ID CVE-2007-3106 Type cve Reporter cve@mitre.org Modified 2018-10-16T16:47:00
Description
lib/info.c in libvorbis 1.1.2, and possibly other versions before 1.2.0, allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via invalid (1) blocksize_0 and (2) blocksize_1 values, which trigger a "heap overwrite" in the _01inverse function in res0.c. NOTE: this issue has been RECAST so that CVE-2007-4029 handles additional vectors.
{"openvas": [{"lastseen": "2017-07-26T08:55:53", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3106"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n libvorbis-devel\n libvorbis\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5020539 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-10-10T00:00:00", "id": "OPENVAS:65361", "href": "http://plugins.openvas.org/nasl.php?oid=65361", "type": "openvas", "title": "SLES9: Security update for libvorbis", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5020539.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for libvorbis\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n libvorbis-devel\n libvorbis\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5020539 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65361);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2007-3106\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"SLES9: Security update for libvorbis\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libvorbis-devel\", rpm:\"libvorbis-devel~1.0.1~56.4\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:39:16", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3106"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n libvorbis-devel\n libvorbis\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5020539 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-10-10T00:00:00", "id": "OPENVAS:136141256231065361", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065361", "type": "openvas", "title": "SLES9: Security update for libvorbis", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5020539.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for libvorbis\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n libvorbis-devel\n libvorbis\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5020539 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65361\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2007-3106\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"SLES9: Security update for libvorbis\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libvorbis-devel\", rpm:\"libvorbis-devel~1.0.1~56.4\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:10:18", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3106"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2016-09-21T00:00:00", "published": "2008-09-04T00:00:00", "id": "OPENVAS:58824", "href": "http://plugins.openvas.org/nasl.php?oid=58824", "type": "openvas", "title": "FreeBSD Ports: libvorbis", "sourceData": "#\n#VID b73335a5-3bbe-11dc-8e83-0016179b2dd5\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: libvorbis\n\n=====\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://www.isecpartners.com/advisories/2007-003-libvorbis.txt\nhttp://www.vuxml.org/freebsd/b73335a5-3bbe-11dc-8e83-0016179b2dd5.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(58824);\n script_version(\"$Revision: 4125 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-21 07:39:51 +0200 (Wed, 21 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2007-3106\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"FreeBSD Ports: libvorbis\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"libvorbis\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.2.0,3\")<0) {\n txt += 'Package libvorbis version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:56:53", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3106"], "description": "Check for the Version of libvorbis", "modified": "2017-07-10T00:00:00", "published": "2009-02-27T00:00:00", "id": "OPENVAS:861124", "href": "http://plugins.openvas.org/nasl.php?oid=861124", "type": "openvas", "title": "Fedora Update for libvorbis FEDORA-2007-677", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libvorbis FEDORA-2007-677\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Ogg Vorbis is a fully open, non-proprietary, patent-and royalty-free,\n general-purpose compressed audio format for audio and music at fixed\n and variable bitrates from 16 to 128 kbps/channel.\n\n The libvorbis package contains runtime libraries for use in programs\n that support Ogg Voribs.\";\n\ntag_affected = \"libvorbis on Fedora Core 6\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2007-August/msg00495.html\");\n script_id(861124);\n script_version(\"$Revision: 6622 $\");\n script_cve_id(\"CVE-2007-3106\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 07:52:50 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 16:31:39 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2007-677\");\n script_name( \"Fedora Update for libvorbis FEDORA-2007-677\");\n\n script_summary(\"Check for the Version of libvorbis\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora_core\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC6\")\n{\n\n if ((res = isrpmvuln(pkg:\"libvorbis\", rpm:\"libvorbis~1.1.2~2.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/libvorbis-devel\", rpm:\"x86_64/libvorbis-devel~1.1.2~2.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/debug/libvorbis-debuginfo\", rpm:\"x86_64/debug/libvorbis-debuginfo~1.1.2~2.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/libvorbis\", rpm:\"x86_64/libvorbis~1.1.2~2.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/libvorbis-devel\", rpm:\"i386/libvorbis-devel~1.1.2~2.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/debug/libvorbis-debuginfo\", rpm:\"i386/debug/libvorbis-debuginfo~1.1.2~2.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/libvorbis\", rpm:\"i386/libvorbis~1.1.2~2.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-04T11:29:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3106", "CVE-2007-4029"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-498-1", "modified": "2017-12-01T00:00:00", "published": "2009-03-23T00:00:00", "id": "OPENVAS:840176", "href": "http://plugins.openvas.org/nasl.php?oid=840176", "type": "openvas", "title": "Ubuntu Update for libvorbis vulnerabilities USN-498-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_498_1.nasl 7969 2017-12-01 09:23:16Z santu $\n#\n# Ubuntu Update for libvorbis vulnerabilities USN-498-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"David Thiel discovered that libvorbis did not correctly verify the size\n of certain headers, and did not correctly clean up a broken stream.\n If a user were tricked into processing a specially crafted Vorbis stream,\n a remote attacker could execute arbitrary code with the user's privileges.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-498-1\";\ntag_affected = \"libvorbis vulnerabilities on Ubuntu 6.06 LTS ,\n Ubuntu 6.10 ,\n Ubuntu 7.04\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-498-1/\");\n script_id(840176);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-23 10:55:18 +0100 (Mon, 23 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"USN\", value: \"498-1\");\n script_cve_id(\"CVE-2007-3106\", \"CVE-2007-4029\");\n script_name( \"Ubuntu Update for libvorbis vulnerabilities USN-498-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU7.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libvorbis-dev\", ver:\"1.1.2.dfsg-1.2ubuntu2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libvorbis0a\", ver:\"1.1.2.dfsg-1.2ubuntu2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libvorbisenc2\", ver:\"1.1.2.dfsg-1.2ubuntu2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libvorbisfile3\", ver:\"1.1.2.dfsg-1.2ubuntu2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU6.06 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libvorbis-dev\", ver:\"1.1.2-0ubuntu2.2\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libvorbis0a\", ver:\"1.1.2-0ubuntu2.2\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libvorbisenc2\", ver:\"1.1.2-0ubuntu2.2\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libvorbisfile3\", ver:\"1.1.2-0ubuntu2.2\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU6.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libvorbis-dev\", ver:\"1.1.2-1ubuntu1.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libvorbis0a\", ver:\"1.1.2-1ubuntu1.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libvorbisenc2\", ver:\"1.1.2-1ubuntu1.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libvorbisfile3\", ver:\"1.1.2-1ubuntu1.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:56:20", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3106", "CVE-2007-4029"], "description": "Check for the Version of libvorbis", "modified": "2017-07-06T00:00:00", "published": "2009-04-09T00:00:00", "id": "OPENVAS:830314", "href": "http://plugins.openvas.org/nasl.php?oid=830314", "type": "openvas", "title": "Mandriva Update for libvorbis MDKSA-2007:167 (libvorbis)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for libvorbis MDKSA-2007:167 (libvorbis)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"libvorbis on Mandriva Linux 2007.0,\n Mandriva Linux 2007.0/X86_64,\n Mandriva Linux 2007.1,\n Mandriva Linux 2007.1/X86_64\";\ntag_insight = \"David Thiel discovered that libvorbis did not correctly verify the size\n of certain headers, and did not correctly clean up a broken stream.