__________________________________________________________
The U.S. Department of Energy
Computer Incident Advisory Capability
___ __ __ _ ___
/ | /_\ /
\___ __|__ / \ \___
__________________________________________________________
INFORMATION BULLETIN
libvorbis Security Update
[Red Hat RHSA-2008:0270-5]
May 15, 2008 20:00 GMT Number S-294
[REVISED 5 Jun 2008]
______________________________________________________________________________
PROBLEM: Several flaws werer reported in the way libvorbis processed
audio data.
PLATFORM: RHEL Desktop Workstation (v. 5 client)
Red Hat Desktop (v. 3, v. 4)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux AS, ES, WS (v. 3, v. 4)
Red Hat Enterprise Linux Desktop (v. 5 client)
Debian GNU/Linux 4.0 (etch)
DAMAGE: Execute arbitrary code.
SOLUTION: Upgrade to the appropriate version.
______________________________________________________________________________
VULNERABILITY The risk is MEDIUM. An attacker could create a carefully
ASSESSMENT: crafted OGG audio file in such a way that it could cause an
application linked with libvorbis to crash, or execute
arbitrary code when it was opened.
______________________________________________________________________________
CVSS 2 BASE SCORE: 7.5
TEMPORAL SCORE: 5.9
VECTOR: (AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C)
______________________________________________________________________________
LINKS:
CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/s-294.shtml
ORIGINAL BULLETIN: https://rhn.redhat.com/errata/RHSA-2008-0270.html
ADDITIONAL LINK: http://www.debian.org/security/2008/dsa-1591
CVE: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=
CVE-2008-1419 CVE-2008-1420 CVE-2008-1423
______________________________________________________________________________
REVISION HISTORY:
06/05/2008 - revised S-294 to add a link to Debian Security Advisory DSA-1591-1
for Debian GNU/Linux 4.0 (etch).
[***** Start Red Hat RHSA-2008:0270-5 *****]
Important: libvorbis security update
Advisory: RHSA-2008:0270-5
Type: Security Advisory
Severity: Important
Issued on: 2008-05-14
Last updated on: 2008-05-14
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Desktop (v. 3)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Enterprise Linux WS (v. 4)
OVAL: com.redhat.rhsa-20080270.xml
CVEs (cve.mitre.org): CVE-2008-1419
CVE-2008-1420
CVE-2008-1423
Details
Updated libvorbis packages that fix various security issues are now
available for Red Hat Enterprise Linux 3, 4, and 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
The libvorbis packages contain runtime libraries for use in programs that
support Ogg Vorbis. Ogg Vorbis is a fully open, non-proprietary, patent-and
royalty-free, general-purpose compressed audio format.
Will Drewry of the Google Security Team reported several flaws in the way
libvorbis processed audio data. An attacker could create a carefully
crafted OGG audio file in such a way that it could cause an application
linked with libvorbis to crash, or execute arbitrary code when it was
opened. (CVE-2008-1419, CVE-2008-1420, CVE-2008-1423)
Moreover, additional OGG file sanity-checks have been added to prevent
possible exploitation of similar issues in the future.
Users of libvorbis are advised to upgrade to these updated packages, which
contain backported patches to resolve these issues.
