Mandriva Update For Libvorbis MDVSA-2008:102 (libvorbis) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

Will Drewry of the Google Security Team reported several vulnerabilities in how libvorbis processed audio data. An attacker could create a carefuly crafted OGG audio file in such a way that it would cause an application linked to libvorbis to crash or possibly execute arbitray code when opened (CVE-2008-1419, CVE-2008-1420, CVE-2008-1423). The updated packages have been patched to correct these issues.

Affected

libvorbis on Mandriva Linux 2007.1, Mandriva Linux 2007.1/X86_64, Mandriva Linux 2008.0, Mandriva Linux 2008.0/X86_64, Mandriva Linux 2008.1, Mandriva Linux 2008.1/X86_64

Severity

Classification

CVE CVE-2008-1419, CVE-2008-1420, CVE-2008-1423

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:116 (gnutls)
Mandrake Security Advisory MDVSA-2009:021 (php)
Mandrake Security Advisory MDVSA-2009:150 (libtiff)
Mandrake Security Advisory MDVSA-2009:106 (libwmf)
Mandrake Security Advisory MDVSA-2009:005 (xterm)

Mandriva Update for libvorbis MDVSA-2008:102 (libvorbis)

Take action and discover your vulnerabilities