\n If a user were tricked into processing a specially crafted Vorbis\n stream, a remote attacker could possibly cause a denial of service\n or execute arbitrary code with the user's privileges.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2007-08/msg00011.php\");\n script_id(830314);\n script_version(\"$Revision: 6568 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:04:21 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 13:57:01 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"MDKSA\", value: \"2007:167\");\n script_cve_id(\"CVE-2007-3106\", \"CVE-2007-4029\");\n script_name( \"Mandriva Update for libvorbis MDKSA-2007:167 (libvorbis)\");\n\n script_summary(\"Check for the Version of libvorbis\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libvorbis0\", rpm:\"libvorbis0~1.1.2~1.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libvorbis0-devel\", rpm:\"libvorbis0-devel~1.1.2~1.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libvorbisenc2\", rpm:\"libvorbisenc2~1.1.2~1.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libvorbisfile3\", rpm:\"libvorbisfile3~1.1.2~1.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libvorbis\", rpm:\"libvorbis~1.1.2~1.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64vorbis0\", rpm:\"lib64vorbis0~1.1.2~1.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64vorbis0-devel\", rpm:\"lib64vorbis0-devel~1.1.2~1.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64vorbisenc2\", rpm:\"lib64vorbisenc2~1.1.2~1.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64vorbisfile3\", rpm:\"lib64vorbisfile3~1.1.2~1.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2007.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libvorbis0\", rpm:\"libvorbis0~1.1.2~1.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libvorbis0-devel\", rpm:\"libvorbis0-devel~1.1.2~1.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libvorbisenc2\", rpm:\"libvorbisenc2~1.1.2~1.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libvorbisfile3\", rpm:\"libvorbisfile3~1.1.2~1.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libvorbis\", rpm:\"libvorbis~1.1.2~1.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64vorbis0\", rpm:\"lib64vorbis0~1.1.2~1.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64vorbis0-devel\", rpm:\"lib64vorbis0-devel~1.1.2~1.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64vorbisenc2\", rpm:\"lib64vorbisenc2~1.1.2~1.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64vorbisfile3\", rpm:\"lib64vorbisfile3~1.1.2~1.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-09T11:39:19", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3106", "CVE-2007-4029"], "description": "Check for the Version of libvorbis", "modified": "2018-04-06T00:00:00", "published": "2009-04-09T00:00:00", "id": "OPENVAS:1361412562310830314", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830314", "type": "openvas", "title": "Mandriva Update for libvorbis MDKSA-2007:167 (libvorbis)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for libvorbis MDKSA-2007:167 (libvorbis)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"libvorbis on Mandriva Linux 2007.0,\n Mandriva Linux 2007.0/X86_64,\n Mandriva Linux 2007.1,\n Mandriva Linux 2007.1/X86_64\";\ntag_insight = \"David Thiel discovered that libvorbis did not correctly verify the size\n of certain headers, and did not correctly clean up a broken stream.\n If a user were tricked into processing a specially crafted Vorbis\n stream, a remote attacker could possibly cause a denial of service\n or execute arbitrary code with the user's privileges.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2007-08/msg00011.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830314\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 13:57:01 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"MDKSA\", value: \"2007:167\");\n script_cve_id(\"CVE-2007-3106\", \"CVE-2007-4029\");\n script_name( \"Mandriva Update for libvorbis MDKSA-2007:167 (libvorbis)\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of libvorbis\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libvorbis0\", rpm:\"libvorbis0~1.1.2~1.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libvorbis0-devel\", rpm:\"libvorbis0-devel~1.1.2~1.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libvorbisenc2\", rpm:\"libvorbisenc2~1.1.2~1.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libvorbisfile3\", rpm:\"libvorbisfile3~1.1.2~1.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libvorbis\", rpm:\"libvorbis~1.1.2~1.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64vorbis0\", rpm:\"lib64vorbis0~1.1.2~1.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64vorbis0-devel\", rpm:\"lib64vorbis0-devel~1.1.2~1.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64vorbisenc2\", rpm:\"lib64vorbisenc2~1.1.2~1.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64vorbisfile3\", rpm:\"lib64vorbisfile3~1.1.2~1.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2007.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libvorbis0\", rpm:\"libvorbis0~1.1.2~1.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libvorbis0-devel\", rpm:\"libvorbis0-devel~1.1.2~1.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libvorbisenc2\", rpm:\"libvorbisenc2~1.1.2~1.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libvorbisfile3\", rpm:\"libvorbisfile3~1.1.2~1.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libvorbis\", rpm:\"libvorbis~1.1.2~1.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64vorbis0\", rpm:\"lib64vorbis0~1.1.2~1.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64vorbis0-devel\", rpm:\"lib64vorbis0-devel~1.1.2~1.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64vorbisenc2\", rpm:\"lib64vorbisenc2~1.1.2~1.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64vorbisfile3\", rpm:\"lib64vorbisfile3~1.1.2~1.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:49:54", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-4066", "CVE-2007-3106", "CVE-2007-4029"], "description": "The remote host is missing an update to libvorbis\nannounced via advisory DSA 1471-1.", "modified": "2017-07-07T00:00:00", "published": "2008-01-31T00:00:00", "id": "OPENVAS:60215", "href": "http://plugins.openvas.org/nasl.php?oid=60215", "type": "openvas", "title": "Debian Security Advisory DSA 1471-1 (libvorbis)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1471_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1471-1 (libvorbis)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities were found in the the Vorbis General Audio\nCompression Codec, which may lead to denial of service or the\nexecution of arbitrary code, if a user is tricked into opening to\na malformed Ogg Audio file with an application linked against\nlibvorbis.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.2.0.dfsg-1.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 1.1.2.dfsg-1.3.\n\nFor the old stable distribution (sarge), these problems have been fixed\nin version 1.1.0-2.\n\nWe recommend that you upgrade your libvorbis packages.\";\ntag_summary = \"The remote host is missing an update to libvorbis\nannounced via advisory DSA 1471-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201471-1\";\n\n\nif(description)\n{\n script_id(60215);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-31 16:11:48 +0100 (Thu, 31 Jan 2008)\");\n script_cve_id(\"CVE-2007-3106\", \"CVE-2007-4029\", \"CVE-2007-4066\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 1471-1 (libvorbis)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libvorbis-dev\", ver:\"1.1.0-2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libvorbisenc2\", ver:\"1.1.0-2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libvorbis0a\", ver:\"1.1.0-2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libvorbisfile3\", ver:\"1.1.0-2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libvorbisfile3\", ver:\"1.1.2.dfsg-1.3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libvorbis0a\", ver:\"1.1.2.dfsg-1.3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libvorbisenc2\", ver:\"1.1.2.dfsg-1.3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libvorbis-dev\", ver:\"1.1.2.dfsg-1.3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:37:02", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-4066", "CVE-2007-3106", "CVE-2007-4029", "CVE-2007-4065"], "description": "Oracle Linux Local Security Checks ELSA-2007-0845", "modified": "2018-09-28T00:00:00", "published": "2015-10-08T00:00:00", "id": "OPENVAS:1361412562310122662", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122662", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2007-0845", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2007-0845.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122662\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-08 14:50:31 +0300 (Thu, 08 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2007-0845\");\n script_tag(name:\"insight\", value:\"ELSA-2007-0845 - Important:libvorbis security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2007-0845\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2007-0845.html\");\n script_cve_id(\"CVE-2007-3106\", \"CVE-2007-4029\", \"CVE-2007-4065\", \"CVE-2007-4066\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"libvorbis\", rpm:\"libvorbis~1.1.2~3.el5.0\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libvorbis-devel\", rpm:\"libvorbis-devel~1.1.2~3.el5.0\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-25T10:57:13", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-4066", "CVE-2007-3106", "CVE-2007-4029", "CVE-2007-4065"], "description": "Check for the Version of libvorbis", "modified": "2017-07-10T00:00:00", "published": "2009-02-27T00:00:00", "id": "OPENVAS:861422", "href": "http://plugins.openvas.org/nasl.php?oid=861422", "type": "openvas", "title": "Fedora Update for libvorbis FEDORA-2007-1765", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libvorbis FEDORA-2007-1765\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Ogg Vorbis is a fully open, non-proprietary, patent-and royalty-free,\n general-purpose compressed audio format for audio and music at fixed\n and variable bitrates from 16 to 128 kbps/channel.