Debian Security Advisory DSA 1471-1 (libvorbis) Network Vulnerability

Summary

The remote host is missing an update to libvorbis announced via advisory DSA 1471-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201471-1

Insight

Several vulnerabilities were found in the the Vorbis General Audio Compression Codec, which may lead to denial of service or the execution of arbitrary code, if a user is tricked into opening to a malformed Ogg Audio file with an application linked against libvorbis. For the unstable distribution (sid), these problems have been fixed in version 1.2.0.dfsg-1. For the stable distribution (etch), these problems have been fixed in version 1.1.2.dfsg-1.3. For the old stable distribution (sarge), these problems have been fixed in version 1.1.0-2. We recommend that you upgrade your libvorbis packages.

Severity

Classification

CVE CVE-2007-3106, CVE-2007-4029, CVE-2007-4066

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Debian Security Advisory DSA 004-1 (nano)
Debian Security Advisory DSA 1155-1 (sendmail)
Debian Security Advisory DSA 1010-1 (ilohamail)
Debian Security Advisory DSA 1062-1 (kphone)
Debian Security Advisory DSA 068-1 (openldap)

Take action and discover your vulnerabilities