The libvorbis package contains runtime libraries for use in programs that
support Ogg Voribs. Ogg Vorbis is a fully open, non-proprietary, patent-and
royalty-free, general-purpose compressed audio format.
Several flaws were found in the way libvorbis processed audio data. An
attacker could create a carefully crafted OGG audio file in such a way that
it could cause an application linked with libvorbis to crash or execute
arbitrary code when it was opened. (CVE-2007-3106, CVE-2007-4029,
CVE-2007-4065, CVE-2007-4066)
Users of libvorbis are advised to upgrade to this updated package, which
contains backported patches that resolve these issues.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 2 | i386 | libvorbis | < 1.0rc2-7.el2 | libvorbis-1.0rc2-7.el2.i386.rpm |
RedHat | 2 | i386 | libvorbis-devel | < 1.0rc2-7.el2 | libvorbis-devel-1.0rc2-7.el2.i386.rpm |
RedHat | 2 | ia64 | libvorbis-devel | < 1.0rc2-7.el2 | libvorbis-devel-1.0rc2-7.el2.ia64.rpm |
RedHat | 2 | ia64 | libvorbis | < 1.0rc2-7.el2 | libvorbis-1.0rc2-7.el2.ia64.rpm |