\n\n The libvorbis package contains runtime libraries for use in programs\n that support Ogg Voribs.\";\n\ntag_affected = \"libvorbis on Fedora 7\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2007-August/msg00343.html\");\n script_id(861422);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 15:48:41 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2007-1765\");\n script_cve_id(\"CVE-2007-3106\", \"CVE-2007-4065\", \"CVE-2007-4066\", \"CVE-2007-4029\");\n script_name( \"Fedora Update for libvorbis FEDORA-2007-1765\");\n\n script_summary(\"Check for the Version of libvorbis\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC7\")\n{\n\n if ((res = isrpmvuln(pkg:\"libvorbis\", rpm:\"libvorbis~1.1.2~3.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libvorbis-debuginfo\", rpm:\"libvorbis-debuginfo~1.1.2~3.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libvorbis-devel\", rpm:\"libvorbis-devel~1.1.2~3.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libvorbis\", rpm:\"libvorbis~1.1.2~3.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libvorbis-debuginfo\", rpm:\"libvorbis-debuginfo~1.1.2~3.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libvorbis\", rpm:\"libvorbis~1.1.2~3.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libvorbis-devel\", rpm:\"libvorbis-devel~1.1.2~3.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:34", "bulletinFamily": "software", "cvelist": ["CVE-2007-3106"], "description": "## Solution Description\nUpgrade to version 1.2.0 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\nVendor Specific News/Changelog Entry: https://bugzilla.redhat.com/show_bug.cgi?id=245991\nVendor Specific News/Changelog Entry: https://trac.xiph.org/changeset/13160\nVendor Specific News/Changelog Entry: http://www.tellini.org/blog/archives/32-Music-Box-1.6.html\nVendor Specific News/Changelog Entry: https://bugzilla.redhat.com/show_bug.cgi?id=249780\n[Secunia Advisory ID:26087](https://secuniaresearch.flexerasoftware.com/advisories/26087/)\n[Secunia Advisory ID:26865](https://secuniaresearch.flexerasoftware.com/advisories/26865/)\n[Secunia Advisory ID:27099](https://secuniaresearch.flexerasoftware.com/advisories/27099/)\n[Secunia Advisory ID:27170](https://secuniaresearch.flexerasoftware.com/advisories/27170/)\n[Secunia Advisory ID:26299](https://secuniaresearch.flexerasoftware.com/advisories/26299/)\n[Secunia Advisory ID:26232](https://secuniaresearch.flexerasoftware.com/advisories/26232/)\n[Secunia Advisory ID:26535](https://secuniaresearch.flexerasoftware.com/advisories/26535/)\n[Secunia Advisory ID:24923](https://secuniaresearch.flexerasoftware.com/advisories/24923/)\n[Secunia Advisory ID:27439](https://secuniaresearch.flexerasoftware.com/advisories/27439/)\n[Related OSVDB ID: 38677](https://vulners.com/osvdb/OSVDB:38677)\n[Related OSVDB ID: 38676](https://vulners.com/osvdb/OSVDB:38676)\n[Related OSVDB ID: 38675](https://vulners.com/osvdb/OSVDB:38675)\nRedHat RHSA: RHSA-2007:0845\nRedHat RHSA: RHSA-2007:0912\nOther Advisory URL: http://archives.mandrivalinux.com/security-announce/2007-08/msg00011.php\nOther Advisory URL: https://issues.rpath.com/browse/RPL-1590\nOther Advisory URL: http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00009.html\nOther Advisory URL: http://www.isecpartners.com/advisories/2007-003-libvorbis.txt\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200710-03.xml\nOther Advisory URL: http://www.mandriva.com/security/advisories?name=MDKSA-2007:167-1\nOther Advisory URL: http://lists.rpath.com/pipermail/security-announce/2007-July/000218.html\nOther Advisory URL: http://www.tellini.org/blog/archives/32-Music-Box-1.6.html\nOther Advisory URL: http://security.gentoo.org/glsa/glsa-200710-03.xml\nOther Advisory URL: http://www.ubuntu.com/usn/usn-498-1\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-07/0311.html\nISS X-Force ID: 35622\nFrSIRT Advisory: ADV-2007-2698\nFrSIRT Advisory: ADV-2007-2760\n[CVE-2007-3106](https://vulners.com/cve/CVE-2007-3106)\nBugtraq ID: 25082\n", "edition": 1, "modified": "2007-07-25T17:19:46", "published": "2007-07-25T17:19:46", "href": "https://vulners.com/osvdb/OSVDB:38679", "id": "OSVDB:38679", "title": "libvorbis lib/info.c Invalid Blocksize Handling Arbitrary Code Execution", "type": "osvdb", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "freebsd": [{"lastseen": "2019-05-29T18:34:34", "bulletinFamily": "unix", "cvelist": ["CVE-2007-3106"], "description": "\nisecpartners reports:\n\nlibvorbis contains several vulnerabilities\n\t allowing heap overwrite, read violations and a function\n\t pointer overwrite. These bugs cause a at least a denial\n\t of service, and potentially code execution.\n\n", "edition": 4, "modified": "2007-06-05T00:00:00", "published": "2007-06-05T00:00:00", "id": "B73335A5-3BBE-11DC-8E83-0016179B2DD5", "href": "https://vuxml.freebsd.org/freebsd/b73335a5-3bbe-11dc-8e83-0016179b2dd5.html", "title": "libvorbis -- Multiple memory corruption flaws", "type": "freebsd", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-17T14:46:31", "description": "An array boundary problem within libvorbis was fixed. CVE-2007-3106\nhas been assigned to this issue.", "edition": 24, "published": "2007-10-17T00:00:00", "title": "openSUSE 10 Security Update : libvorbis (libvorbis-3850)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3106"], "modified": "2007-10-17T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libvorbis-32bit", "cpe:/o:novell:opensuse:10.2", "cpe:/o:novell:opensuse:10.1", "p-cpe:/a:novell:opensuse:libvorbis-devel", "p-cpe:/a:novell:opensuse:libvorbis"], "id": "SUSE_LIBVORBIS-3850.NASL", "href": "https://www.tenable.com/plugins/nessus/27335", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update libvorbis-3850.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(27335);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-3106\");\n\n script_name(english:\"openSUSE 10 Security Update : libvorbis (libvorbis-3850)\");\n script_summary(english:\"Check for the libvorbis-3850 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An array boundary problem within libvorbis was fixed. CVE-2007-3106\nhas been assigned to this issue.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libvorbis packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvorbis\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvorbis-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvorbis-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/07/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/10/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1|SUSE10\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1 / 10.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"libvorbis-1.1.2-13.6\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"libvorbis-devel-1.1.2-13.6\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", cpu:\"x86_64\", reference:\"libvorbis-32bit-1.1.2-13.6\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"libvorbis-1.1.2-33\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"libvorbis-devel-1.1.2-33\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", cpu:\"x86_64\", reference:\"libvorbis-32bit-1.1.2-33\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvorbis\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T10:49:19", "description": "isecpartners reports :\n\nlibvorbis contains several vulnerabilities allowing heap overwrite,\nread violations and a function pointer overwrite. These bugs cause a\nat least a denial of service, and potentially code execution.", "edition": 25, "published": "2007-07-27T00:00:00", "title": "FreeBSD : libvorbis -- Multiple memory corruption flaws (b73335a5-3bbe-11dc-8e83-0016179b2dd5)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3106"], "modified": "2007-07-27T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:libvorbis"], "id": "FREEBSD_PKG_B73335A53BBE11DC8E830016179B2DD5.NASL", "href": "https://www.tenable.com/plugins/nessus/25786", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(25786);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2007-3106\");\n\n script_name(english:\"FreeBSD : libvorbis -- Multiple memory corruption flaws (b73335a5-3bbe-11dc-8e83-0016179b2dd5)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"isecpartners reports :\n\nlibvorbis contains several vulnerabilities allowing heap overwrite,\nread violations and a function pointer overwrite. These bugs cause a\nat least a denial of service, and potentially code execution.\"\n );\n # http://www.isecpartners.com/advisories/2007-003-libvorbis.txt\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.nccgroup.trust/advisories/2007-003-libvorbis.txt\"\n );\n # https://vuxml.freebsd.org/freebsd/b73335a5-3bbe-11dc-8e83-0016179b2dd5.