Privacy and Legal Notice

CIAC INFORMATION BULLETIN

S-294: libvorbis Security Update

[Red Hat RHSA-2008:0270-5]

May 15, 2008 20:00 GMT
[REVISED 5 Jun 2008]
PROBLEM: Several flaws werer reported in the way libvorbis processed audio data.
PLATFORM: RHEL Desktop Workstation (v. 5 client)
Red Hat Desktop (v. 3, v. 4)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux AS, ES, WS (v. 3, v. 4)
Red Hat Enterprise Linux Desktop (v. 5 client)
Debian GNU/Linux 4.0 (etch)
DAMAGE: Execute arbitrary code.
SOLUTION: Upgrade to the appropriate version.
VULNERABILITY
ASSESSMENT:		 The risk is MEDIUM. An attacker could create a carefully crafted OGG audio file in such a way that it could cause an application linked with libvorbis to crash, or execute arbitrary code when it was opened.
CVSS 2 BASE SCORE:
   TEMPORAL SCORE:
   VECTOR:		 7.5
5.9
(AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C)
LINKS:  
  CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/s-294.shtml
  ORIGINAL BULLETIN: https://rhn.redhat.com/errata/RHSA-2008-0270.html
  ADDITIONAL LINK: http://www.debian.org/security/2008/dsa-1591
  CVE: CVE-2008-1419 CVE-2008-1420 CVE-2008-1423 
REVISION HISTORY:
06/05/2008 - revised S-294 to add a link to Debian Security Advisory DSA-1591-1
             for Debian GNU/Linux 4.0 (etch).




[***** Start Red Hat  RHSA-2008:0270-5 *****]

Important: libvorbis security update

Advisory: RHSA-2008:0270-5
Type: Security Advisory
Severity: Important
Issued on: 2008-05-14
Last updated on: 2008-05-14
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Desktop (v. 3)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Enterprise Linux WS (v. 4)
OVAL: com.redhat.rhsa-20080270.xml
CVEs (cve.mitre.org): CVE-2008-1419
CVE-2008-1420
CVE-2008-1423

Details

Updated libvorbis packages that fix various security issues are now
available for Red Hat Enterprise Linux 3, 4, and 5.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

The libvorbis packages contain runtime libraries for use in programs that
support Ogg Vorbis. Ogg Vorbis is a fully open, non-proprietary, patent-and
royalty-free, general-purpose compressed audio format.

Will Drewry of the Google Security Team reported several flaws in the way
libvorbis processed audio data. An attacker could create a carefully
crafted OGG audio file in such a way that it could cause an application
linked with libvorbis to crash, or execute arbitrary code when it was
opened. (CVE-2008-1419, CVE-2008-1420, CVE-2008-1423)

Moreover, additional OGG file sanity-checks have been added to prevent
possible exploitation of similar issues in the future.

Users of libvorbis are advised to upgrade to these updated packages, which
contain backported patches to resolve these issues.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

RHEL Desktop Workstation (v. 5 client)
IA-32:
libvorbis-devel-1.1.2-3.el5_1.2.i386.rpm     7a41c2b6e9ee016a4344b8836b638218
 
x86_64:
libvorbis-devel-1.1.2-3.el5_1.2.i386.rpm     7a41c2b6e9ee016a4344b8836b638218
libvorbis-devel-1.1.2-3.el5_1.2.x86_64.rpm     0358694d1c04a28dcd2944f89c513fb6
 
Red Hat Desktop (v. 3)
SRPMS:
libvorbis-1.0-10.el3.src.rpm     487d870492fb60ea1fa624f50b40975b
 
IA-32:
libvorbis-1.0-10.el3.i386.rpm     c3f278cc535e5499c8f9d54d2110bef7
libvorbis-devel-1.0-10.el3.i386.rpm     6de896c294690ea480a65dedde14a7e3
 
x86_64:
libvorbis-1.0-10.el3.i386.rpm     c3f278cc535e5499c8f9d54d2110bef7
libvorbis-1.0-10.el3.x86_64.rpm     57857d4e5f2bff381c538f9c3cf0c1e9
libvorbis-devel-1.0-10.el3.x86_64.rpm     25a8ad62ec1137f3163d2cfeeaa8cdbd
 
Red Hat Desktop (v. 4)
SRPMS:
libvorbis-1.1.0-3.el4_6.1.src.rpm     4ec9713d21f447711704b8ca57a23f85
 
