Sicherheit: Zwei Probleme in libvorbis

Lesezeichen hinzufügen

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

--------------------------------------------------------------------------
Turbolinux Security Advisory TLSA-2007-50
http://www.turbolinux.co.jp/security/
security-team@turbolinux.co.jp
--------------------------------------------------------------------------

Original released date: 15 Oct 2007
Last revised: 15 Oct 2005

Package: libvorbis

Summary: Denial of service

More information:
Libvorbis is a library for handling Ogg Vorbis, a fully open,
non-proprietary, patent-and-royalty-free, general-purpose compressed
audio format for audio and music at fixed and variable bitrates from
16 to 128 kbps/channel.

Remote attackers to execute arbitrary code.

Impact:
These vulnerabilities may allow remote attackers to execute arbitrary code.

Affected Products:
- wizpy
- Turbolinux Appliance Server 2.0
- Turbolinux FUJI
- Turbolinux 10 Server x64 Edition
- Turbolinux 10 Server
- Turbolinux Home
- Turbolinux 10 F...
- Turbolinux 10 Desktop
- Turbolinux Multimedia
- Turbolinux Personal
- Turbolinux 8 Server

<wizpy>

Source Packages
Size: MD5

libvorbis-1.0.1-5.src.rpm
1217179 12a20e2a9fd197847b91b4d488bace70

Binary Packages
Size: MD5

libvorbis-1.0.1-5.i386.rpm
164666 2187d87e3157c4224d3f9c149ce8c437

<Turbolinux Appliance Server 2.0>

Source Packages
Size: MD5

libvorbis-1.0.1-5.src.rpm
1217179 da51a4e7d4406c902619bf12747fb13b

Binary Packages
Size: MD5

libvorbis-1.0.1-5.i586.rpm
172088 0d307a74d04cede76c3277bac832a8ec
libvorbis-devel-1.0.1-5.i586.rpm
460348 2f98c84586f77b0897455eec98a27137

<Turbolinux FUJI>

Source Packages
Size: MD5

libvorbis-1.0.1-5.src.rpm
1217179 000917bd781f5beadab785103eeafd3e

Binary Packages
Size: MD5

libvorbis-1.0.1-5.i686.rpm
191787 887b65aaacfc65c4299f0601fcf81d19
libvorbis-devel-1.0.1-5.i686.rpm
500896 9858ddb1f6f46e640f3d249a6cb5862b

<Turbolinux 10 Server x64 Edition>

Source Packages
Size: MD5

libvorbis-1.0.1-5.src.rpm
1217179 20afcb5c5af8e22c760461782514e46c

Binary Packages
Size: MD5

libvorbis-1.0.1-5.x86_64.rpm
184997 1a2230d2c0cf3f5252c907f76c9132f8
libvorbis-devel-1.0.1-5.x86_64.rpm
468137 a192472aa071cd08ec2d10db52991243

<Turbolinux 10 Server>

Source Packages
Size: MD5

libvorbis-1.0.1-5.src.rpm
1217179 da51a4e7d4406c902619bf12747fb13b

Binary Packages
Size: MD5

libvorbis-1.0.1-5.i586.rpm
172088 0d307a74d04cede76c3277bac832a8ec
libvorbis-devel-1.0.1-5.i586.rpm
460348 2f98c84586f77b0897455eec98a27137

<Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home, Turbolinux
Multimedia, Turbolinux Personal>

Source Packages
Size: MD5

libvorbis-1.0-3.src.rpm
747976 f6423e4ee3cc9d60f8f9bbc146872a08

Binary Packages
Size: MD5

libvorbis-1.0-3.i586.rpm
135126 56778cf851c59ae6e6e67cca2a2a928b

<Turbolinux 8 Server>

Source Packages
Size: MD5

libvorbis-1.0-3.src.rpm
747976 4af7e3457391d64e3fda563e3d30057e

Binary Packages
Size: MD5

libvorbis-1.0-3.i586.rpm
180398 63d5bdacb8972aecf46e4b77f53001e7
libvorbis-devel-1.0-3.i586.rpm
434918 d0f67faf4094ebbc1410f3e00d7a3518

References:

CVE
[CVE-2007-3106]
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3106
[CVE-2007-4029]
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4029

--------------------------------------------------------------------------
Revision History
15 Oct 2007 Initial release
--------------------------------------------------------------------------

Copyright(C) 2007 Turbolinux, Inc. All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFHE0lYK0LzjOqIJMwRAoNcAJ99ewhA8d/ty0dAYPOtmeniqnSt9QCfdzNN
1WdY11uR6a7wXR1iAdB7WC4=
=4XN0
-----END PGP SIGNATURE-----