Mandriva Update For Libvorbis MDKSA-2007:167 (libvorbis) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

David Thiel discovered that libvorbis did not correctly verify the size of certain headers, and did not correctly clean up a broken stream. If a user were tricked into processing a specially crafted Vorbis stream, a remote attacker could possibly cause a denial of service or execute arbitrary code with the user's privileges.

Affected

libvorbis on Mandriva Linux 2007.0, Mandriva Linux 2007.0/X86_64, Mandriva Linux 2007.1, Mandriva Linux 2007.1/X86_64

Severity

Classification

CVE CVE-2007-3106, CVE-2007-4029

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:018 (tomcat5)
Mandrake Security Advisory MDVSA-2009:163 (tomcat5)
Mandrake Security Advisory MDVSA-2009:039 (gedit)
Mandrake Security Advisory MDVSA-2009:145 (php)
Mandrake Security Advisory MDVSA-2009:123 (opensc)

Mandriva Update for libvorbis MDKSA-2007:167 (libvorbis)

Take action and discover your vulnerabilities