Solution
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188
Updated packages
RHEL Desktop Workstation (v. 5 client)
--------------------------------------------------------------------------------
IA-32:
libvorbis-devel-1.1.2-3.el5_1.2.i386.rpm 7a41c2b6e9ee016a4344b8836b638218
x86_64:
libvorbis-devel-1.1.2-3.el5_1.2.i386.rpm 7a41c2b6e9ee016a4344b8836b638218
libvorbis-devel-1.1.2-3.el5_1.2.x86_64.rpm 0358694d1c04a28dcd2944f89c513fb6
Red Hat Desktop (v. 3)
--------------------------------------------------------------------------------
SRPMS:
libvorbis-1.0-10.el3.src.rpm 487d870492fb60ea1fa624f50b40975b
IA-32:
libvorbis-1.0-10.el3.i386.rpm c3f278cc535e5499c8f9d54d2110bef7
libvorbis-devel-1.0-10.el3.i386.rpm 6de896c294690ea480a65dedde14a7e3
x86_64:
libvorbis-1.0-10.el3.i386.rpm c3f278cc535e5499c8f9d54d2110bef7
libvorbis-1.0-10.el3.x86_64.rpm 57857d4e5f2bff381c538f9c3cf0c1e9
libvorbis-devel-1.0-10.el3.x86_64.rpm 25a8ad62ec1137f3163d2cfeeaa8cdbd
Red Hat Desktop (v. 4)
--------------------------------------------------------------------------------
SRPMS:
libvorbis-1.1.0-3.el4_6.1.src.rpm 4ec9713d21f447711704b8ca57a23f85
IA-32:
libvorbis-1.1.0-3.el4_6.1.i386.rpm 4e7520585b8ed2a81ba27f40e1327bf4
libvorbis-devel-1.1.0-3.el4_6.1.i386.rpm 45394583ab67b47c6ccbce43730b9b7c
x86_64:
libvorbis-1.1.0-3.el4_6.1.i386.rpm 4e7520585b8ed2a81ba27f40e1327bf4
libvorbis-1.1.0-3.el4_6.1.x86_64.rpm 412cde92f0de816f9d062811e03e4af8
libvorbis-devel-1.1.0-3.el4_6.1.x86_64.rpm 8684f07c831784590e6cb2de3cd762d4
Red Hat Enterprise Linux (v. 5 server)
--------------------------------------------------------------------------------
SRPMS:
libvorbis-1.1.2-3.el5_1.2.src.rpm 686ff9bc4cbbc09be1d350567e4514b2
IA-32:
libvorbis-1.1.2-3.el5_1.2.i386.rpm 3dc980580ada6f086d2728fe5f4478d1
libvorbis-devel-1.1.2-3.el5_1.2.i386.rpm 7a41c2b6e9ee016a4344b8836b638218
IA-64:
libvorbis-1.1.2-3.el5_1.2.ia64.rpm 60e122a0d6b8f96dff7d3d7d63af702f
libvorbis-devel-1.1.2-3.el5_1.2.ia64.rpm 24e57202c329a10fa9c2fe925d95fc2e
PPC:
libvorbis-1.1.2-3.el5_1.2.ppc.rpm 64be672303a653b9271eff9a04293c00
libvorbis-1.1.2-3.el5_1.2.ppc64.rpm 58c9d8f83ce0b9cc2d5977a663f8f5d2
libvorbis-devel-1.1.2-3.el5_1.2.ppc.rpm d9867a6925914570194dbb4aaf1fa549
libvorbis-devel-1.1.2-3.el5_1.2.ppc64.rpm 5c39857a2e89d271a4fe2c6f094b3bc8
s390x:
libvorbis-1.1.2-3.el5_1.2.s390.rpm 26b779dcacb9b744f69cd08c77799806
libvorbis-1.1.2-3.el5_1.2.s390x.rpm aee857165c97c694f3878b346838816c
libvorbis-devel-1.1.2-3.el5_1.2.s390.rpm 3a963fa5d4bf6c30f57753dc5912c13a
libvorbis-devel-1.1.2-3.el5_1.2.s390x.rpm ae4085ba3d03a3ba4e1d056736c7c35d
x86_64:
libvorbis-1.1.2-3.el5_1.2.i386.rpm 3dc980580ada6f086d2728fe5f4478d1
libvorbis-1.1.2-3.el5_1.2.x86_64.rpm 892a903e5e970fa1147b3314202a16f9
libvorbis-devel-1.1.2-3.el5_1.2.i386.rpm 7a41c2b6e9ee016a4344b8836b638218
libvorbis-devel-1.1.2-3.el5_1.2.x86_64.rpm 0358694d1c04a28dcd2944f89c513fb6
Red Hat Enterprise Linux AS (v. 3)
--------------------------------------------------------------------------------
SRPMS:
libvorbis-1.0-10.el3.src.rpm 487d870492fb60ea1fa624f50b40975b
IA-32:
libvorbis-1.0-10.el3.i386.rpm c3f278cc535e5499c8f9d54d2110bef7
libvorbis-devel-1.0-10.el3.i386.rpm 6de896c294690ea480a65dedde14a7e3
IA-64:
libvorbis-1.0-10.el3.i386.rpm c3f278cc535e5499c8f9d54d2110bef7
