French Security Incident Response Team

FrSIRT   

      

   français French  anglais English

 
Vulnerability Notification Service
 FrSIRT Private Exploit & PoC Codes Service
 FrSIRT Partner Program
 14-Day Free Trial
Contact FrSIRT Sales Dept.
 

Security Advisories
Linux Security Advisories
Virus and Threats Advisories
Latest Security News
Latest Zero Day Threats
Security Vulnerabilities and Advisories Search Engine
 

Report a security incident
Report a new vulnerability
Security Mailinglist
 

Our Company
FrSIRT in the News
Advertise on FrSIRT.COM
Security Researchers and Exploit Writers Jobs
Contact Us

Mandriva Security Update Fixes Libvorbis Code Execution and DoS Vulnerabilities

Title : Mandriva Security Update Fixes Libvorbis Code Execution and DoS Vulnerabilities
Advisory ID : FrSIRT/ADV-2007-2921
CVE ID : CVE-2007-3106 - CVE-2007-4029
Rated as : Moderate Risk 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-08-21

Advisory Details
 
  Description
  Affected Products
  Solution
  References
Technical Description    Receive FrSIRT alerts in a Text format  Receive FrSIRT alerts in a PDF format  Receive FrSIRT alerts in an XML format  Receive FrSIRT notifications by SMS 

Multiple vulnerabilities have been identified in Mandriva, which could be exploited by attackers to cause a denial of service or execute arbitrary code [...]

Solution

Upgrade the affected packages :

Mandriva Linux 2007.0:
0bfa4cc649993f774280778e3c58495f 2007.0/i586/libvorbis0-1.1.2-1.1mdv2007.0.i586.rpm
4b030b008428afe795321c7420952618 2007.0/i586/libvorbis0-devel-1.1.2-1.1mdv2007.0.i586.rpm
4041c5cc0add74ccb124aa15aa218592 2007.0/i586/libvorbisenc2-1.1.2-1.1mdv2007.0.i586.rpm
c58d053da7865572f41c18441c8c56d1 2007.0/i586/libvorbisfile3-1.1.2-1.1mdv2007.0.i586.rpm
15bad7c2b4bf8bdf8e6bcee7847111e4 2007.0/SRPMS/libvorbis-1.1.2-1.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
757ee33c7b37949c73409d35439b468a 2007.0/x86_64/lib64vorbis0-1.1.2-1.1mdv2007.0.x86_64.rpm
1312680e091c8253b2fb4eebdd8a43e2 2007.0/x86_64/lib64vorbis0-devel-1.1.2-1.1mdv2007.0.x86_64.rpm
3fde1e05260a803dcbf7c3cd99327678 2007.0/x86_64/lib64vorbisenc2-1.1.2-1.1mdv2007.0.x86_64.rpm
30d835e56cd104b267637d746cd21dcd 2007.0/x86_64/lib64vorbisfile3-1.1.2-1.1mdv2007.0.x86_64.rpm
15bad7c2b4bf8bdf8e6bcee7847111e4 2007.0/SRPMS/libvorbis-1.1.2-1.1mdv2007.0.src.rpm

Mandriva Linux 2007.1:
338c7cd9a41b58f2a67314752d6fc78f 2007.1/i586/libvorbis0-1.1.2-1.1mdv2007.1.i586.rpm
a874c420d346f1f93a25c57d7b44de68 2007.1/i586/libvorbis0-devel-1.1.2-1.1mdv2007.1.i586.rpm
c356eb38131c845d4bc0b7467058f489 2007.1/i586/libvorbisenc2-1.1.2-1.1mdv2007.1.i586.rpm
b5be4af1bce5579c8b13eef29741230a 2007.1/i586/libvorbisfile3-1.1.2-1.1mdv2007.1.i586.rpm
19c41a0b80895c32ef4cfcfad049a90f 2007.1/SRPMS/libvorbis-1.1.2-1.1mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64:
bd4d2ae801b03613e04791c995bf3afc 2007.1/x86_64/lib64vorbis0-1.1.2-1.1mdv2007.1.x86_64.rpm
f8f29239115bf2a0dcd6efd4320f3d7a 2007.1/x86_64/lib64vorbis0-devel-1.1.2-1.1mdv2007.1.x86_64.rpm
9b06895406cc6132e177388b99a876ba 2007.1/x86_64/lib64vorbisenc2-1.1.2-1.1mdv2007.1.x86_64.rpm
777b438ea72926805deaf657f578530d 2007.1/x86_64/lib64vorbisfile3-1.1.2-1.1mdv2007.1.x86_64.rpm
19c41a0b80895c32ef4cfcfad049a90f 2007.1/SRPMS/libvorbis-1.1.2-1.1mdv2007.1.src.rpm

Corporate 3.0:
2ab561a46d55e28a1f5c78b71fc67626 corporate/3.0/i586/libvorbis0-1.0.1-4.1.C30mdk.i586.rpm
bf0210f58ecacfbacf36347770e13eba corporate/3.0/i586/libvorbis0-devel-1.0.1-4.1.C30mdk.i586.rpm
588ed731da2fa7fa47440576f604be6a corporate/3.0/i586/libvorbisenc2-1.0.1-4.1.C30mdk.i586.rpm
3b08dea676c8a4b48a950fc7dba02318 corporate/3.0/i586/libvorbisfile3-1.0.1-4.1.C30mdk.i586.rpm
c6d49fda4888842c50f3ba37d02ad9b4 corporate/3.0/SRPMS/libvorbis-1.0.1-4.1.C30mdk.src.rpm

