Red Hat Local Security Checks : RedHat Security Advisory RHSA-2008:0271

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.60953

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2008:0271

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory RHSA-2008:0271.

The libvorbis packages contain runtime libraries for use in programs that
support Ogg Vorbis. Ogg Vorbis is a fully open, non-proprietary, patent-and
royalty-free, general-purpose compressed audio format.

Will Drewry of the Google Security Team reported several flaws in the way
libvorbis processed audio data. An attacker could create a carefully
crafted OGG audio file in such a way that it could cause an application
linked with libvorbis to crash, or execute arbitrary code when it was
opened. (CVE-2008-1419, CVE-2008-1420, CVE-2008-1423, CVE-2008-2009)

Moreover, additional OGG file sanity-checks have been added to prevent
possible exploitation of similar issues in the future.

Users of libvorbis are advised to upgrade to these updated packages, which
contain backported patches to resolve these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2008-0271.html
http://www.redhat.com/security/updates/classification/#important

Risk factor : Critical

CVSS Score:
9.3

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2008-1419
BugTraq ID: 29206
http://www.securityfocus.com/bid/29206
Debian Security Information: DSA-1591 (Google Search)
http://www.debian.org/security/2008/dsa-1591
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00247.html
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00256.html
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00243.html
http://security.gentoo.org/glsa/glsa-200806-09.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2008:102
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10104
http://www.redhat.com/support/errata/RHSA-2008-0270.html
http://www.redhat.com/support/errata/RHSA-2008-0271.html
http://www.securitytracker.com/id?1020029
http://secunia.com/advisories/30234
http://secunia.com/advisories/30237
http://secunia.com/advisories/30247
http://secunia.com/advisories/30259
http://secunia.com/advisories/30479
http://secunia.com/advisories/30581
http://secunia.com/advisories/30820
http://secunia.com/advisories/32946
SuSE Security Announcement: SUSE-SR:2008:012 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html
http://www.ubuntu.com/usn/USN-682-1
http://www.vupen.com/english/advisories/2008/1510/references
XForce ISS Database: libvorbis-ogg-bo(42397)
https://exchange.xforce.ibmcloud.com/vulnerabilities/42397
XForce ISS Database: libvorbis-ogg-dos(42400)
https://exchange.xforce.ibmcloud.com/vulnerabilities/42400
Common Vulnerability Exposure (CVE) ID: CVE-2008-1420
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9500
http://secunia.com/advisories/36463
https://usn.ubuntu.com/825-1/
XForce ISS Database: libvorbis-residue-bo(42402)
https://exchange.xforce.ibmcloud.com/vulnerabilities/42402
Common Vulnerability Exposure (CVE) ID: CVE-2008-1423
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9851
XForce ISS Database: libvorbis-quantvals-quantlist-bo(42403)
https://exchange.xforce.ibmcloud.com/vulnerabilities/42403
Common Vulnerability Exposure (CVE) ID: CVE-2008-2009
1020029
30247
ADV-2008-1510
RHSA-2008:0271
USN-861-1
http://www.ubuntu.com/usn/USN-861-1
https://bugzilla.redhat.com/show_bug.cgi?id=444443
libvorbis-makedecodetree-dos(42521)
https://exchange.xforce.ibmcloud.com/vulnerabilities/42521

Copyright Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.60953
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2008:0271
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2008:0271. The libvorbis packages contain runtime libraries for use in programs that support Ogg Vorbis. Ogg Vorbis is a fully open, non-proprietary, patent-and royalty-free, general-purpose compressed audio format. Will Drewry of the Google Security Team reported several flaws in the way libvorbis processed audio data. An attacker could create a carefully crafted OGG audio file in such a way that it could cause an application linked with libvorbis to crash, or execute arbitrary code when it was opened. (CVE-2008-1419, CVE-2008-1420, CVE-2008-1423, CVE-2008-2009) Moreover, additional OGG file sanity-checks have been added to prevent possible exploitation of similar issues in the future. Users of libvorbis are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2008-0271.html http://www.redhat.com/security/updates/classification/#important Risk factor : Critical CVSS Score: 9.3
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-1419 BugTraq ID: 29206 http://www.securityfocus.com/bid/29206 Debian Security Information: DSA-1591 (Google Search) http://www.debian.org/security/2008/dsa-1591 https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00247.html https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00256.html https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00243.html http://security.gentoo.org/glsa/glsa-200806-09.xml http://www.mandriva.com/security/advisories?name=MDVSA-2008:102 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10104 http://www.redhat.com/support/errata/RHSA-2008-0270.html http://www.redhat.com/support/errata/RHSA-2008-0271.html http://www.securitytracker.com/id?1020029 http://secunia.com/advisories/30234 http://secunia.com/advisories/30237 http://secunia.com/advisories/30247 http://secunia.com/advisories/30259 http://secunia.com/advisories/30479 http://secunia.com/advisories/30581 http://secunia.com/advisories/30820 http://secunia.com/advisories/32946 SuSE Security Announcement: SUSE-SR:2008:012 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html http://www.ubuntu.com/usn/USN-682-1 http://www.vupen.com/english/advisories/2008/1510/references XForce ISS Database: libvorbis-ogg-bo(42397) https://exchange.xforce.ibmcloud.com/vulnerabilities/42397 XForce ISS Database: libvorbis-ogg-dos(42400) https://exchange.xforce.ibmcloud.com/vulnerabilities/42400 Common Vulnerability Exposure (CVE) ID: CVE-2008-1420 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9500 http://secunia.com/advisories/36463 https://usn.ubuntu.com/825-1/ XForce ISS Database: libvorbis-residue-bo(42402) https://exchange.xforce.ibmcloud.com/vulnerabilities/42402 Common Vulnerability Exposure (CVE) ID: CVE-2008-1423 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9851 XForce ISS Database: libvorbis-quantvals-quantlist-bo(42403) https://exchange.xforce.ibmcloud.com/vulnerabilities/42403 Common Vulnerability Exposure (CVE) ID: CVE-2008-2009 1020029 30247 ADV-2008-1510 RHSA-2008:0271 USN-861-1 http://www.ubuntu.com/usn/USN-861-1 https://bugzilla.redhat.com/show_bug.cgi?id=444443 libvorbis-makedecodetree-dos(42521) https://exchange.xforce.ibmcloud.com/vulnerabilities/42521
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com