IA-32:
libvorbis-1.1.0-3.el4_6.1.i386.rpm     4e7520585b8ed2a81ba27f40e1327bf4
libvorbis-devel-1.1.0-3.el4_6.1.i386.rpm     45394583ab67b47c6ccbce43730b9b7c
 
x86_64:
libvorbis-1.1.0-3.el4_6.1.i386.rpm     4e7520585b8ed2a81ba27f40e1327bf4
libvorbis-1.1.0-3.el4_6.1.x86_64.rpm     412cde92f0de816f9d062811e03e4af8
libvorbis-devel-1.1.0-3.el4_6.1.x86_64.rpm     8684f07c831784590e6cb2de3cd762d4
 
Red Hat Enterprise Linux (v. 5 server)
SRPMS:
libvorbis-1.1.2-3.el5_1.2.src.rpm     686ff9bc4cbbc09be1d350567e4514b2
 
IA-32:
libvorbis-1.1.2-3.el5_1.2.i386.rpm     3dc980580ada6f086d2728fe5f4478d1
libvorbis-devel-1.1.2-3.el5_1.2.i386.rpm     7a41c2b6e9ee016a4344b8836b638218
 
IA-64:
libvorbis-1.1.2-3.el5_1.2.ia64.rpm     60e122a0d6b8f96dff7d3d7d63af702f
libvorbis-devel-1.1.2-3.el5_1.2.ia64.rpm     24e57202c329a10fa9c2fe925d95fc2e
 
PPC:
libvorbis-1.1.2-3.el5_1.2.ppc.rpm     64be672303a653b9271eff9a04293c00
libvorbis-1.1.2-3.el5_1.2.ppc64.rpm     58c9d8f83ce0b9cc2d5977a663f8f5d2
libvorbis-devel-1.1.2-3.el5_1.2.ppc.rpm     d9867a6925914570194dbb4aaf1fa549
libvorbis-devel-1.1.2-3.el5_1.2.ppc64.rpm     5c39857a2e89d271a4fe2c6f094b3bc8
 
s390x:
libvorbis-1.1.2-3.el5_1.2.s390.rpm     26b779dcacb9b744f69cd08c77799806
libvorbis-1.1.2-3.el5_1.2.s390x.rpm     aee857165c97c694f3878b346838816c
libvorbis-devel-1.1.2-3.el5_1.2.s390.rpm     3a963fa5d4bf6c30f57753dc5912c13a
libvorbis-devel-1.1.2-3.el5_1.2.s390x.rpm     ae4085ba3d03a3ba4e1d056736c7c35d
 
x86_64:
libvorbis-1.1.2-3.el5_1.2.i386.rpm     3dc980580ada6f086d2728fe5f4478d1
libvorbis-1.1.2-3.el5_1.2.x86_64.rpm     892a903e5e970fa1147b3314202a16f9
libvorbis-devel-1.1.2-3.el5_1.2.i386.rpm     7a41c2b6e9ee016a4344b8836b638218
libvorbis-devel-1.1.2-3.el5_1.2.x86_64.rpm     0358694d1c04a28dcd2944f89c513fb6
 
Red Hat Enterprise Linux AS (v. 3)
SRPMS:
libvorbis-1.0-10.el3.src.rpm     487d870492fb60ea1fa624f50b40975b
 
IA-32:
libvorbis-1.0-10.el3.i386.rpm     c3f278cc535e5499c8f9d54d2110bef7
libvorbis-devel-1.0-10.el3.i386.rpm     6de896c294690ea480a65dedde14a7e3
 
IA-64:
libvorbis-1.0-10.el3.i386.rpm     c3f278cc535e5499c8f9d54d2110bef7
libvorbis-1.0-10.el3.ia64.rpm     38f44a7d0af1600b46c8b4e3cc144444
libvorbis-devel-1.0-10.el3.ia64.rpm     70605d1d6b8492bd67295db79b58dc32
 
PPC:
libvorbis-1.0-10.el3.ppc.rpm     e4db5c2876a94a74b70c16cc646cf42d
libvorbis-1.0-10.el3.ppc64.rpm     1d6fdb75c4560da7ac170d64d76b5d44
libvorbis-devel-1.0-10.el3.ppc.rpm     3dd0d16be54163cec5a02f5ac0820074
 
s390:
libvorbis-1.0-10.el3.s390.rpm     9f912975ad028d6af32129f6d294c52c
libvorbis-devel-1.0-10.el3.s390.rpm     8256633c1b7510768311e8590c30e0f9
 
s390x:
libvorbis-1.0-10.el3.s390.rpm     9f912975ad028d6af32129f6d294c52c
libvorbis-1.0-10.el3.s390x.rpm     7ff56ddaf3a011d6ee3964f3fbb4b346
libvorbis-devel-1.0-10.el3.s390x.rpm     005e5a1ad18b57dfe11af40fb44e25e7
 
x86_64:
libvorbis-1.0-10.el3.i386.rpm     c3f278cc535e5499c8f9d54d2110bef7
libvorbis-1.0-10.el3.x86_64.rpm     57857d4e5f2bff381c538f9c3cf0c1e9
libvorbis-devel-1.0-10.el3.x86_64.rpm     25a8ad62ec1137f3163d2cfeeaa8cdbd
 