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f72c37fc\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:libvorbis\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/06/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/07/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/07/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"libvorbis<1.2.0,3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T14:46:31", "description": "An array boundary problem within libvorbis was fixed. CVE-2007-3106\nhas been assigned to this issue.", "edition": 23, "published": "2007-12-13T00:00:00", "title": "SuSE 10 Security Update : libvorbis (ZYPP Patch Number 3849)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3106"], "modified": "2007-12-13T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_LIBVORBIS-3849.NASL", "href": "https://www.tenable.com/plugins/nessus/29513", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(29513);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-3106\");\n\n script_name(english:\"SuSE 10 Security Update : libvorbis (ZYPP Patch Number 3849)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An array boundary problem within libvorbis was fixed. CVE-2007-3106\nhas been assigned to this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-3106.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 3849.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/07/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"libvorbis-1.1.2-13.6\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"libvorbis-devel-1.1.2-13.6\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, cpu:\"x86_64\", reference:\"libvorbis-32bit-1.1.2-13.6\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"libvorbis-1.1.2-13.6\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"libvorbis-devel-1.1.2-13.6\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, cpu:\"x86_64\", reference:\"libvorbis-32bit-1.1.2-13.6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T11:51:45", "description": "David Thiel discovered that libvorbis did not correctly verify the\nsize of certain headers, and did not correctly clean up a broken\nstream. If a user were tricked into processing a specially crafted\nVorbis stream, a remote attacker could possibly cause a denial of\nservice or execute arbitrary code with the user's privileges.\n\nUpdate :\n\nDue to a packaging problem, the libvorbis development package was not\nable to be upgraded on Mandriva Linux 2007.1 This has been corrected\nwith this new update.", "edition": 25, "published": "2009-04-23T00:00:00", "title": "Mandrake Linux Security Advisory : libvorbis (MDKSA-2007:167-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3106", "CVE-2007-4029"], "modified": "2009-04-23T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:lib64vorbisfile3", "p-cpe:/a:mandriva:linux:lib64vorbisenc2", "p-cpe:/a:mandriva:linux:lib64vorbis0-devel", "cpe:/o:mandriva:linux:2007.1", "p-cpe:/a:mandriva:linux:lib64vorbis0", "p-cpe:/a:mandriva:linux:libvorbis0", "p-cpe:/a:mandriva:linux:libvorbisfile3", "p-cpe:/a:mandriva:linux:libvorbisenc2", "p-cpe:/a:mandriva:linux:libvorbis0-devel"], "id": "MANDRAKE_MDKSA-2007-167.NASL", "href": "https://www.tenable.com/plugins/nessus/37080", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2007:167. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(37080);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2007-3106\", \"CVE-2007-4029\");\n script_bugtraq_id(25082);\n script_xref(name:\"MDKSA\", value:\"2007:167-1\");\n\n script_name(english:\"Mandrake Linux Security Advisory : libvorbis (MDKSA-2007:167-1)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"David Thiel discovered that libvorbis did not correctly verify the\nsize of certain headers, and did not correctly clean up a broken\nstream. If a user were tricked into processing a specially crafted\nVorbis stream, a remote attacker could possibly cause a denial of\nservice or execute arbitrary code with the user's privileges.\n\nUpdate :\n\nDue to a packaging problem, the libvorbis development package was not\nable to be upgraded on Mandriva Linux 2007.1 This has been corrected\nwith this new update.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64vorbis0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64vorbis0-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64vorbisenc2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64vorbisfile3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libvorbis0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libvorbis0-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libvorbisenc2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libvorbisfile3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2007.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/08/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64vorbis0-1.1.2-1.2mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64vorbis0-devel-1.1.2-1.2mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64vorbisenc2-1.1.2-1.2mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64vorbisfile3-1.1.2-1.2mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libvorbis0-1.1.2-1.2mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libvorbis0-devel-1.1.2-1.2mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libvorbisenc2-1.1.2-1.2mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libvorbisfile3-1.1.2-1.2mdv2007.1\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T15:44:01", "description": "David Thiel discovered that libvorbis did not correctly verify the\nsize of certain headers, and did not correctly clean up a broken\nstream. If a user were tricked into processing a specially crafted\nVorbis stream, a remote attacker could execute arbitrary code with the\nuser's privileges.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 26, "published": "2007-11-10T00:00:00", "title": "Ubuntu 6.06 LTS / 6.10 / 7.04 : libvorbis vulnerabilities (USN-498-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3106", "CVE-2007-4029"], "modified": "2007-11-10T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:6.10", "p-cpe:/a:canonical:ubuntu_linux:libvorbis0a", "p-cpe:/a:canonical:ubuntu_linux:libvorbisenc2", "p-cpe:/a:canonical:ubuntu_linux:libvorbisfile3", "p-cpe:/a:canonical:ubuntu_linux:libvorbis-dev", "cpe:/o:canonical:ubuntu_linux:7.04", "cpe:/o:canonical:ubuntu_linux:6.06:-:lts"], "id": "UBUNTU_USN-498-1.NASL", "href": "https://www.tenable.com/plugins/nessus/28101", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-498-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(28101);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2007-3106\", \"CVE-2007-4029\");\n script_bugtraq_id(25082);\n script_xref(name:\"USN\", value:\"498-1\");\n\n script_name(english:\"Ubuntu 6.06 LTS / 6.10 / 7.04 : libvorbis vulnerabilities (USN-498-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"David Thiel discovered that libvorbis did not correctly verify the\nsize of certain headers, and did not correctly clean up a broken\nstream. If a user were tricked into processing a specially crafted\nVorbis stream, a remote attacker could execute arbitrary code with the\nuser's privileges.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/498-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libvorbis-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libvorbis0a\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libvorbisenc2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libvorbisfile3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:7.04\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/08/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(6\\.06|6\\.10|7\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.06 / 6.10 / 7.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libvorbis-dev\", pkgver:\"1.1.2-0ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libvorbis0a\", pkgver:\"1.1.2-0ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libvorbisenc2\", pkgver:\"1.1.2-0ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libvorbisfile3\", pkgver:\"1.1.2-0ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libvorbis-dev\", pkgver:\"1.1.2-1ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libvorbis0a\", pkgver:\"1.1.2-1ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libvorbisenc2\", pkgver:\"1.1.2-1ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libvorbisfile3\", pkgver:\"1.1.2-1ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"libvorbis-dev\", pkgver:\"1.1.2.dfsg-1.2ubuntu2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"libvorbis0a\", pkgver:\"1.1.2.dfsg-1.2ubuntu2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"libvorbisenc2\", pkgver:\"1.1.2.dfsg-1.2ubuntu2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"libvorbisfile3\", pkgver:\"1.1.2.dfsg-1.2ubuntu2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvorbis-dev / libvorbis0a / libvorbisenc2 / libvorbisfile3\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-06T09:44:55", "description": "Several vulnerabilities were found in the Vorbis General Audio\nCompression Codec, which may lead to denial of service or the\nexecution of arbitrary code, if a user is tricked into opening a\nmalformed Ogg Audio file with an application linked against libvorbis.", "edition": 27, "published": "2008-01-27T00:00:00", "title": "Debian DSA-1471-1 : libvorbis - several vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-4066", "CVE-2007-3106", "CVE-2007-4029"], "modified": "2008-01-27T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:4.0", "cpe:/o:debian:debian_linux:3.1", "p-cpe:/a:debian:debian_linux:libvorbis"], "id": "DEBIAN_DSA-1471.NASL", "href": "https://www.tenable.com/plugins/nessus/30063", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1471. