Debian Security Advisory DSA 1584-1 (libfishsound) Network Vulnerability

Summary

The remote host is missing an update to libfishsound announced via advisory DSA 1584-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201584-1

Insight

It was discovered that libfishsound, a simple programming interface that wraps Xiph.Org audio codecs, didn't correctly handle negative values in a particular header field. This could allow malicious files to execute arbitrary code. For the stable distribution (etch), this problem has been fixed in version 0.7.0-2etch1. For the unstable distribution (sid), this problem has been fixed in version 0.7.0-2.2. We recommend that you upgrade your libfishsound package.

Severity

Classification

CVE CVE-2008-1686

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Debian Security Advisory DSA 1037-1 (zgv)
Debian Security Advisory DSA 003-1 (joe)
Debian Security Advisory DSA 090-1 (xtel)
Debian Security Advisory DSA 1049-1 (ethereal)
Debian Security Advisory DSA 087-1 (wu-ftpd)

Take action and discover your vulnerabilities