libvorbis-1.0-10.el3.ia64.rpm 38f44a7d0af1600b46c8b4e3cc144444
libvorbis-devel-1.0-10.el3.ia64.rpm 70605d1d6b8492bd67295db79b58dc32
PPC:
libvorbis-1.0-10.el3.ppc.rpm e4db5c2876a94a74b70c16cc646cf42d
libvorbis-1.0-10.el3.ppc64.rpm 1d6fdb75c4560da7ac170d64d76b5d44
libvorbis-devel-1.0-10.el3.ppc.rpm 3dd0d16be54163cec5a02f5ac0820074
s390:
libvorbis-1.0-10.el3.s390.rpm 9f912975ad028d6af32129f6d294c52c
libvorbis-devel-1.0-10.el3.s390.rpm 8256633c1b7510768311e8590c30e0f9
s390x:
libvorbis-1.0-10.el3.s390.rpm 9f912975ad028d6af32129f6d294c52c
libvorbis-1.0-10.el3.s390x.rpm 7ff56ddaf3a011d6ee3964f3fbb4b346
libvorbis-devel-1.0-10.el3.s390x.rpm 005e5a1ad18b57dfe11af40fb44e25e7
x86_64:
libvorbis-1.0-10.el3.i386.rpm c3f278cc535e5499c8f9d54d2110bef7
libvorbis-1.0-10.el3.x86_64.rpm 57857d4e5f2bff381c538f9c3cf0c1e9
libvorbis-devel-1.0-10.el3.x86_64.rpm 25a8ad62ec1137f3163d2cfeeaa8cdbd
Red Hat Enterprise Linux AS (v. 4)
--------------------------------------------------------------------------------
SRPMS:
libvorbis-1.1.0-3.el4_6.1.src.rpm 4ec9713d21f447711704b8ca57a23f85
IA-32:
libvorbis-1.1.0-3.el4_6.1.i386.rpm 4e7520585b8ed2a81ba27f40e1327bf4
libvorbis-devel-1.1.0-3.el4_6.1.i386.rpm 45394583ab67b47c6ccbce43730b9b7c
IA-64:
libvorbis-1.1.0-3.el4_6.1.i386.rpm 4e7520585b8ed2a81ba27f40e1327bf4
libvorbis-1.1.0-3.el4_6.1.ia64.rpm 64d1491d8a35a87334c05df441cebb51
libvorbis-devel-1.1.0-3.el4_6.1.ia64.rpm 28a1816abce0854255ec8fd78e6d0218
PPC:
libvorbis-1.1.0-3.el4_6.1.ppc.rpm 9c839b5e1734e9f81c7c34e783c23433
libvorbis-1.1.0-3.el4_6.1.ppc64.rpm e81ff78e869d354cc0fc008b7eca8b01
libvorbis-devel-1.1.0-3.el4_6.1.ppc.rpm c24719967a2c0f15907410a0bbb7ad03
s390:
libvorbis-1.1.0-3.el4_6.1.s390.rpm f5302f2beefee615ca190e55fca5d5ff
libvorbis-devel-1.1.0-3.el4_6.1.s390.rpm af7bb6fee2935df7867733b66d9baff0
s390x:
libvorbis-1.1.0-3.el4_6.1.s390.rpm f5302f2beefee615ca190e55fca5d5ff
libvorbis-1.1.0-3.el4_6.1.s390x.rpm 6a51d56f961539b9d4a32a3c6068ce19
libvorbis-devel-1.1.0-3.el4_6.1.s390x.rpm 7f79f3f03b3761d18069f2cc4f00b78f
x86_64:
libvorbis-1.1.0-3.el4_6.1.i386.rpm 4e7520585b8ed2a81ba27f40e1327bf4
libvorbis-1.1.0-3.el4_6.1.x86_64.rpm 412cde92f0de816f9d062811e03e4af8
libvorbis-devel-1.1.0-3.el4_6.1.x86_64.rpm 8684f07c831784590e6cb2de3cd762d4
Red Hat Enterprise Linux Desktop (v. 5 client)
--------------------------------------------------------------------------------
SRPMS:
libvorbis-1.1.2-3.el5_1.2.src.rpm 686ff9bc4cbbc09be1d350567e4514b2
IA-32:
libvorbis-1.1.2-3.el5_1.2.i386.rpm 3dc980580ada6f086d2728fe5f4478d1
x86_64:
libvorbis-1.1.2-3.el5_1.2.i386.rpm 3dc980580ada6f086d2728fe5f4478d1
libvorbis-1.1.2-3.el5_1.2.x86_64.rpm 892a903e5e970fa1147b3314202a16f9
Red Hat Enterprise Linux ES (v. 3)
--------------------------------------------------------------------------------
SRPMS:
libvorbis-1.0-10.el3.src.rpm 487d870492fb60ea1fa624f50b40975b
IA-32:
libvorbis-1.0-10.el3.i386.rpm c3f278cc535e5499c8f9d54d2110bef7
libvorbis-devel-1.0-10.el3.i386.rpm 6de896c294690ea480a65dedde14a7e3
IA-64:
libvorbis-1.0-10.el3.i386.rpm c3f278cc535e5499c8f9d54d2110bef7
libvorbis-1.0-10.el3.ia64.rpm 38f44a7d0af1600b46c8b4e3cc144444
libvorbis-devel-1.0-10.el3.ia64.rpm 70605d1d6b8492bd67295db79b58dc32
x86_64:
libvorbis-1.0-10.el3.i386.rpm c3f278cc535e5499c8f9d54d2110bef7
libvorbis-1.0-10.el3.x86_64.rpm 57857d4e5f2bff381c538f9c3cf0c1e9