Red Hat Enterprise Linux AS (v. 4)
SRPMS:
libvorbis-1.1.0-3.el4_6.1.src.rpm     4ec9713d21f447711704b8ca57a23f85
 
IA-32:
libvorbis-1.1.0-3.el4_6.1.i386.rpm     4e7520585b8ed2a81ba27f40e1327bf4
libvorbis-devel-1.1.0-3.el4_6.1.i386.rpm     45394583ab67b47c6ccbce43730b9b7c
 
IA-64:
libvorbis-1.1.0-3.el4_6.1.i386.rpm     4e7520585b8ed2a81ba27f40e1327bf4
libvorbis-1.1.0-3.el4_6.1.ia64.rpm     64d1491d8a35a87334c05df441cebb51
libvorbis-devel-1.1.0-3.el4_6.1.ia64.rpm     28a1816abce0854255ec8fd78e6d0218
 
PPC:
libvorbis-1.1.0-3.el4_6.1.ppc.rpm     9c839b5e1734e9f81c7c34e783c23433
libvorbis-1.1.0-3.el4_6.1.ppc64.rpm     e81ff78e869d354cc0fc008b7eca8b01
libvorbis-devel-1.1.0-3.el4_6.1.ppc.rpm     c24719967a2c0f15907410a0bbb7ad03
 
s390:
libvorbis-1.1.0-3.el4_6.1.s390.rpm     f5302f2beefee615ca190e55fca5d5ff
libvorbis-devel-1.1.0-3.el4_6.1.s390.rpm     af7bb6fee2935df7867733b66d9baff0
 
s390x:
libvorbis-1.1.0-3.el4_6.1.s390.rpm     f5302f2beefee615ca190e55fca5d5ff
libvorbis-1.1.0-3.el4_6.1.s390x.rpm     6a51d56f961539b9d4a32a3c6068ce19
libvorbis-devel-1.1.0-3.el4_6.1.s390x.rpm     7f79f3f03b3761d18069f2cc4f00b78f
 
x86_64:
libvorbis-1.1.0-3.el4_6.1.i386.rpm     4e7520585b8ed2a81ba27f40e1327bf4
libvorbis-1.1.0-3.el4_6.1.x86_64.rpm     412cde92f0de816f9d062811e03e4af8
libvorbis-devel-1.1.0-3.el4_6.1.x86_64.rpm     8684f07c831784590e6cb2de3cd762d4
 
Red Hat Enterprise Linux Desktop (v. 5 client)
SRPMS:
libvorbis-1.1.2-3.el5_1.2.src.rpm     686ff9bc4cbbc09be1d350567e4514b2
 
IA-32:
libvorbis-1.1.2-3.el5_1.2.i386.rpm     3dc980580ada6f086d2728fe5f4478d1
 
x86_64:
libvorbis-1.1.2-3.el5_1.2.i386.rpm     3dc980580ada6f086d2728fe5f4478d1
libvorbis-1.1.2-3.el5_1.2.x86_64.rpm     892a903e5e970fa1147b3314202a16f9
 
Red Hat Enterprise Linux ES (v. 3)
SRPMS:
libvorbis-1.0-10.el3.src.rpm     487d870492fb60ea1fa624f50b40975b
 
IA-32:
libvorbis-1.0-10.el3.i386.rpm     c3f278cc535e5499c8f9d54d2110bef7
libvorbis-devel-1.0-10.el3.i386.rpm     6de896c294690ea480a65dedde14a7e3
 
IA-64:
libvorbis-1.0-10.el3.i386.rpm     c3f278cc535e5499c8f9d54d2110bef7
libvorbis-1.0-10.el3.ia64.rpm     38f44a7d0af1600b46c8b4e3cc144444
libvorbis-devel-1.0-10.el3.ia64.rpm     70605d1d6b8492bd67295db79b58dc32
 
x86_64:
libvorbis-1.0-10.el3.i386.rpm     c3f278cc535e5499c8f9d54d2110bef7
libvorbis-1.0-10.el3.x86_64.rpm     57857d4e5f2bff381c538f9c3cf0c1e9
libvorbis-devel-1.0-10.el3.x86_64.rpm     25a8ad62ec1137f3163d2cfeeaa8cdbd
 