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(30063);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2007-3106\", \"CVE-2007-4029\", \"CVE-2007-4066\");\n script_xref(name:\"DSA\", value:\"1471\");\n\n script_name(english:\"Debian DSA-1471-1 : libvorbis - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were found in the Vorbis General Audio\nCompression Codec, which may lead to denial of service or the\nexecution of arbitrary code, if a user is tricked into opening a\nmalformed Ogg Audio file with an application linked against libvorbis.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2008/dsa-1471\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the libvorbis packages.\n\nFor the old stable distribution (sarge), these problems have been\nfixed in version 1.1.0-2.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 1.1.2.dfsg-1.3.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cwe_id(119, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libvorbis\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/01/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/01/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.1\", prefix:\"libvorbis-dev\", reference:\"1.1.0-2\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libvorbis0a\", reference:\"1.1.0-2\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libvorbisenc2\", reference:\"1.1.0-2\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libvorbisfile3\", reference:\"1.1.0-2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libvorbis-dev\", reference:\"1.1.2.dfsg-1.3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libvorbis0a\", reference:\"1.1.2.dfsg-1.3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libvorbisenc2\", reference:\"1.1.2.dfsg-1.3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libvorbisfile3\", reference:\"1.1.2.dfsg-1.3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T12:44:02", "description": "From Red Hat Security Advisory 2007:0845 :\n\nUpdated libvorbis packages to correct several security issues are now\navailable for Red Hat Enterprise Linux 3, 4, and 5.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe libvorbis package contains runtime libraries for use in programs\nthat support Ogg Voribs. Ogg Vorbis is a fully open, non-proprietary,\npatent-and royalty-free, general-purpose compressed audio format.\n\nSeveral flaws were found in the way libvorbis processed audio data. An\nattacker could create a carefully crafted OGG audio file in such a way\nthat it could cause an application linked with libvorbis to crash or\nexecute arbitrary code when it was opened. (CVE-2007-3106,\nCVE-2007-4029, CVE-2007-4065, CVE-2007-4066)\n\nUsers of libvorbis are advised to upgrade to this updated package,\nwhich contains backported patches that resolve these issues.", "edition": 25, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 3 / 4 / 5 : libvorbis (ELSA-2007-0845)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-4066", "CVE-2007-3106", "CVE-2007-4029", "CVE-2007-4065"], "modified": "2013-07-12T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:libvorbis-devel", "cpe:/o:oracle:linux:5", "cpe:/o:oracle:linux:3", "cpe:/o:oracle:linux:4", "p-cpe:/a:oracle:linux:libvorbis"], "id": "ORACLELINUX_ELSA-2007-0845.NASL", "href": "https://www.tenable.com/plugins/nessus/67560", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2007:0845 and \n# Oracle Linux Security Advisory ELSA-2007-0845 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67560);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-3106\", \"CVE-2007-4029\", \"CVE-2007-4065\", \"CVE-2007-4066\");\n script_bugtraq_id(25082);\n script_xref(name:\"RHSA\", value:\"2007:0845\");\n\n script_name(english:\"Oracle Linux 3 / 4 / 5 : libvorbis (ELSA-2007-0845)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2007:0845 :\n\nUpdated libvorbis packages to correct several security issues are now\navailable for Red Hat Enterprise Linux 3, 4, and 5.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe libvorbis package contains runtime libraries for use in programs\nthat support Ogg Voribs. Ogg Vorbis is a fully open, non-proprietary,\npatent-and royalty-free, general-purpose compressed audio format.\n\nSeveral flaws were found in the way libvorbis processed audio data. An\nattacker could create a carefully crafted OGG audio file in such a way\nthat it could cause an application linked with libvorbis to crash or\nexecute arbitrary code when it was opened. (CVE-2007-3106,\nCVE-2007-4029, CVE-2007-4065, CVE-2007-4066)\n\nUsers of libvorbis are advised to upgrade to this updated package,\nwhich contains backported patches that resolve these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2007-September/000330.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2007-September/000333.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2007-September/000334.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libvorbis packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvorbis\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvorbis-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/07/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/09/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 3 / 4 / 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"libvorbis-1.0-8.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"libvorbis-1.0-8.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"libvorbis-devel-1.0-8.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"libvorbis-devel-1.0-8.el3\")) flag++;\n\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"libvorbis-1.1.0-2.el4.5\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"libvorbis-1.1.0-2.el4.5\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"libvorbis-devel-1.1.0-2.el4.5\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"libvorbis-devel-1.1.0-2.el4.5\")) flag++;\n\nif (rpm_check(release:\"EL5\", reference:\"libvorbis-1.1.2-3.el5.0\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"libvorbis-devel-1.1.2-3.el5.0\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvorbis / libvorbis-devel\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T13:05:53", "description": "Updated libvorbis packages to correct several security issues are now\navailable for Red Hat Enterprise Linux 2.1\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe libvorbis package contains runtime libraries for use in programs\nthat support Ogg Voribs. Ogg Vorbis is a fully open, non-proprietary,\npatent-and royalty-free, general-purpose compressed audio format.\n\nSeveral flaws were found in the way libvorbis processed audio data. An\nattacker could create a carefully crafted OGG audio file in such a way\nthat it could cause an application linked with libvorbis to crash or\nexecute arbitrary code when it was opened. (CVE-2007-3106,\nCVE-2007-4029, CVE-2007-4065, CVE-2007-4066)\n\nUsers of libvorbis are advised to upgrade to this updated package,\nwhich contains backported patches that resolve these issues.", "edition": 27, "published": "2007-10-12T00:00:00", "title": "RHEL 2.1 : libvorbis (RHSA-2007:0912)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-4066", "CVE-2007-3106", "CVE-2007-4029", "CVE-2007-4065"], "modified": "2007-10-12T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:libvorbis-devel", "cpe:/o:redhat:enterprise_linux:2.1", "p-cpe:/a:redhat:enterprise_linux:libvorbis"], "id": "REDHAT-RHSA-2007-0912.NASL", "href": "https://www.tenable.com/plugins/nessus/27035", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2007:0912. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(27035);\n script_version(\"1.25\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-3106\", \"CVE-2007-4029\", \"CVE-2007-4065\", \"CVE-2007-4066\");\n script_bugtraq_id(25082);\n script_xref(name:\"RHSA\", value:\"2007:0912\");\n\n script_name(english:\"RHEL 2.1 : libvorbis (RHSA-2007:0912)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated libvorbis packages to correct several security issues are now\navailable for Red Hat Enterprise Linux 2.1\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe libvorbis package contains runtime libraries for use in programs\nthat support Ogg Voribs. Ogg Vorbis is a fully open, non-proprietary,\npatent-and royalty-free, general-purpose compressed audio format.\n\nSeveral flaws were found in the way libvorbis processed audio data. An\nattacker could create a carefully crafted OGG audio file in such a way\nthat it could cause an application linked with libvorbis to crash or\nexecute arbitrary code when it was opened. (CVE-2007-3106,\nCVE-2007-4029, CVE-2007-4065, CVE-2007-4066)\n\nUsers of libvorbis are advised to upgrade to this updated package,\nwhich contains backported patches that resolve these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-3106\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-4029\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-4065\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-4066\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2007:0912\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libvorbis and / or libvorbis-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvorbis\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvorbis-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:2.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/07/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/10/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^2\\.1([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 2.1\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i386\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2007:0912\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"libvorbis-1.0rc2-7.el2\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"libvorbis-devel-1.0rc2-7.el2\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvorbis / libvorbis-devel\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:06:04", "description": "Multiple security flaws were found in libvorbis. This updated package\nfixes them all.