[USN-611-2] vorbis-tools vulnerability
Date: Thu, 8 May 2008 17:11:42 -0400
From: Jamie Strandboge <jamie@canonical.com.>
To: [email protected]
Subject: [USN-611-2] vorbis-tools vulnerability
Message-ID: <20080508211142.GN9973@severus.strandboge.com.>
Reply-To: Jamie Strandboge <jamie@canonical.com.>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="WuedheRyq6FDfQ9j"
Content-Disposition: inline
User-Agent: Mutt/1.5.17+20080114 (2008-01-14)
X-Virus-Scanned: antivirus-gw at tyumen.ru
--WuedheRyq6FDfQ9j
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=20
Ubuntu Security Notice USN-611-2 May 08, 2008
vorbis-tools vulnerability
CVE-2008-1686
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 7.04
Ubuntu 7.10
Ubuntu 8.04 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
vorbis-tools 1.1.1-3ubuntu0.1
Ubuntu 7.04:
vorbis-tools 1.1.1-6ubuntu0.1
Ubuntu 7.10:
vorbis-tools 1.1.1-13ubuntu0.1
Ubuntu 8.04 LTS:
vorbis-tools 1.1.1-15ubuntu0.1
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
USN-611-1 fixed a vulnerability in Speex. This update provides the
corresponding update for ogg123, part of vorbis-tools.
Original advisory details:
It was discovered that Speex did not properly validate its input when
processing Speex file headers. If a user or automated system were
tricked into opening a specially crafted Speex file, an attacker could
create a denial of service in applications linked against Speex or
possibly execute arbitrary code as the user invoking the program.
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/v/vorbis-tools/vorbis-tools=
_1.1.1-3ubuntu0.1.diff.gz
Size/MD5: 29084 20fb2753a882cb5770c352cd957f41c1
http://security.ubuntu.com/ubuntu/pool/main/v/vorbis-tools/vorbis-tools=
_1.1.1-3ubuntu0.1.dsc
Size/MD5: 826 d40b247eda78ab928d2501e538c91b2d
http://security.ubuntu.com/ubuntu/pool/main/v/vorbis-tools/vorbis-tools=
_1.1.1.orig.tar.gz
Size/MD5: 950614 6b4c7fea98b2cd12bef440d42fdfb2f1
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/v/vorbis-tools/vorbis-tools=
_1.1.1-3ubuntu0.1_amd64.deb
Size/MD5: 107424 4fa2d0ff3ac663e039679bc3f947118e
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/v/vorbis-tools/vorbis-tools=
_1.1.1-3ubuntu0.1_i386.deb
Size/MD5: 92986 294efb535da9ff1dda7bc8d881e9d46e
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/v/vorbis-tools/vorbis-tools=
_1.1.1-3ubuntu0.1_powerpc.deb
Size/MD5: 109956 70ffe2ed8d86419387a15d77e589eef4
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/v/vorbis-tools/vorbis-tools=
_1.1.1-3ubuntu0.1_sparc.deb
Size/MD5: 95528 35e5d78f7b692863232e45e555da35b2
Updated packages for Ubuntu 7.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/v/vorbis-tools/vorbis-tools=
_1.1.1-6ubuntu0.1.diff.gz
Size/MD5: 31401 3c24fe5828a5790f7f724ae98467c1a7
http://security.ubuntu.com/ubuntu/pool/main/v/vorbis-tools/vorbis-tools=
_1.1.1-6ubuntu0.1.dsc
Size/MD5: 859 28c969727377cf6f1591c3f1e9fe5cdb
http://security.ubuntu.com/ubuntu/pool/main/v/vorbis-tools/vorbis-tools=
_1.1.1.orig.tar.gz
Size/MD5: 950614 6b4c7fea98b2cd12bef440d42fdfb2f1
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/v/vorbis-tools/vorbis-tools=
_1.1.1-6ubuntu0.1_amd64.deb
Size/MD5: 110322 d31b543e6a06d35e1b0297228660dcc1