Red Hat Enterprise Linux ES (v. 4)
SRPMS:
libvorbis-1.1.0-3.el4_6.1.src.rpm     4ec9713d21f447711704b8ca57a23f85
 
IA-32:
libvorbis-1.1.0-3.el4_6.1.i386.rpm     4e7520585b8ed2a81ba27f40e1327bf4
libvorbis-devel-1.1.0-3.el4_6.1.i386.rpm     45394583ab67b47c6ccbce43730b9b7c
 
IA-64:
libvorbis-1.1.0-3.el4_6.1.i386.rpm     4e7520585b8ed2a81ba27f40e1327bf4
libvorbis-1.1.0-3.el4_6.1.ia64.rpm     64d1491d8a35a87334c05df441cebb51
libvorbis-devel-1.1.0-3.el4_6.1.ia64.rpm     28a1816abce0854255ec8fd78e6d0218
 
x86_64:
libvorbis-1.1.0-3.el4_6.1.i386.rpm     4e7520585b8ed2a81ba27f40e1327bf4
libvorbis-1.1.0-3.el4_6.1.x86_64.rpm     412cde92f0de816f9d062811e03e4af8
libvorbis-devel-1.1.0-3.el4_6.1.x86_64.rpm     8684f07c831784590e6cb2de3cd762d4
 
Red Hat Enterprise Linux WS (v. 3)
SRPMS:
libvorbis-1.0-10.el3.src.rpm     487d870492fb60ea1fa624f50b40975b
 
IA-32:
libvorbis-1.0-10.el3.i386.rpm     c3f278cc535e5499c8f9d54d2110bef7
libvorbis-devel-1.0-10.el3.i386.rpm     6de896c294690ea480a65dedde14a7e3
 
IA-64:
libvorbis-1.0-10.el3.i386.rpm     c3f278cc535e5499c8f9d54d2110bef7
libvorbis-1.0-10.el3.ia64.rpm     38f44a7d0af1600b46c8b4e3cc144444
libvorbis-devel-1.0-10.el3.ia64.rpm     70605d1d6b8492bd67295db79b58dc32
 
x86_64:
libvorbis-1.0-10.el3.i386.rpm     c3f278cc535e5499c8f9d54d2110bef7
libvorbis-1.0-10.el3.x86_64.rpm     57857d4e5f2bff381c538f9c3cf0c1e9
libvorbis-devel-1.0-10.el3.x86_64.rpm     25a8ad62ec1137f3163d2cfeeaa8cdbd
 
Red Hat Enterprise Linux WS (v. 4)
SRPMS:
libvorbis-1.1.0-3.el4_6.1.src.rpm     4ec9713d21f447711704b8ca57a23f85
 
IA-32:
libvorbis-1.1.0-3.el4_6.1.i386.rpm     4e7520585b8ed2a81ba27f40e1327bf4
libvorbis-devel-1.1.0-3.el4_6.1.i386.rpm     45394583ab67b47c6ccbce43730b9b7c
 
IA-64:
libvorbis-1.1.0-3.el4_6.1.i386.rpm     4e7520585b8ed2a81ba27f40e1327bf4
libvorbis-1.1.0-3.el4_6.1.ia64.rpm     64d1491d8a35a87334c05df441cebb51
libvorbis-devel-1.1.0-3.el4_6.1.ia64.rpm     28a1816abce0854255ec8fd78e6d0218
 
x86_64:
libvorbis-1.1.0-3.el4_6.1.i386.rpm     4e7520585b8ed2a81ba27f40e1327bf4
libvorbis-1.1.0-3.el4_6.1.x86_64.rpm     412cde92f0de816f9d062811e03e4af8
libvorbis-devel-1.1.0-3.el4_6.1.x86_64.rpm     8684f07c831784590e6cb2de3cd762d4
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

440700 - CVE-2008-1419 vorbis: zero-dim codebooks can cause crash, infinite loop or heap overflow
440706 - CVE-2008-1420 vorbis: integer overflow in partvals computation
440709 - CVE-2008-1423 vorbis: integer oveflow caused by huge codebooks


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1419
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1420
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1423
http://www.redhat.com/security/updates/classification/#important

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/


[***** End Red Hat  RHSA-2008:0270-5 *****]
CIAC wishes to acknowledge the contributions of Red Hat for the information contained in this bulletin.
DOE-CIRC can be contacted at: 
    Voice:          +1 866-941-2472 (7 x 24)
    E-mail:          doecirc@doecirc.energy.gov
    World Wide Web:  http://www.doecirc.energy.gov/