Test ID:	1.3.6.1.4.1.25623.1.0.58507
Category:	Mandrake Local Security Checks
Title:	Mandrake Security Advisory MDKSA-2007:167-1 (libvorbis)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to libvorbis announced via advisory MDKSA-2007:167-1. David Thiel discovered that libvorbis did not correctly verify the size of certain headers, and did not correctly clean up a broken stream. If a user were tricked into processing a specially crafted Vorbis stream, a remote attacker could possibly cause a denial of service or execute arbitrary code with the user's privileges. Update: Due to a packaging problem, the libvorbis development package was not able to be upgraded on Mandriva Linux 2007.1 This has been corrected with this new update. Affected: 2007.1 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2007:167-1 Risk factor : High CVSS Score: 6.8
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-3106 20070726 libvorbis 1.1.2 - Multiple memory corruption flaws http://www.securityfocus.com/archive/1/474729/100/0/threaded 24923 http://secunia.com/advisories/24923 25082 http://www.securityfocus.com/bid/25082 26087 http://secunia.com/advisories/26087 26232 http://secunia.com/advisories/26232 26299 http://secunia.com/advisories/26299 26429 http://secunia.com/advisories/26429 26535 http://secunia.com/advisories/26535 26865 http://secunia.com/advisories/26865 27099 http://secunia.com/advisories/27099 28614 http://secunia.com/advisories/28614 ADV-2007-2698 http://www.vupen.com/english/advisories/2007/2698 ADV-2007-2760 http://www.vupen.com/english/advisories/2007/2760 DSA-1471 http://www.debian.org/security/2008/dsa-1471 GLSA-200710-03 http://security.gentoo.org/glsa/glsa-200710-03.xml MDKSA-2007:167-1 http://www.mandriva.com/security/advisories?name=MDKSA-2007:167-1 RHSA-2007:0845 http://www.redhat.com/support/errata/RHSA-2007-0845.html RHSA-2007:0912 http://www.redhat.com/support/errata/RHSA-2007-0912.html USN-498-1 http://www.ubuntu.com/usn/usn-498-1 http://www.isecpartners.com/advisories/2007-003-libvorbis.txt http://www.tellini.org/blog/archives/32-Music-Box-1.6.html https://bugzilla.redhat.com/show_bug.cgi?id=245991 https://bugzilla.redhat.com/show_bug.cgi?id=249780 https://issues.rpath.com/browse/RPL-1590 https://trac.xiph.org/changeset/13160 libvorbis-inverse-code-execution(35622) https://exchange.xforce.ibmcloud.com/vulnerabilities/35622 oval:org.mitre.oval:def:11449 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11449 Common Vulnerability Exposure (CVE) ID: CVE-2007-4029 1018712 http://securitytracker.com/id?1018712 27439 http://secunia.com/advisories/27439 SUSE-SR:2007:023 http://www.novell.com/linux/security/advisories/2007_23_sr.html libvorbis-blocksize-code-execution(35624) https://exchange.xforce.ibmcloud.com/vulnerabilities/35624 libvorbis-infoclear-code-execution(35623) https://exchange.xforce.ibmcloud.com/vulnerabilities/35623 oval:org.mitre.oval:def:10570 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10570
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.