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2007-11-06T00:00:00", "title": "Fedora 7 : libvorbis-1.1.2-3.fc7 (2007-1765)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-4066", "CVE-2007-3106", "CVE-2007-4029", "CVE-2007-4065"], "modified": "2007-11-06T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:7", "p-cpe:/a:fedoraproject:fedora:libvorbis-devel", "p-cpe:/a:fedoraproject:fedora:libvorbis", "p-cpe:/a:fedoraproject:fedora:libvorbis-debuginfo"], "id": "FEDORA_2007-1765.NASL", "href": "https://www.tenable.com/plugins/nessus/27731", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2007-1765.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(27731);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2007-3106\", \"CVE-2007-4029\", \"CVE-2007-4065\", \"CVE-2007-4066\");\n script_xref(name:\"FEDORA\", value:\"2007-1765\");\n\n script_name(english:\"Fedora 7 : libvorbis-1.1.2-3.fc7 (2007-1765)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security flaws were found in libvorbis. This updated package\nfixes them all.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2007-August/003372.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?22bcf75d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected libvorbis, libvorbis-debuginfo and / or\nlibvorbis-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cwe_id(119, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libvorbis\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libvorbis-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libvorbis-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/08/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 7.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC7\", reference:\"libvorbis-1.1.2-3.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"libvorbis-debuginfo-1.1.2-3.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"libvorbis-devel-1.1.2-3.fc7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvorbis / libvorbis-debuginfo / libvorbis-devel\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T10:52:15", "description": "The remote host is affected by the vulnerability described in GLSA-200710-03\n(libvorbis: Multiple vulnerabilities)\n\n David Thiel of iSEC Partners discovered a heap-based buffer overflow in\n the _01inverse() function in res0.c and a boundary checking error in\n the vorbis_info_clear() function in info.c (CVE-2007-3106 and\n CVE-2007-4029). libvorbis is also prone to several Denial of Service\n vulnerabilities in form of infinite loops and invalid memory access\n with unknown impact (CVE-2007-4065 and CVE-2007-4066).\n \nImpact :\n\n A remote attacker could exploit these vulnerabilities by enticing a\n user to open a specially crafted Ogg Vorbis file or network stream with\n an application using libvorbis. This might lead to the execution of\n arbitrary code with privileges of the user playing the file or a Denial\n of Service by a crash or CPU consumption.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 25, "published": "2007-10-09T00:00:00", "title": "GLSA-200710-03 : libvorbis: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-4066", "CVE-2007-3106", "CVE-2007-4029", "CVE-2007-4065"], "modified": "2007-10-09T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:libvorbis"], "id": "GENTOO_GLSA-200710-03.NASL", "href": "https://www.tenable.com/plugins/nessus/26943", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200710-03.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(26943);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2007-3106\", \"CVE-2007-4029\", \"CVE-2007-4065\", \"CVE-2007-4066\");\n script_xref(name:\"GLSA\", value:\"200710-03\");\n\n script_name(english:\"GLSA-200710-03 : libvorbis: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200710-03\n(libvorbis: Multiple vulnerabilities)\n\n David Thiel of iSEC Partners discovered a heap-based buffer overflow in\n the _01inverse() function in res0.c and a boundary checking error in\n the vorbis_info_clear() function in info.c (CVE-2007-3106 and\n CVE-2007-4029). libvorbis is also prone to several Denial of Service\n vulnerabilities in form of infinite loops and invalid memory access\n with unknown impact (CVE-2007-4065 and CVE-2007-4066).\n \nImpact :\n\n A remote attacker could exploit these vulnerabilities by enticing a\n user to open a specially crafted Ogg Vorbis file or network stream with\n an application using libvorbis. This might lead to the execution of\n arbitrary code with privileges of the user playing the file or a Denial\n of Service by a crash or CPU consumption.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200710-03\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All libvorbis users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/libvorbis-1.2.0'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cwe_id(119, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:libvorbis\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/10/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/10/09\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/07/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-libs/libvorbis\", unaffected:make_list(\"ge 1.2.0\"), vulnerable:make_list(\"lt 1.2.0\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvorbis\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2020-07-09T00:33:14", "bulletinFamily": "unix", "cvelist": ["CVE-2007-3106", "CVE-2007-4029"], "description": "David Thiel discovered that libvorbis did not correctly verify the size \nof certain headers, and did not correctly clean up a broken stream. \nIf a user were tricked into processing a specially crafted Vorbis stream, \na remote attacker could execute arbitrary code with the user's privileges.", "edition": 6, "modified": "2007-08-16T00:00:00", "published": "2007-08-16T00:00:00", "id": "USN-498-1", "href": "https://ubuntu.com/security/notices/USN-498-1", "title": "libvorbis vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:26", "bulletinFamily": "software", "cvelist": ["CVE-2007-3106", "CVE-2007-4029"], "description": "No description provided", "edition": 1, "modified": "2007-07-27T00:00:00", "published": "2007-07-27T00:00:00", "id": "SECURITYVULNS:VULN:7984", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:7984", "title": "libvorbis library multiple memory corruptions", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2020-11-11T13:23:48", "bulletinFamily": "unix", "cvelist": ["CVE-2007-4066", "CVE-2007-3106", "CVE-2007-4029"], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1471-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nJanuary 21, 2008 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : libvorbis\nVulnerability : several\nProblem type : local(remote)\nDebian-specific: no\nCVE Id(s) : CVE-2007-3106 CVE-2007-4029 CVE-2007-4066\n\nSeveral vulnerabilities were found in the the Vorbis General Audio\nCompression Codec, which may lead to denial of service or the\nexecution of arbitrary code, if a user is tricked into opening to\na malformed Ogg Audio file with an application linked against\nlibvorbis.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.2.0.dfsg-1.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 1.1.2.dfsg-1.3.\n\nFor the old stable distribution (sarge), these problems have been fixed\nin version 1.1.0-2.\n\nWe recommend that you upgrade your libvorbis packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian 3.1 (oldstable)\n- ----------------------\n\nOldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis_1.1.0-2.dsc\n Size/MD5 checksum: 680 b5ec6d8d0c0ff4685c78590293477e4b\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis_1.1.0.orig.tar.gz\n Size/MD5 checksum: 1312404 bb764aeabde613d1a424a29b1f15e7e6\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis_1.1.0-2.diff.gz\n Size/MD5 checksum: 10367 29d9172717dad2dec0c9cc19ba17ea1e\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.0-2_alpha.deb\n Size/MD5 checksum: 523394 8c3eff010d1e788aeb07e83ce339a7e2\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.0-2_alpha.deb\n Size/MD5 checksum: 102930 4d137d5bca89b5e631b9680cb5cff7ec\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.0-2_alpha.deb\n Size/MD5 checksum: 117260 a316f6d6d54f5660dde2c0c098b187fe\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.0-2_alpha.deb\n Size/MD5 checksum: 19658 ffc4a16a404c4816c1d0aaef05bf8f08\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.0-2_amd64.deb\n Size/MD5 checksum: 102438 6173f2016d1ea737d18cfccc63a0c20b\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.0-2_amd64.deb\n Size/MD5 checksum: 486120 6c3e44f512fb6616fda5f2a4a6da7f0f\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.0-2_amd64.deb\n Size/MD5 checksum: 99786 06369a2e7c39661f1be42f92fbf6edeb\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.0-2_amd64.deb\n Size/MD5 checksum: 17294 94eecd33afe32351d8f50abb89318bf9\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.0-2_arm.deb\n Size/MD5 checksum: 485678 4dba38c91f4f5be70b607bfb19c84d13\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.0-2_arm.deb\n Size/MD5 checksum: 81320 103674a7f35ea423637830892e109219\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.0-2_arm.deb\n Size/MD5 checksum: 97096 bc6e7342d9d42e1d7b5dd33d0bf2e090\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.0-2_arm.deb\n