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/v/vorbis-tools/vorbis-tools=
_1.1.1-6ubuntu0.1_i386.deb
Size/MD5: 100934 56c48cb1157f2644fdc8954f07630b9e
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/v/vorbis-tools/vorbis-tools=
_1.1.1-6ubuntu0.1_powerpc.deb
Size/MD5: 125222 ed7a79c193355330d500b322d6a256d0
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/v/vorbis-tools/vorbis-tools=
_1.1.1-6ubuntu0.1_sparc.deb
Size/MD5: 102134 d0d3e30a89102d11ca88a656a5619978
Updated packages for Ubuntu 7.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/v/vorbis-tools/vorbis-tools=
_1.1.1-13ubuntu0.1.diff.gz
Size/MD5: 40975 d7e5ba00f7629c843779ec00f50831e5
http://security.ubuntu.com/ubuntu/pool/main/v/vorbis-tools/vorbis-tools=
_1.1.1-13ubuntu0.1.dsc
Size/MD5: 902 787ae85eff1f2533e68aa3b9377622a9
http://security.ubuntu.com/ubuntu/pool/main/v/vorbis-tools/vorbis-tools=
_1.1.1.orig.tar.gz
Size/MD5: 950614 6b4c7fea98b2cd12bef440d42fdfb2f1
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/v/vorbis-tools/vorbis-tools=
_1.1.1-13ubuntu0.1_amd64.deb
Size/MD5: 108396 79fe314fab4f5e1afe658afece63d4f9
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/v/vorbis-tools/vorbis-tools=
_1.1.1-13ubuntu0.1_i386.deb
Size/MD5: 99358 6a1222becc5ad41d8e26104c1770511d
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/v/vorbis-tools/vorbis-tools_1.1.1-13u=
buntu0.1_lpia.deb
Size/MD5: 98500 44203df14c92be6ff616d71c3843ffe4
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/v/vorbis-tools/vorbis-tools=
_1.1.1-13ubuntu0.1_powerpc.deb
Size/MD5: 123072 bb20a39e83b5c5e80904b77abe35be0b
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/v/vorbis-tools/vorbis-tools=
_1.1.1-13ubuntu0.1_sparc.deb
Size/MD5: 100534 00e0b3c6fc2aed27afda7db0573b1277
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/v/vorbis-tools/vorbis-tools=
_1.1.1-15ubuntu0.1.diff.gz
Size/MD5: 41129 adee01388a841943dfc773e69aa7c991
http://security.ubuntu.com/ubuntu/pool/main/v/vorbis-tools/vorbis-tools=
_1.1.1-15ubuntu0.1.dsc
Size/MD5: 902 ced28a3a9262f207bf920767f2076c9d
http://security.ubuntu.com/ubuntu/pool/main/v/vorbis-tools/vorbis-tools=
_1.1.1.orig.tar.gz
Size/MD5: 950614 6b4c7fea98b2cd12bef440d42fdfb2f1
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/v/vorbis-tools/vorbis-tools=
_1.1.1-15ubuntu0.1_amd64.deb
Size/MD5: 108286 fc09e3da4299f2d872307f4d560ac3fa
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/v/vorbis-tools/vorbis-tools=
_1.1.1-15ubuntu0.1_i386.deb
Size/MD5: 99124 80df06b6c861b4ff067b732ef7dd1714
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/v/vorbis-tools/vorbis-tools_1.1.1-15u=
buntu0.1_lpia.deb
Size/MD5: 98766 8ed8a4db3d6c8e187082fc419b6f064a
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/v/vorbis-tools/vorbis-tools_1.1.1-15u=
buntu0.1_powerpc.deb
Size/MD5: 123398 ffad34172472d3a81afad2e4ad5b4814
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/v/vorbis-tools/vorbis-tools_1.1.1-15u=
buntu0.1_sparc.deb
Size/MD5: 100092 7f5f744ffacb4f27fb1b3ebfb3c86ea2
--WuedheRyq6FDfQ9j
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFII2yOW0JvuRdL8BoRAhTtAJ4rIYumeEIDYVZs9rxYAZ8QVFEg/QCeNJBe
GiQyh3XEL1MoV7wrwx6Iz40=
=Th50
-----END PGP SIGNATURE-----
--WuedheRyq6FDfQ9j--