libvorbis security update

2012-02-1509:08:27

CentOS Project

lists.centos.org

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.885 High

EPSS

Percentile

98.7%

JSON

CentOS Errata and Security Advisory CESA-2012:0136

The libvorbis packages contain runtime libraries for use in programs that
support Ogg Vorbis. Ogg Vorbis is a fully open, non-proprietary, patent-and
royalty-free, general-purpose compressed audio format.

A heap-based buffer overflow flaw was found in the way the libvorbis
library parsed Ogg Vorbis media files. If a specially-crafted Ogg Vorbis
media file was opened by an application using libvorbis, it could cause the
application to crash or, possibly, execute arbitrary code with the
privileges of the user running the application. (CVE-2012-0444)

Users of libvorbis should upgrade to these updated packages, which contain
a backported patch to correct this issue. The desktop must be restarted
(log out, then log back in) for this update to take effect.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2012-February/080596.html
https://lists.centos.org/pipermail/centos-announce/2012-February/080597.html
https://lists.centos.org/pipermail/centos-announce/2012-February/080598.html

Affected packages:
libvorbis
libvorbis-devel
libvorbis-devel-docs

Upstream details at:
https://access.redhat.com/errata/RHSA-2012:0136

OSVersionArchitecturePackageVersionFilename
CentOS5i386libvorbis< 1.1.2-3.el5_7.6libvorbis-1.1.2-3.el5_7.6.i386.rpm
CentOS5i386libvorbis-devel< 1.1.2-3.el5_7.6libvorbis-devel-1.1.2-3.el5_7.6.i386.rpm
CentOS5i386libvorbis< 1.1.2-3.el5_7.6libvorbis-1.1.2-3.el5_7.6.i386.rpm
CentOS5x86_64libvorbis< 1.1.2-3.el5_7.6libvorbis-1.1.2-3.el5_7.6.x86_64.rpm
CentOS5i386libvorbis-devel< 1.1.2-3.el5_7.6libvorbis-devel-1.1.2-3.el5_7.6.i386.rpm
CentOS5x86_64libvorbis-devel< 1.1.2-3.el5_7.6libvorbis-devel-1.1.2-3.el5_7.6.x86_64.rpm
CentOS4i386libvorbis< 1.1.0-4.el4.5libvorbis-1.1.0-4.el4.5.i386.rpm
CentOS4i386libvorbis-devel< 1.1.0-4.el4.5libvorbis-devel-1.1.0-4.el4.5.i386.rpm
CentOS4i386libvorbis< 1.1.0-4.el4.5libvorbis-1.1.0-4.el4.5.i386.rpm
CentOS4x86_64libvorbis< 1.1.0-4.el4.5libvorbis-1.1.0-4.el4.5.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
CentOS	5	i386	libvorbis	< 1.1.2-3.el5_7.6	libvorbis-1.1.2-3.el5_7.6.i386.rpm
CentOS	5	i386	libvorbis-devel	< 1.1.2-3.el5_7.6	libvorbis-devel-1.1.2-3.el5_7.6.i386.rpm
CentOS	5	i386	libvorbis	< 1.1.2-3.el5_7.6	libvorbis-1.1.2-3.el5_7.6.i386.rpm
CentOS	5	x86_64	libvorbis	< 1.1.2-3.el5_7.6	libvorbis-1.1.2-3.el5_7.6.x86_64.rpm
CentOS	5	i386	libvorbis-devel	< 1.1.2-3.el5_7.6	libvorbis-devel-1.1.2-3.el5_7.6.i386.rpm
CentOS	5	x86_64	libvorbis-devel	< 1.1.2-3.el5_7.6	libvorbis-devel-1.1.2-3.el5_7.6.x86_64.rpm
CentOS	4	i386	libvorbis	< 1.1.0-4.el4.5	libvorbis-1.1.0-4.el4.5.i386.rpm
CentOS	4	i386	libvorbis-devel	< 1.1.0-4.el4.5	libvorbis-devel-1.1.0-4.el4.5.i386.rpm
CentOS	4	i386	libvorbis	< 1.1.0-4.el4.5	libvorbis-1.1.0-4.el4.5.i386.rpm
CentOS	4	x86_64	libvorbis	< 1.1.0-4.el4.5	libvorbis-1.1.0-4.el4.5.x86_64.rpm