Size/MD5 checksum: 18314 97e2b61223b6dadc426d41f47a7631bb\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.0-2_hppa.deb\n Size/MD5 checksum: 97976 6912b808e469447464d9fc761b2a8fad\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.0-2_hppa.deb\n Size/MD5 checksum: 113080 a6abab0886d26925be5faac1ed53e8b5\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.0-2_hppa.deb\n Size/MD5 checksum: 22728 669a38c0ac05806f3b6c1756dfb640c1\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.0-2_hppa.deb\n Size/MD5 checksum: 496120 3207fd8896ac3d3f3ea428a0c17be98a\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.0-2_i386.deb\n Size/MD5 checksum: 467764 342adc98e7c2b0e9f3983a706f6a221a\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.0-2_i386.deb\n Size/MD5 checksum: 95384 e3e0b031eee3ca107d74babc72582dbe\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.0-2_i386.deb\n Size/MD5 checksum: 81508 a356e52746d5c2d5208173620a2842f0\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.0-2_i386.deb\n Size/MD5 checksum: 19048 9e699a221a3fb782bae0ae3fc917537f\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.0-2_ia64.deb\n Size/MD5 checksum: 25012 d3ec22c380848764f06c00820882a90d\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.0-2_ia64.deb\n Size/MD5 checksum: 546198 fc3fb09f478c907035e74aa9aa5fdb80\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.0-2_ia64.deb\n Size/MD5 checksum: 108276 3f9f6ab4fa645b6fcfb73f28c4686db9\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.0-2_ia64.deb\n Size/MD5 checksum: 143578 ba49e14d0e3e4323e90287fd1a67e2ff\n\nm68k architecture (Motorola Mc680x0)\n\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.0-2_m68k.deb\n Size/MD5 checksum: 93068 b2f02b9d46617c9988515a442ec4e3cd\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.0-2_m68k.deb\n Size/MD5 checksum: 454680 647dddb5f7a803c68d702e27a6c88bd3\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.0-2_m68k.deb\n Size/MD5 checksum: 16048 630c76007d54b25a1d85bfb2f3eeb600\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.0-2_m68k.deb\n Size/MD5 checksum: 87350 64d0c6b554d0056f6fe18f54923a7f57\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.0-2_mips.deb\n Size/MD5 checksum: 91426 008a8a3f55a169c4c3c7aa7ffb5d14ac\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.0-2_mips.deb\n Size/MD5 checksum: 500658 4da1c9ef73472d84ecb58e6ad176600e\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.0-2_mips.deb\n Size/MD5 checksum: 107856 dfb55fbb3e5a197f7ea1e6468dd383b4\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.0-2_mips.deb\n Size/MD5 checksum: 21396 f46d920692b1e2fbc6d41d9ea561c7aa\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.0-2_mipsel.deb\n Size/MD5 checksum: 87934 347cea10f6b0eb47bf05cb45889c634b\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.0-2_mipsel.deb\n Size/MD5 checksum: 496002 f7a8c365dc8dc284410dccf1381545f8\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.0-2_mipsel.deb\n Size/MD5 checksum: 21290 5f6cb4fb14862908de9945b4cc42c7d4\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.0-2_mipsel.deb\n Size/MD5 checksum: 107728 d6d6ee14d134b99be53555063c07ca8d\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.0-2_powerpc.deb\n Size/MD5 checksum: 111098 c9f7f8827f0944cac84f0a97bbd2d621\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.0-2_powerpc.deb\n Size/MD5 checksum: 22482 465ecb55f6dda90f34d7dd6d5e633a96\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.0-2_powerpc.deb\n Size/MD5 checksum: 88080 d0eb2b48650d77d32ed6616e4cabf121\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.0-2_powerpc.deb\n Size/MD5 checksum: 492882 0f305d4a191b1bf746f867d785d0cef2\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.0-2_s390.deb\n Size/MD5 checksum: 94944 b5218e1329b320265c0a6488aecb1edd\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.0-2_s390.deb\n Size/MD5 checksum: 20452 1c644fa0f5fd426c078c85336b67fa48\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.0-2_s390.deb\n Size/MD5 checksum: 103420 cdd1b9852ff808075ec93d14de016e87\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.0-2_s390.deb\n Size/MD5 checksum: 476036 7e5a6de0959c3145396b59368dea2d15\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.0-2_sparc.deb\n Size/MD5 checksum: 84788 45371ad7069c908482cefc7273b702e1\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.0-2_sparc.deb\n Size/MD5 checksum: 104638 3c212a95142245aab5b154f370d8dc00\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.0-2_sparc.deb\n Size/MD5 checksum: 19100 e48ca578a53022388e8652e321832c6d\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.0-2_sparc.deb\n Size/MD5 checksum: 481096 a0d59beb8a891859b8706f08f9fd7018\n\nDebian 4.0 (stable)\n- -------------------\n\nStable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis_1.1.2.dfsg-1.3.dsc\n Size/MD5 checksum: 787 514e1b39b9020ec71b598a86ecd7a98a\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis_1.1.2.dfsg-1.3.diff.gz\n Size/MD5 checksum: 15113 6d5a52ab761bee984f8a3bf4824c1da2\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis_1.1.2.dfsg.orig.tar.gz\n Size/MD5 checksum: 1312540 44cf09fef7f78e7c6ba7dd63b6137412\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.3_alpha.deb\n Size/MD5 checksum: 19096 0dcf6327ba9b509e647c4be6b51d53b8\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.3_alpha.deb\n Size/MD5 checksum: 110222 1fb68f00dd1481c49174fa4a80f3c4a9\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.3_alpha.deb\n Size/MD5 checksum: 94302 851d716fc4c4b3d91b25d866322c115d\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.3_alpha.deb\n Size/MD5 checksum: 491324 97fa5a25df211846ee4a0860866dc79b\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.3_amd64.deb\n Size/MD5 checksum: 17672 fc04a950b05fe113f68cbfd52cb1a109\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.3_amd64.deb\n Size/MD5 checksum: 468464 eea9a1080f935cffa8b9c6882a689562\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.3_amd64.deb\n Size/MD5 checksum: 101280 2cadb9c30b35e1911f24e4f412771609\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.3_amd64.deb\n Size/MD5 checksum: 93380 8ee0edfb1e54619e4792e1e576023007\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.3_arm.deb\n Size/MD5 checksum: 18400 a6ba31fcb2029588d3379d1cc32fa827\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.3_arm.deb\n Size/MD5 checksum: 458464 025a4197b18bafb76ad61bc7b2f9020f\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.3_arm.deb\n Size/MD5 checksum: 75618 3baf64d2cac4b46e2aeabb161c41ef96\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.3_arm.deb\n Size/MD5 checksum: 98014 925b37a8bbaba844fd55d9412504e6dd\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.3_hppa.deb\n Size/MD5 checksum: 21864 6299858cfeac23c4fdf8b50fe19a5055\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.3_hppa.deb\n Size/MD5 checksum: 107898 210d6ccdf1d312456ac698441e134499\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.3_hppa.deb\n Size/MD5 checksum: 478190 a6a13ce484870ad2be4d1199f4cfea6c\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.3_hppa.deb\n Size/MD5 checksum: 92302 bc1256dfc82401a89715cbb0f536a068\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.3_i386.deb\n Size/MD5 checksum: 75208 6988a44b88cecade073a6904c493e8b4\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.3_i386.deb\n Size/MD5 checksum: 97908 4ff2cbd6cd9acbbee79f14e15d48adc7\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.3_i386.deb\n Size/MD5 checksum: 18756 278dc87b1e3486ea3a991bf0d3abf058\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.3_i386.deb\n Size/MD5 checksum: 446560 580e82ae5823628b6ee7ecd2a5cc8f7c\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.3_ia64.deb\n Size/MD5 checksum: 135808 fd00f7dbc72f06a3a625f5ab86c1628a\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.3_ia64.deb\n Size/MD5 checksum: 509904 d64bea2db1579d23a32dbd2a3ac5c0a0\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.3_ia64.deb\n Size/MD5 checksum: 97890 5c97da453c7af293c6c102d30ae54f0d\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.3_ia64.deb\n Size/MD5 checksum: 24586 bae98ac866b58083b5e154678a1ad234\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.3_mips.deb\n Size/MD5 checksum: 20856 26f3af2b815946ba3b9aab9cc5471817\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.3_mips.deb\n Size/MD5 checksum: 104964 e34611f618e661b477904a30c08e10f2\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.3_mips.deb\n Size/MD5 checksum: 475854 159c69cbf16e2781f26f797457ab26f4\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.3_mips.deb\n Size/MD5 checksum: 81264 4941d0ef2aab217179c220d3b3c6809f\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.3_mipsel.deb\n Size/MD5 checksum: 104794 861941107d1de71fea1bd9dca3a73ab6\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.3_mipsel.deb\n Size/MD5 checksum: 20826 fde0cd2f795760ff887b45c7deeccfa0\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.3_mipsel.deb\n Size/MD5 checksum: 76810 8f344d1542af05528d6ef544a20746c2\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.3_mipsel.deb\n Size/MD5 checksum: 469012 4e6244b874bd316d21f1146ffdd24a48\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.3_powerpc.deb\n Size/MD5 checksum: 82406 83e476ad98c021d4171dea3f2b890c4e\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.3_powerpc.deb\n Size/MD5 checksum: 21250 0b7c4c9e2cc832498042146d9bb86ce1\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.3_powerpc.deb\n Size/MD5 checksum: 105586 152558d69c414909c9304b7364434632\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.3_powerpc.deb\n Size/MD5 