Corporate 3.0/X86_64:
86c34e72a62eabd0b6bbad34e5bb558f corporate/3.0/x86_64/lib64vorbis0-1.0.1-4.1.C30mdk.x86_64.rpm
9c873a72c1664175601e48bb01394876 corporate/3.0/x86_64/lib64vorbis0-devel-1.0.1-4.1.C30mdk.x86_64.rpm
c4cbbd31f9f5936a16c314cd4e9581ad corporate/3.0/x86_64/lib64vorbisenc2-1.0.1-4.1.C30mdk.x86_64.rpm
84b8992786ba2df54fef7077d65207ab corporate/3.0/x86_64/lib64vorbisfile3-1.0.1-4.1.C30mdk.x86_64.rpm
c6d49fda4888842c50f3ba37d02ad9b4 corporate/3.0/SRPMS/libvorbis-1.0.1-4.1.C30mdk.src.rpm

Corporate 4.0:
cc5f37360738c420d865218ab7ec031d corporate/4.0/i586/libvorbis0-1.1.1-1.1.20060mlcs4.i586.rpm
63111af08666d8b1f8468c86b78361cc corporate/4.0/i586/libvorbis0-devel-1.1.1-1.1.20060mlcs4.i586.rpm
0cc2a1d3a5ffafdde1b6a2ae85e0cd73 corporate/4.0/i586/libvorbisenc2-1.1.1-1.1.20060mlcs4.i586.rpm
2b0d86648b8efef6ca39c1675826c43b corporate/4.0/i586/libvorbisfile3-1.1.1-1.1.20060mlcs4.i586.rpm
8bfecd42db5df1e0588b8ccc115e930b corporate/4.0/SRPMS/libvorbis-1.1.1-1.1.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
0f94de4c3754192f2cfda8a8b511835e corporate/4.0/x86_64/lib64vorbis0-1.1.1-1.1.20060mlcs4.x86_64.rpm
3fdd695420f2acde7bdaa0a2173c3fd8 corporate/4.0/x86_64/lib64vorbis0-devel-1.1.1-1.1.20060mlcs4.x86_64.rpm
fbcb89b53aff9a67adec4287ef4a1ef2 corporate/4.0/x86_64/lib64vorbisenc2-1.1.1-1.1.20060mlcs4.x86_64.rpm
2d6810940ebd6a3434d39f5aa6a5297e corporate/4.0/x86_64/lib64vorbisfile3-1.1.1-1.1.20060mlcs4.x86_64.rpm
8bfecd42db5df1e0588b8ccc115e930b corporate/4.0/SRPMS/libvorbis-1.1.1-1.1.20060mlcs4.src.rpm

Multi Network Firewall 2.0:
44164718fd13aea9c3a9b36b69b8727c mnf/2.0/i586/libvorbis0-1.0.1-4.1.M20mdk.i586.rpm
cf62f0f3376bcddb3d025d16238ff1d9 mnf/2.0/i586/libvorbis0-devel-1.0.1-4.1.M20mdk.i586.rpm
d62687627f764d222afc1a3bc2ecc1c3 mnf/2.0/i586/libvorbisenc2-1.0.1-4.1.M20mdk.i586.rpm
07d320206547edc9834f290c06818419 mnf/2.0/i586/libvorbisfile3-1.0.1-4.1.M20mdk.i586.rpm
f27ea3b094bb95cc9f03e444d193dd77 mnf/2.0/SRPMS/libvorbis-1.0.1-4.1.M20mdk.src.rpm

ChangeLog

2007-08-21 : Initial release

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.
 
 

Search
      

Mailinglist
    
 

Apple Safari Code Execution and Security Bypass Vulnerabilities

Apple iLife and Aperture Image Handling Code Execution Vulnerabilities

Apple Mac OS X Code Execution and Security Bypass Vulnerabilities

Apple TV Multiple File Processing Code Execution Vulnerabilities

Apple Mac OS X Code Execution and Security Bypass Vulnerabilities

Apple iPhone Code Execution and Security Bypass Vulnerabilities

Apple QuickTime Multiple Remote Code Execution Vulnerabilities

IBM AIX Sendmail Header Lines Denial of Service Vulnerability

IBM Metrica Multiple Parameter Cross Site Scripting Vulnerabilities

IBM Lotus Quickr Unspecified Cross Site Scripting Vulnerabilities

IBM Hardware Management Console Denial of Service Vulnerability

IBM Tivoli Storage Manager Client Buffer Overflow Vulnerability

IBM DB2 Denial of Service and Information Disclosure Vulnerabilities

IBM Lotus Quickr Denial of Service and Security Bypass Vulnerabilities

Mozilla Products Code Execution and Security Bypass Vulnerabilities

Mozilla Firefox Shortcut Handlingg Information Disclosure Vulnerability

Mozilla Products Code Execution and Security Bypass Vulnerabilities

Mozilla Firefox for Mac OS X GIF Rendering Code Execution Vulnerability

Mozilla Products Remote Code Execution and Security Bypass Issues

Mozilla Products Code Execution and Injection Vulnerabilities

Mozilla JavaScript Garbage Collector Code Execution Vulnerability

Copyright 2003-2008 © FrSIRT.COM - Privacy Policy