libvorbis-devel-1.0-10.el3.x86_64.rpm 25a8ad62ec1137f3163d2cfeeaa8cdbd
Red Hat Enterprise Linux ES (v. 4)
--------------------------------------------------------------------------------
SRPMS:
libvorbis-1.1.0-3.el4_6.1.src.rpm 4ec9713d21f447711704b8ca57a23f85
IA-32:
libvorbis-1.1.0-3.el4_6.1.i386.rpm 4e7520585b8ed2a81ba27f40e1327bf4
libvorbis-devel-1.1.0-3.el4_6.1.i386.rpm 45394583ab67b47c6ccbce43730b9b7c
IA-64:
libvorbis-1.1.0-3.el4_6.1.i386.rpm 4e7520585b8ed2a81ba27f40e1327bf4
libvorbis-1.1.0-3.el4_6.1.ia64.rpm 64d1491d8a35a87334c05df441cebb51
libvorbis-devel-1.1.0-3.el4_6.1.ia64.rpm 28a1816abce0854255ec8fd78e6d0218
x86_64:
libvorbis-1.1.0-3.el4_6.1.i386.rpm 4e7520585b8ed2a81ba27f40e1327bf4
libvorbis-1.1.0-3.el4_6.1.x86_64.rpm 412cde92f0de816f9d062811e03e4af8
libvorbis-devel-1.1.0-3.el4_6.1.x86_64.rpm 8684f07c831784590e6cb2de3cd762d4
Red Hat Enterprise Linux WS (v. 3)
--------------------------------------------------------------------------------
SRPMS:
libvorbis-1.0-10.el3.src.rpm 487d870492fb60ea1fa624f50b40975b
IA-32:
libvorbis-1.0-10.el3.i386.rpm c3f278cc535e5499c8f9d54d2110bef7
libvorbis-devel-1.0-10.el3.i386.rpm 6de896c294690ea480a65dedde14a7e3
IA-64:
libvorbis-1.0-10.el3.i386.rpm c3f278cc535e5499c8f9d54d2110bef7
libvorbis-1.0-10.el3.ia64.rpm 38f44a7d0af1600b46c8b4e3cc144444
libvorbis-devel-1.0-10.el3.ia64.rpm 70605d1d6b8492bd67295db79b58dc32
x86_64:
libvorbis-1.0-10.el3.i386.rpm c3f278cc535e5499c8f9d54d2110bef7
libvorbis-1.0-10.el3.x86_64.rpm 57857d4e5f2bff381c538f9c3cf0c1e9
libvorbis-devel-1.0-10.el3.x86_64.rpm 25a8ad62ec1137f3163d2cfeeaa8cdbd
Red Hat Enterprise Linux WS (v. 4)
--------------------------------------------------------------------------------
SRPMS:
libvorbis-1.1.0-3.el4_6.1.src.rpm 4ec9713d21f447711704b8ca57a23f85
IA-32:
libvorbis-1.1.0-3.el4_6.1.i386.rpm 4e7520585b8ed2a81ba27f40e1327bf4
libvorbis-devel-1.1.0-3.el4_6.1.i386.rpm 45394583ab67b47c6ccbce43730b9b7c
IA-64:
libvorbis-1.1.0-3.el4_6.1.i386.rpm 4e7520585b8ed2a81ba27f40e1327bf4
libvorbis-1.1.0-3.el4_6.1.ia64.rpm 64d1491d8a35a87334c05df441cebb51
libvorbis-devel-1.1.0-3.el4_6.1.ia64.rpm 28a1816abce0854255ec8fd78e6d0218
x86_64:
libvorbis-1.1.0-3.el4_6.1.i386.rpm 4e7520585b8ed2a81ba27f40e1327bf4
libvorbis-1.1.0-3.el4_6.1.x86_64.rpm 412cde92f0de816f9d062811e03e4af8
libvorbis-devel-1.1.0-3.el4_6.1.x86_64.rpm 8684f07c831784590e6cb2de3cd762d4
(The unlinked packages above are only available from the Red Hat Network)
Bugs fixed (see bugzilla for more information)
440700 - CVE-2008-1419 vorbis: zero-dim codebooks can cause crash, infinite loop or heap overflow
440706 - CVE-2008-1420 vorbis: integer overflow in partvals computation
440709 - CVE-2008-1423 vorbis: integer oveflow caused by huge codebooks
References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1419
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1420
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1423
http://www.redhat.com/security/updates/classification/#important
--------------------------------------------------------------------------------
These packages are GPG signed by Red Hat for security. Our key and details on how
to verify the signature are available from:
https://www.redhat.com/security/team/key/#package
The Red Hat security contact is secalert@redhat.com. More contact details at
