Test ID:	1.3.6.1.4.1.25623.1.0.60952
Category:	Red Hat Local Security Checks
Title:	RedHat Security Advisory RHSA-2008:0270
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory RHSA-2008:0270. The libvorbis packages contain runtime libraries for use in programs that support Ogg Vorbis. Ogg Vorbis is a fully open, non-proprietary, patent-and royalty-free, general-purpose compressed audio format. Will Drewry of the Google Security Team reported several flaws in the way libvorbis processed audio data. An attacker could create a carefully crafted OGG audio file in such a way that it could cause an application linked with libvorbis to crash, or execute arbitrary code when it was opened. (CVE-2008-1419, CVE-2008-1420, CVE-2008-1423) Moreover, additional OGG file sanity-checks have been added to prevent possible exploitation of similar issues in the future. Users of libvorbis are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2008-0270.html http://www.redhat.com/security/updates/classification/#important Risk factor : Critical CVSS Score: 9.3
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-1419 BugTraq ID: 29206 http://www.securityfocus.com/bid/29206 Debian Security Information: DSA-1591 (Google Search) http://www.debian.org/security/2008/dsa-1591 https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00247.html https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00256.html https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00243.html http://security.gentoo.org/glsa/glsa-200806-09.xml http://www.mandriva.com/security/advisories?name=MDVSA-2008:102 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10104 http://www.redhat.com/support/errata/RHSA-2008-0270.html http://www.redhat.com/support/errata/RHSA-2008-0271.html http://www.securitytracker.com/id?1020029 http://secunia.com/advisories/30234 http://secunia.com/advisories/30237 http://secunia.com/advisories/30247 http://secunia.com/advisories/30259 http://secunia.com/advisories/30479 http://secunia.com/advisories/30581 http://secunia.com/advisories/30820 http://secunia.com/advisories/32946 SuSE Security Announcement: SUSE-SR:2008:012 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html http://www.ubuntu.com/usn/USN-682-1 http://www.vupen.com/english/advisories/2008/1510/references XForce ISS Database: libvorbis-ogg-bo(42397) https://exchange.xforce.ibmcloud.com/vulnerabilities/42397 XForce ISS Database: libvorbis-ogg-dos(42400) https://exchange.xforce.ibmcloud.com/vulnerabilities/42400 Common Vulnerability Exposure (CVE) ID: CVE-2008-1420 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9500 http://secunia.com/advisories/36463 https://usn.ubuntu.com/825-1/ XForce ISS Database: libvorbis-residue-bo(42402) https://exchange.xforce.ibmcloud.com/vulnerabilities/42402 Common Vulnerability Exposure (CVE) ID: CVE-2008-1423 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9851 XForce ISS Database: libvorbis-quantvals-quantlist-bo(42403) https://exchange.xforce.ibmcloud.com/vulnerabilities/42403
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.