New User, Welcome!     Login

vorbis/tools

[USN-611-2] vorbis-tools vulnerability

=========================================================== 
Ubuntu Security Notice USN-611-2               May 08, 2008
vorbis-tools vulnerability
CVE-2008-1686
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 7.04

[oCERT-2008-004] multiple speex implementations insufficient boundary checks

gstreamer-plugins-good <= 0.10.8
SDL_sound <= 1.0.1
Speex <= 1.1.12 (speexdec)
Sweep <= 0.9.2
vorbis-tools <= 1.2.0
VLC Media Player <= 0.8.6f
xine-lib <= 1.1.11.1
XMMS speex plugin

Fixed version:

[ MDVSA-2008:093 ] - Updated vorbis-tools packages fix vulnerabilities

 
 Mandriva Linux Security Advisory                         MDVSA-2008:093
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : vorbis-tools
 Date    : April 29, 2008
 Affected: 2008.0, 2008.1, Corporate 3.0
 _______________________________________________________________________
 
 Problem Description:

[ GLSA 200804-17 ] Speex: User-assisted execution of arbitrary code

oCERT reported that the Speex library does not properly validate the
"mode" value it derives from Speex streams, allowing for array indexing
vulnerabilities inside multiple player applications. Within Gentoo,
xine-lib, VLC, gst-plugins-speex from the GStreamer Good Plug-ins,
vorbis-tools, libfishsound, Sweep, SDL_sound, and speexdec were found
to be vulnerable.

Impact
======


Copyright © 1995-2012 LinuxRocket.net. All rights reserved.

Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!