http://www.redhat.com/security/team/contact/
[***** End Red Hat RHSA-2008:0270-5 *****]
_______________________________________________________________________________
CIAC wishes to acknowledge the contributions of Red Hat for the
information contained in this bulletin.
_______________________________________________________________________________
CIAC, the Computer Incident Advisory Capability, is the computer
security incident response team for the U.S. Department of Energy
(DOE) and the emergency backup response team for the National
Institutes of Health (NIH). CIAC is located at the Lawrence Livermore
National Laboratory in Livermore, California. CIAC is also a founding
member of FIRST, the Forum of Incident Response and Security Teams, a
global organization established to foster cooperation and coordination
among computer security teams worldwide.
CIAC services are available to DOE, DOE contractors, and the NIH. CIAC
can be contacted at:
Voice: +1 925-422-8193 (7x24)
FAX: +1 925-423-8002
STU-III: +1 925-423-2604
E-mail: ciac@ciac.org
Previous CIAC notices, anti-virus software, and other information are
available from the CIAC Computer Security Archive.
World Wide Web: http://www.ciac.org/
Anonymous FTP: ftp.ciac.org
PLEASE NOTE: Many users outside of the DOE, ESnet, and NIH computing
communities receive CIAC bulletins. If you are not part of these
communities, please contact your agency's response team to report
incidents. Your agency's team will coordinate with CIAC. The Forum of
Incident Response and Security Teams (FIRST) is a world-wide
organization. A list of FIRST member organizations and their
constituencies can be obtained via WWW at http://www.first.org/.
This document was prepared as an account of work sponsored by an
agency of the United States Government. Neither the United States
Government nor the University of California nor any of their
employees, makes any warranty, express or implied, or assumes any
legal liability or responsibility for the accuracy, completeness, or
usefulness of any information, apparatus, product, or process
disclosed, or represents that its use would not infringe privately
owned rights. Reference herein to any specific commercial products,
process, or service by trade name, trademark, manufacturer, or
otherwise, does not necessarily constitute or imply its endorsement,
recommendation or favoring by the United States Government or the
University of California. The views and opinions of authors expressed
herein do not necessarily state or reflect those of the United States
Government or the University of California, and shall not be used for
advertising or product endorsement purposes.
LAST 10 CIAC BULLETINS ISSUED (Previous bulletins available from CIAC)
S-213: Nukedit 'email' Parameter Vulnerability
S-214: SurgeMail and WebMail 'Page' Command Vulnerability
S-215: Symantec Backup Exec Scheduler ActiveX Control Multiple Vulnerabilities
S-216: Juniper Networks Secure Access 2000 'rdremediate.cgi' Vulnerability
S-217: Drupal Multiple HTML Vulnerabilities
S-218: gd Security Update
S-219: Juniper Networks Secure Access 2000 Web Root Path Vulnerability
S-220: PHP-Nuke My_eGallery Module 'gid' Parameter Vulnerability
S-221: Learn2 STRunner ActiveX Control Vulnerabilities
S-222: Evolution Security Update