Test ID:	1.3.6.1.4.1.25623.1.0.59698
Category:	Fedora Local Security Checks
Title:	Fedora Core 7 FEDORA-2007-1765 (libvorbis)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to libvorbis announced via advisory FEDORA-2007-1765. Ogg Vorbis is a fully open, non-proprietary, patent-and royalty-free, general-purpose compressed audio format for audio and music at fixed and variable bitrates from 16 to 128 kbps/channel. The libvorbis package contains runtime libraries for use in programs that support Ogg Voribs. Update Information: Multiple security flaws were found in libvorbis. This updated package fixes them all. ChangeLog: * Thu Aug 9 2007 Behdad Esfahbod - 1:1.1.2-3 - Add 16 patches to fix various CVEs. - Resolves: #250599 References: [ 1 ] Bug #250599 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=250599 [ 2 ] Bug #250612 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=250612 [ 3 ] CVE-2007-3106 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3106 [ 4 ] CVE-2007-4065 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4065 [ 5 ] CVE-2007-4066 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4066 [ 6 ] CVE-2007-4029 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4029 Updated packages: 8204a40f1b7ccbd7cf5bcb0dc51b2d905e3d0610 libvorbis-debuginfo-1.1.2-3.fc7.ppc64.rpm 58c4358e726fc83558fd6f9cc9e767b589acfc61 libvorbis-1.1.2-3.fc7.ppc64.rpm de4364e38b5c9ccc0a6966895a146b76b829d240 libvorbis-devel-1.1.2-3.fc7.ppc64.rpm 6c2963632ead7cd39b5f203a0614e3ab3f13a537 libvorbis-debuginfo-1.1.2-3.fc7.i386.rpm 8a6639feaee1dcdbd9c747095decf032a3b6b3f8 libvorbis-devel-1.1.2-3.fc7.i386.rpm 1b58a7ff5ec4c317516d1e11c544e21ed3eaca84 libvorbis-1.1.2-3.fc7.i386.rpm 324005f6d60e1daef00c70d7924ca96d4f7ef4db libvorbis-debuginfo-1.1.2-3.fc7.x86_64.rpm 48b267dce16ab379a37cb3ff71c7c3209963ddf9 libvorbis-1.1.2-3.fc7.x86_64.rpm 098cc588ea7654e321a5ee3d15f109d35e030615 libvorbis-devel-1.1.2-3.fc7.x86_64.rpm b94e67b5fbf987ccc76cb44e4b5706c9511175c0 libvorbis-devel-1.1.2-3.fc7.ppc.rpm aa5a4f6b69440d29a26c6b01943d508a34738d97 libvorbis-debuginfo-1.1.2-3.fc7.ppc.rpm cba5e2b4b7cbb39166c81172bfd006080e6b57b2 libvorbis-1.1.2-3.fc7.ppc.rpm eafe9fd285a75964eb1ba44558c9ec7828f77f15 libvorbis-1.1.2-3.fc7.src.rpm This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at http://docs.fedoraproject.org/yum/. Solution: Apply the appropriate updates. http://www.securityspace.com/smysecure/catid.html?in=FEDORA-2007-1765 Risk factor : High CVSS Score: 6.8
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-3106 20070726 libvorbis 1.1.2 - Multiple memory corruption flaws http://www.securityfocus.com/archive/1/474729/100/0/threaded 24923 http://secunia.com/advisories/24923 25082 http://www.securityfocus.com/bid/25082 26087 http://secunia.com/advisories/26087 26232 http://secunia.com/advisories/26232 26299 http://secunia.com/advisories/26299 26429 http://secunia.com/advisories/26429 26535 http://secunia.com/advisories/26535 26865 http://secunia.com/advisories/26865 27099 http://secunia.com/advisories/27099 28614 http://secunia.com/advisories/28614 ADV-2007-2698 http://www.vupen.com/english/advisories/2007/2698 ADV-2007-2760 http://www.vupen.com/english/advisories/2007/2760 DSA-1471 http://www.debian.org/security/2008/dsa-1471 GLSA-200710-03 http://security.gentoo.org/glsa/glsa-200710-03.xml MDKSA-2007:167-1 http://www.mandriva.com/security/advisories?name=MDKSA-2007:167-1 RHSA-2007:0845 http://www.redhat.com/support/errata/RHSA-2007-0845.html RHSA-2007:0912 http://www.redhat.com/support/errata/RHSA-2007-0912.html USN-498-1 http://www.ubuntu.com/usn/usn-498-1 http://www.isecpartners.com/advisories/2007-003-libvorbis.txt http://www.tellini.org/blog/archives/32-Music-Box-1.6.html https://bugzilla.redhat.com/show_bug.cgi?id=245991 https://bugzilla.redhat.com/show_bug.cgi?id=249780 https://issues.rpath.com/browse/RPL-1590 https://trac.xiph.org/changeset/13160 libvorbis-inverse-code-execution(35622) https://exchange.xforce.ibmcloud.com/vulnerabilities/35622 oval:org.mitre.oval:def:11449 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11449 Common Vulnerability Exposure (CVE) ID: CVE-2007-4065 1018712 http://securitytracker.com/id?1018712 27170 http://secunia.com/advisories/27170 27439 http://secunia.com/advisories/27439 MDKSA-2007:194 http://www.mandriva.com/security/advisories?name=MDKSA-2007:194 SUSE-SR:2007:023 http://www.novell.com/linux/security/advisories/2007_23_sr.html http://svn.xiph.org/trunk/vorbis/CHANGES https://trac.xiph.org/changeset/13217 oval:org.mitre.oval:def:9173 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9173 Common Vulnerability Exposure (CVE) ID: CVE-2007-4066 https://trac.xiph.org/changeset/13162 https://trac.xiph.org/changeset/13168 https://trac.xiph.org/changeset/13169 https://trac.xiph.org/changeset/13170 https://trac.xiph.org/changeset/13172 https://trac.xiph.org/changeset/13211 https://trac.xiph.org/changeset/13215 https://trac.xiph.org/ticket/300 https://trac.xiph.org/ticket/853 oval:org.mitre.oval:def:11453 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11453 Common Vulnerability Exposure (CVE) ID: CVE-2007-4029 libvorbis-blocksize-code-execution(35624) https://exchange.xforce.ibmcloud.com/vulnerabilities/35624 libvorbis-infoclear-code-execution(35623) https://exchange.xforce.ibmcloud.com/vulnerabilities/35623 oval:org.mitre.oval:def:10570 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10570
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.