Forum: >>> Magnum BBS <<<

[SECURITY] [DSA 1939-1] New libvorbis packages fix several vulnerabilit

From Giuseppe Iuculano@1:229/2 to All on Tue Nov 24 23:50:02 2009

From: [email protected]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------ Debian Security Advisory DSA-1939-1 [email protected] http://www.debian.org/security/ Giuseppe Iuculano November 24, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package : libvorbis
Vulnerability : several
Problem type : local(remote)
Debian-specific: no
Debian bug : 540958
CVE Ids : CVE-2009-2663 CVE-2009-3379

Lucas Adamski, Matthew Gregan, David Keeler, and Dan Kaminsky discovered
that libvorbis, a library for the Vorbis general-purpose compressed
audio codec, did not correctly handle certain malformed ogg files. An
attacher could cause a denial of service (memory corruption and
application crash) or possibly execute arbitrary code via a crafted .ogg
file.

For the oldstable distribution (etch), these problems have been fixed in version 1.1.2.dfsg-1.4+etch1.

For the stable distribution (lenny), these problems have been fixed in
version 1.2.0.dfsg-3.1+lenny1.

For the testing distribution (squeeze) and the unstable distribution
(sid), these problems have been fixed in version 1.2.3-1

We recommend that you upgrade your libvorbis packages.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch
- -------------------------------

Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis_1.1.2.dfsg-1.4+etch1.diff.gz
Size/MD5 checksum: 17870 2e11d2c0176fd0a8e796e80667a681d8
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis_1.1.2.dfsg.orig.tar.gz
Size/MD5 checksum: 1312540 44cf09fef7f78e7c6ba7dd63b6137412
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis_1.1.2.dfsg-1.4+etch1.dsc
Size/MD5 checksum: 808 2a9e6b4dcd72e8bc8cf956404a1fb7ca

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.4+etch1_alpha.deb
Size/MD5 checksum: 94682 9c20663d4f36265241830b388d90a455
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.4+etch1_alpha.deb
Size/MD5 checksum: 19440 7caafa303b7fa32f0a6192d6b75b9874
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.4+etch1_alpha.deb
Size/MD5 checksum: 110988 8751f9d236abbacaf14c7f5e5a57a078
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.4+etch1_alpha.deb
Size/MD5 checksum: 495658 681d35e8b06a6d0d8c37f7c9fb5325c8

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.4+etch1_amd64.deb
Size/MD5 checksum: 93808 ee1c37e468df9f96aa86ecf11a9c3050
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.4+etch1_amd64.deb
Size/MD5 checksum: 18018 767aa39de969e302a62a8b1968aa8c39
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.4+etch1_amd64.deb
Size/MD5 checksum: 102012 91d4ff0b056c721041ec925adb956623
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.4+etch1_amd64.deb
Size/MD5 checksum: 463556 431c01bc7bc69936fdc4d4c1d32c12eb

arm architecture (ARM)

http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.4+etch1_arm.deb
Size/MD5 checksum: 459034 52d059837ff4ec37205c65c952d10dfd
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.4+etch1_arm.deb
Size/MD5 checksum: 75992 33f262fdec3a52f4d6e5cebd3238f600
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.4+etch1_arm.deb
Size/MD5 checksum: 98776 7c24697b474af64e5a85625777d0bc8d
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.4+etch1_arm.deb
Size/MD5 checksum: 18776 c00e2fcb4e65aa26d8a9d2fda4a86c0c

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.4+etch1_hppa.deb
Size/MD5 checksum: 486808 97cee8dfb056da78638884749a4cd3bb
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.4+etch1_hppa.deb
Size/MD5 checksum: 22180 97e127da32402398f9d3d073917aaf30
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.4+etch1_hppa.deb
Size/MD5 checksum: 108614 9e7b5f226060f6d492aa5a37830e8382
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.4+etch1_hppa.deb
Size/MD5 checksum: 92586 d768d0011d425413b5513cc6077c90cc

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.4+etch1_i386.deb
Size/MD5 checksum: 19096 ddf590ab7c51f75015815e7500c73c02
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.4+etch1_i386.deb
Size/MD5 checksum: 98656 d84b4ff35636254f8b79c4a1817a9f1b
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.4+etch1_i386.deb
Size/MD5 checksum: 455630 419e92bd2278385d2332485bfb5ec1c4
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.4+etch1_i386.deb
Size/MD5 checksum: 75688 8162e49e13fdd5f4f90b5e04737aef5b

ia64 architecture (Intel ia64)

[continued in next message]

--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)

Who's Online
Recent Visitors
- Krenn
  Sat Jun 6 11:38:56 2026
  from Sydney, Nsw via Telnet
- Furryboy
  Sat Jun 6 10:56:29 2026
  from Romania, Galati via SSH
- Centurion
  Fri Jun 5 22:28:01 2026
  from Berea, Ohio via Telnet
- Ab Cadd
  Fri Jun 5 17:52:51 2026
  from Sheboygan, Wi via Telnet
- Gwylbert
  Fri Jun 5 06:28:52 2026
  from Sydney, Nsw via Telnet
- Centurion
  Thu Jun 4 23:42:23 2026
  from Berea, Ohio via Telnet
- Michal Wronka
  Thu Jun 4 23:19:58 2026
  from Wroclaw, Poland via Telnet
- Michal Wronka
  Thu Jun 4 23:17:20 2026
  from Wroclaw, Poland via SSH

System Info

Sysop:	Keyop
Location:	Huddersfield, West Yorkshire, UK
Users:	715
Nodes:	16 (2 / 14)
Uptime:	144:18:11
Calls:	12,089
Calls today:	2
Files:	15,000
Messages:	6,517,490

[SECURITY] [DSA 1939-1] New libvorbis packages fix several vulnerabilit

Who's Online

Recent Visitors

System Info