French Security Incident Response Team

FrSIRT   

      

   français French  anglais English

 
Vulnerability Notification Service
 FrSIRT Partner Program
 14-Day Free Trial
Contact FrSIRT Sales Dept.
 

Security Advisories
Linux Security Advisories
Virus and Threats Advisories
Latest Security News
Latest Zero Day Threats
Advisories and vulnerabilities by Vendor
Advisories and vulnerabilities by Keyword
 

Report a security incident
Report a new vulnerability
Security Mailinglist
 

Our Company
FrSIRT in the News
Advertise on FrSIRT.COM
Security Researchers and Exploit Writers Jobs
Contact Us

Mandriva Security Update Fixes Libvorbis Code Execution and DoS Issues

Title : Mandriva Security Update Fixes Libvorbis Code Execution and DoS Issues
Advisory ID : FrSIRT/ADV-2007-3460
CVE ID : CVE-2007-4065 - CVE-2007-4066
Rated as : Moderate Risk 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-10-11

Advisory Details
 
  Description
  Affected Products
  Solution
  References
Technical Description    Receive FrSIRT alerts in a Text format  Receive FrSIRT alerts in a PDF format  Receive FrSIRT alerts in an XML format  Receive FrSIRT notifications by SMS 

Multiple vulnerabilities have been identified in various Mandriva products, which could be exploited by attackers to cause a denial of service or execute arbitrary code [...]

Solution

Upgrade the affected packages :
Mandriva Linux 2007.0:
d41be27509ec3be88b202966d4a59550 2007.0/i586/libvorbis0-1.1.2-1.2mdv2007.0.i586.rpm
e75b4f86a4c5d58f77373d50fbea8768 2007.0/i586/libvorbis0-devel-1.1.2-1.2mdv2007.0.i586.rpm
23f95877a057ba9cec80183affdbcd26 2007.0/i586/libvorbisenc2-1.1.2-1.2mdv2007.0.i586.rpm
5f32c9d9d23d2cca8814ad11c6992695 2007.0/i586/libvorbisfile3-1.1.2-1.2mdv2007.0.i586.rpm
3307e950d4b3918d358e9b82df6001cf 2007.0/SRPMS/libvorbis-1.1.2-1.2mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
402d3b03c86b0137011d1e46b51c5882 2007.0/x86_64/lib64vorbis0-1.1.2-1.2mdv2007.0.x86_64.rpm
f2ac23af2f02fa7ae18eff8251a7187f 2007.0/x86_64/lib64vorbis0-devel-1.1.2-1.2mdv2007.0.x86_64.rpm
26edae58c4d13b1d3231eb5dc1560dac 2007.0/x86_64/lib64vorbisenc2-1.1.2-1.2mdv2007.0.x86_64.rpm
63e13185eeaa037dbc4fc583b85c0143 2007.0/x86_64/lib64vorbisfile3-1.1.2-1.2mdv2007.0.x86_64.rpm
3307e950d4b3918d358e9b82df6001cf 2007.0/SRPMS/libvorbis-1.1.2-1.2mdv2007.0.src.rpm
Mandriva Linux 2007.1:
f8d07dd2d52e2876abb97609b29c7dde 2007.1/i586/libvorbis0-1.1.2-1.3mdv2007.1.i586.rpm
3fec84f53226b408bba6dbd1e2cf4968 2007.1/i586/libvorbis0-devel-1.1.2-1.3mdv2007.1.i586.rpm
2901cdc64be56cb289b217ed1a05b8f1 2007.1/i586/libvorbisenc2-1.1.2-1.3mdv2007.1.i586.rpm
e98cb9e44e1f3067e1fb7d1620c5ef27 2007.1/i586/libvorbisfile3-1.1.2-1.3mdv2007.1.i586.rpm
cce00e65c8cbe511018f520bca49c6a7 2007.1/SRPMS/libvorbis-1.1.2-1.3mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64:
891d901f29fe9a1d0fd82e9b47d38122 2007.1/x86_64/lib64vorbis0-1.1.2-1.3mdv2007.1.x86_64.rpm
c6c00add1ff7bcc5e636e3ae2b4f5b30 2007.1/x86_64/lib64vorbis0-devel-1.1.2-1.3mdv2007.1.x86_64.rpm
510934712584a9578ed4a2a946870b06 2007.1/x86_64/lib64vorbisenc2-1.1.2-1.3mdv2007.1.x86_64.rpm
c52b5f4388c30d163f57144b882b3089 2007.1/x86_64/lib64vorbisfile3-1.1.2-1.3mdv2007.1.x86_64.rpm
cce00e65c8cbe511018f520bca49c6a7 2007.1/SRPMS/libvorbis-1.1.2-1.3mdv2007.1.src.rpm
Corporate 3.0:
cb5946414ffc05264f009a2dfb5cd5a4 corporate/3.0/i586/libvorbis0-1.0.1-4.2.C30mdk.i586.rpm
b94b5dd7b09be0920ad46691550e6d5f corporate/3.0/i586/libvorbis0-devel-1.0.1-4.2.C30mdk.i586.rpm
2499e5ee054d10dea6576ecc1e5a0b47 corporate/3.0/i586/libvorbisenc2-1.0.1-4.2.C30mdk.i586.rpm
d96e79ad3fa7183463d28e0e964625cb corporate/3.0/i586/libvorbisfile3-1.0.1-4.2.C30mdk.i586.rpm
6cd5308e5450210a1bd5ef1d75be045a corporate/3.0/SRPMS/libvorbis-1.0.1-4.2.C30mdk.src.rpm
Corporate 3.0/X86_64:
e8702d068c5780bb74aeeead7990cf1d corporate/3.0/x86_64/lib64vorbis0-1.0.1-4.2.C30mdk.x86_64.rpm
1839ae3b9df3a80728efefcd0d2c8924 corporate/3.0/x86_64/lib64vorbis0-devel-1.0.1-4.2.C30mdk.x86_64.rpm
6d503b73eb3997992a4a14686fa22bc2 corporate/3.0/x86_64/lib64vorbisenc2-1.0.1-4.2.C30mdk.x86_64.rpm
1fb747fa7937daf053ede6bf3c631e6b corporate/3.0/x86_64/lib64vorbisfile3-1.0.1-4.2.C30mdk.x86_64.rpm
6cd5308e5450210a1bd5ef1d75be045a corporate/3.0/SRPMS/libvorbis-1.0.1-4.2.C30mdk.src.rpm
Corporate 4.0:
3354475793ef4eb0489fab6cbbb66b4b corporate/4.0/i586/libvorbis0-1.1.1-1.2.20060mlcs4.i586.rpm
98795f48ac6f58fe0c085ccddbc8b013 corporate/4.0/i586/libvorbis0-devel-1.1.1-1.2.20060mlcs4.i586.rpm
ff749aafc57d36a7bea5d9911e1e0464 corporate/4.0/i586/libvorbisenc2-1.1.1-1.2.20060mlcs4.i586.rpm
f3c1ce534e434ccb18d8a20e8131f645 corporate/4.0/i586/libvorbisfile3-1.1.1-1.2.20060mlcs4.i586.rpm
a03a39326629aeac0b8089f16ac1669c corporate/4.0/SRPMS/libvorbis-1.1.1-1.2.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
1fd83d033b447bbe31b382b6ef406b04 corporate/4.0/x86_64/lib64vorbis0-1.1.1-1.2.20060mlcs4.x86_64.rpm
7277ef1839ff508bb82c7cfdabd08bbc corporate/4.0/x86_64/lib64vorbis0-devel-1.1.1-1.2.20060mlcs4.x86_64.rpm
85982268bb38fee83857e3d43b81e857 corporate/4.0/x86_64/lib64vorbisenc2-1.1.1-1.2.20060mlcs4.x86_64.rpm
b2becf1d0654a3c7dc39d776ea06fef7 corporate/4.0/x86_64/lib64vorbisfile3-1.1.1-1.2.20060mlcs4.x86_64.rpm
a03a39326629aeac0b8089f16ac1669c corporate/4.0/SRPMS/libvorbis-1.1.1-1.2.20060mlcs4.src.rpm
Multi Network Firewall 2.0:
4aeb3e14e502a4985045faa4b78a06e6 mnf/2.0/i586/libvorbis0-1.0.1-4.2.M20mdk.i586.rpm
d361415bee36020ea5b0b5fd42ccc260 mnf/2.0/i586/libvorbis0-devel-1.0.1-4.2.M20mdk.i586.rpm
7b9cf8d7bdf58bea8a77f05ffef744d3 mnf/2.0/i586/libvorbisenc2-1.0.1-4.2.M20mdk.i586.rpm
33e7c4ddc5a1cba04d0e238b2cbda192 mnf/2.0/i586/libvorbisfile3-1.0.1-4.2.M20mdk.i586.rpm
35f0157658f80c209b4bfd4557668aca mnf/2.0/SRPMS/libvorbis-1.0.1-4.2.M20mdk.src.rpm

