[Frugalware-security] [ FSA-439 ] vorbis-tools
Miklos Vajna
vmiklos at frugalware.org
Mon May 5 14:45:54 CEST 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Frugalware Security Advisory FSA-439
Date: 2008-05-05
Package: vorbis-tools
Vulnerable versions: <= 1.1.1-3
Unaffected versions: >= 1.1.1-4kalgan1
Related bugreport: http://bugs.frugalware.org/task/3032
CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1686
Description
===========
A vulnerability has been reported in vorbis-tools, which can potentially be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to the use of vulnerable libfishsound; an input validation error when processing Speex headers, which can be exploited via a specially crafted Speex stream containing a negative "modeID" field in the header.
Successful exploitation may allow execution of arbitrary code.
Updated Packages
================
Check if you have vorbis-tools installed:
# pacman-g2 -Q vorbis-tools
If found, then you should upgrade to the latest version:
# pacman-g2 -Sy vorbis-tools
Availability
============
The latest revision of this advisory is available at
http://frugalware.org/security/439
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: See http://ftp.frugalware.org/pub/README.GPG for info
iEYEARECAAYFAkgfAYIACgkQZ7NElSD1Vhkb1gCePqK5KcEHpJAPxJWTMPq1Sr7/
U2UAoJJCzTGTc8hYVkh5MRmP7JzrGDv6
=5GTC
-----END PGP SIGNATURE-----
More information about the Frugalware-security
mailing list