MD5: 79398 101308f94e0dcb27bd429eaab076927e
http://ports.ubuntu.com/pool/universe/s/speex/speex_1.1.12-3ubuntu0.8.0=
4.1_sparc.deb
Size/MD5: 26430 4203e6d8b4f6612d0ed2250a84970820
--HBg0C3yr6HVa1ZCc
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFII19/W0JvuRdL8BoRAoJaAJ4wdty7SDjMufRaP/QdMfs4IBDp+gCglYl5
z/a/dzi0HJwC53mgrv6hYlw=
=jmUC
-----END PGP SIGNATURE-----
--HBg0C3yr6HVa1ZCc--