Debian Security Advisory DSA 1471-1 (libvorbis) Network Vulnerability

Summary

The remote host is missing an update to libvorbis announced via advisory DSA 1471-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201471-1

Insight

Several vulnerabilities were found in the the Vorbis General Audio Compression Codec, which may lead to denial of service or the execution of arbitrary code, if a user is tricked into opening to a malformed Ogg Audio file with an application linked against libvorbis. For the unstable distribution (sid), these problems have been fixed in version 1.2.0.dfsg-1. For the stable distribution (etch), these problems have been fixed in version 1.1.2.dfsg-1.3. For the old stable distribution (sarge), these problems have been fixed in version 1.1.0-2. We recommend that you upgrade your libvorbis packages.

Severity

Classification

CVE CVE-2007-3106, CVE-2007-4029, CVE-2007-4066
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Debian Security Advisory DSA 1135-1 (libtunepimp)
Debian Security Advisory DSA 114-1 (gnujsp)
Debian Security Advisory DSA 1100-1 (wv2)
Debian Security Advisory DSA 1054-1 (tiff)
Debian Security Advisory DSA 010-1 (gnupg)

Take action and discover your vulnerabilities