checksum: 475066 4009ab198413d5d9560601493c4ce58a\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.3_s390.deb\n Size/MD5 checksum: 452610 126f4ebea934f53c8f1f903e344cd125\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.3_s390.deb\n Size/MD5 checksum: 20796 10e68f73a8f106482ab4684e1c234779\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.3_s390.deb\n Size/MD5 checksum: 90424 e654e4abb4e94b4afb944fed2bf9eb9d\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.3_s390.deb\n Size/MD5 checksum: 102356 52990c6d17a0a270d6c4b27045492521\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.3_sparc.deb\n Size/MD5 checksum: 98022 d395d89cb57397b6d911ebaed73d878d\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.3_sparc.deb\n Size/MD5 checksum: 79658 8cdc39339ca1f94c097aa241cd2da860\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.3_sparc.deb\n Size/MD5 checksum: 453244 99e5fafaab83e9249aad89aa8194f79c\n http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.3_sparc.deb\n Size/MD5 checksum: 17748 890b42f370951c16ecd7451b0bc26c67\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "edition": 3, "modified": "2008-01-21T18:06:38", "published": "2008-01-21T18:06:38", "id": "DEBIAN:DSA-1471-1:FE687", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2008/msg00031.html", "title": "[SECURITY] [DSA 1471-1] New libvorbis packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2020-07-17T03:27:58", "bulletinFamily": "unix", "cvelist": ["CVE-2007-4066", "CVE-2007-3106", "CVE-2007-4029", "CVE-2007-4065"], "description": "**CentOS Errata and Security Advisory** CESA-2007:0845\n\n\nThe libvorbis package contains runtime libraries for use in programs that\r\nsupport Ogg Voribs. Ogg Vorbis is a fully open, non-proprietary, patent-and\r\nroyalty-free, general-purpose compressed audio format.\r\n\r\nSeveral flaws were found in the way libvorbis processed audio data. An\r\nattacker could create a carefully crafted OGG audio file in such a way that\r\nit could cause an application linked with libvorbis to crash or execute\r\narbitrary code when it was opened. (CVE-2007-3106, CVE-2007-4029,\r\nCVE-2007-4065, CVE-2007-4066)\r\n\r\nUsers of libvorbis are advised to upgrade to this updated package, which\r\ncontains backported patches that resolve these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2007-September/026243.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-September/026244.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-September/026247.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-September/026248.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-September/026249.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-September/026250.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-September/026259.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-September/026260.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-September/026263.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-September/026264.html\n\n**Affected packages:**\nlibvorbis\nlibvorbis-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2007-0845.html", "edition": 5, "modified": "2007-09-21T10:54:53", "published": "2007-09-19T17:46:48", "href": "http://lists.centos.org/pipermail/centos-announce/2007-September/026243.html", "id": "CESA-2007:0845", "title": "libvorbis security update", "type": "centos", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-20T18:29:35", "bulletinFamily": "unix", "cvelist": ["CVE-2007-4066", "CVE-2007-3106", "CVE-2007-4029", "CVE-2007-4065"], "description": "**CentOS Errata and Security Advisory** CESA-2007:0912-01\n\n\nThe libvorbis package contains runtime libraries for use in programs that\r\nsupport Ogg Voribs. Ogg Vorbis is a fully open, non-proprietary, patent-and\r\nroyalty-free, general-purpose compressed audio format.\r\n\r\nSeveral flaws were found in the way libvorbis processed audio data. An\r\nattacker could create a carefully crafted OGG audio file in such a way that\r\nit could cause an application linked with libvorbis to crash or execute\r\narbitrary code when it was opened. (CVE-2007-3106, CVE-2007-4029,\r\nCVE-2007-4065, CVE-2007-4066)\r\n\r\nUsers of libvorbis are advised to upgrade to this updated package, which\r\ncontains backported patches that resolve these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2007-October/026340.html\n\n**Affected packages:**\nlibvorbis\nlibvorbis-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/rh21as-errata.html", "edition": 4, "modified": "2007-10-15T02:00:31", "published": "2007-10-15T02:00:31", "href": "http://lists.centos.org/pipermail/centos-announce/2007-October/026340.html", "id": "CESA-2007:0912-01", "title": "libvorbis security update", "type": "centos", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:35:32", "bulletinFamily": "unix", "cvelist": ["CVE-2007-4066", "CVE-2007-3106", "CVE-2007-4029", "CVE-2007-4065"], "description": " [1.0-8.el3]\n - Add 16 patches to fix various CVEs.\n - Resolves: #245995 ", "edition": 4, "modified": "2007-09-19T00:00:00", "published": "2007-09-19T00:00:00", "id": "ELSA-2007-0845", "href": "http://linux.oracle.com/errata/ELSA-2007-0845.html", "title": "Important:libvorbis security update ", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:47:01", "bulletinFamily": "unix", "cvelist": ["CVE-2007-3106", "CVE-2007-4029", "CVE-2007-4065", "CVE-2007-4066"], "description": "The libvorbis package contains runtime libraries for use in programs that\r\nsupport Ogg Voribs. Ogg Vorbis is a fully open, non-proprietary, patent-and\r\nroyalty-free, general-purpose compressed audio format.\r\n\r\nSeveral flaws were found in the way libvorbis processed audio data. An\r\nattacker could create a carefully crafted OGG audio file in such a way that\r\nit could cause an application linked with libvorbis to crash or execute\r\narbitrary code when it was opened. (CVE-2007-3106, CVE-2007-4029,\r\nCVE-2007-4065, CVE-2007-4066)\r\n\r\nUsers of libvorbis are advised to upgrade to this updated package, which\r\ncontains backported patches that resolve these issues.", "modified": "2018-03-14T19:28:01", "published": "2007-10-11T04:00:00", "id": "RHSA-2007:0912", "href": "https://access.redhat.com/errata/RHSA-2007:0912", "type": "redhat", "title": "(RHSA-2007:0912) Important: libvorbis security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:44:33", "bulletinFamily": "unix", "cvelist": ["CVE-2007-3106", "CVE-2007-4029", "CVE-2007-4065", "CVE-2007-4066"], "description": "The libvorbis package contains runtime libraries for use in programs that\r\nsupport Ogg Voribs. Ogg Vorbis is a fully open, non-proprietary, patent-and\r\nroyalty-free, general-purpose compressed audio format.\r\n\r\nSeveral flaws were found in the way libvorbis processed audio data. An\r\nattacker could create a carefully crafted OGG audio file in such a way that\r\nit could cause an application linked with libvorbis to crash or execute\r\narbitrary code when it was opened. (CVE-2007-3106, CVE-2007-4029,\r\nCVE-2007-4065, CVE-2007-4066)\r\n\r\nUsers of libvorbis are advised to upgrade to this updated package, which\r\ncontains backported patches that resolve these issues.", "modified": "2017-09-08T12:13:51", "published": "2007-09-19T04:00:00", "id": "RHSA-2007:0845", "href": "https://access.redhat.com/errata/RHSA-2007:0845", "type": "redhat", "title": "(RHSA-2007:0845) Important: libvorbis security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:00", "bulletinFamily": "unix", "cvelist": ["CVE-2007-4066", "CVE-2007-3106", "CVE-2007-4029", "CVE-2007-4065"], "description": "### Background\n\nlibvorbis is the reference implementation of the Xiph.org Ogg Vorbis audio file format. It is used by many applications for playback of Ogg Vorbis files. \n\n### Description\n\nDavid Thiel of iSEC Partners discovered a heap-based buffer overflow in the _01inverse() function in res0.c and a boundary checking error in the vorbis_info_clear() function in info.c (CVE-2007-3106 and CVE-2007-4029). libvorbis is also prone to several Denial of Service vulnerabilities in form of infinite loops and invalid memory access with unknown impact (CVE-2007-4065 and CVE-2007-4066). \n\n### Impact\n\nA remote attacker could exploit these vulnerabilities by enticing a user to open a specially crafted Ogg Vorbis file or network stream with an application using libvorbis. This might lead to the execution of arbitrary code with privileges of the user playing the file or a Denial of Service by a crash or CPU consumption. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll libvorbis users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-libs/libvorbis-1.2.0\"", "edition": 1, "modified": "2007-10-07T00:00:00", "published": "2007-10-07T00:00:00", "id": "GLSA-200710-03", "href": "https://security.gentoo.org/glsa/200710-03", "type": "gentoo", "title": "libvorbis: Multiple vulnerabilities", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "fedora": [{"lastseen": "2020-12-21T08:17:48", "bulletinFamily": "unix", "cvelist": ["CVE-2007-3106", "CVE-2007-4029", "CVE-2007-4065", "CVE-2007-4066"], "description": "Ogg Vorbis is a fully open, non-proprietary, patent-and royalty-free, general-purpose compressed audio format for audio and music at fixed and variable bitrates from 16 to 128 kbps/channel. The libvorbis package contains runtime libraries for use in programs that support Ogg Voribs. ", "modified": "2007-08-24T05:38:37", "published": "2007-08-24T05:38:37", "id": "FEDORA:L7O5CITC029867", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 7 Update: libvorbis-1.1.2-3.fc7", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}]}