ChangeLog

2007-10-11 : Initial release

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.
 
 

Search
      

Mailinglist
    
 

Cisco UCM SIP Remote Denial of Service

Cisco IOS Denial of Service and Security Bypass Vulnerabilities

Cisco PIX and ASA Information Disclosure and DoS Vulnerabilities

Cisco Secure ACS EAP Remote Denial Of Service Vulnerability

Cisco Products Remote DNS Cache Poisoning Vulnerability

Cisco Wide Area Application Services CUPS Remote Vulnerability

Cisco UCM Denial of Service and Authentication Bypass Vulnerabilities

Microsoft Windows Vista "WRITE_ANDX" Denial of Service Vulnerability

Microsoft Office OneNote URL Code Execution (MS08-055)

Microsoft GDI+ Multiple Code Execution Vulnerabilities (MS08-052)

Microsoft Visual Studio "Msmask32" Code Execution Vulnerability

Microsoft PowerPoint Command Execution Vulnerabilities (MS08-051)

Microsoft Windows Messenger Data Disclosure (MS08-050)

Microsoft Windows Event System Code Execution (MS08-049)

Sun Solaris ACL UFS File Systems Denial of Service Vulnerability

Sun Solaris Text Editors Tag Files Local Code Execution Vulnerability

Sun Management Center Remote Denial of Service Vulnerability

Sun Solaris Bzip2 Archive Handling Denial of Service Vulnerability

Sun Solaris GNU Tar Headers Handling Buffer Overflow Vulnerability

Sun Solaris Covert Channel Local Security Bypass Vulnerability

Sun Solaris NFS RPC Zone Denial of Service Vulnerability

Copyright 2003-2008 © FrSIRT.COM - Privacy Policy