Articles / Debian: New speex packages …

Debian: New speex packages fix execution of arbitrary code

It was discovered that speex, The Speex codec command line tools, did not correctly did not correctly deal with negative offsets in a particular header field. This could allow a malicious file to execute arbitrary code. Fixed packages are available from security.debian.org.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1585-1                  security@debian.org
http://www.debian.org/security/                               Steve Kemp
May 21, 2008                          http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : speex
Vulnerability  : integer overflow
Problem type   : local
Debian-specific: no
CVE Id(s)      : CVE-2008-1686

It was discovered that speex, The Speex codec command line tools, did
not correctly did not correctly deal with negative offsets in a particular
header field.  This could allow a malicious file to execute arbitrary
code.

For the stable distribution (etch), this problem has been fixed in version
1.1.12-3etch1.

We recommend that you upgrade your speex package.


Upgrade instructions
- --------------------

wget url
       will fetch the file for you
dpkg -i file.deb
       will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
       will update the internal database
apt-get upgrade
       will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------

Source archives:

 http://security.debian.org/pool/updates/main/s/speex/speex_1.1.12.orig.tar.gz
   Size/MD5 checksum:   740110 1bd6cdf3a0ebabf818cd72a3401e2610
 http://security.debian.org/pool/updates/main/s/speex/speex_1.1.12-3etch1.diff.gz
   Size/MD5 checksum:    16595 589686ba95740aa4a3e5549f985b2a1e
 http://security.debian.org/pool/updates/main/s/speex/speex_1.1.12-3etch1.dsc
   Size/MD5 checksum:      878 ab141143903f5ff0b32e42c413ba3bd5

Architecture independent packages:

 http://security.debian.org/pool/updates/main/s/speex/speex-doc_1.1.12-3etch1_all.deb
   Size/MD5 checksum:  1765026 9bda06707fdacf89ce47e3b16184da7e

alpha architecture (DEC Alpha)

 http://security.debian.org/pool/updates/main/s/speex/libspeex1_1.1.12-3etch1_alpha.deb
   Size/MD5 checksum:    87436 c3c2045fb8d07accaf2b04199fc5e07d
 http://security.debian.org/pool/updates/main/s/speex/libspeex-dev_1.1.12-3etch1_alpha.deb
   Size/MD5 checksum:   127628 ae0d23d6542f4ec2b387d3e5129f072f
 http://security.debian.org/pool/updates/main/s/speex/speex_1.1.12-3etch1_alpha.deb
   Size/MD5 checksum:    27558 4aa4711d1ce23548ede4c7a2cf4d8d41

amd64 architecture (AMD x86_64 (AMD64))

 http://security.debian.org/pool/updates/main/s/speex/libspeex1_1.1.12-3etch1_amd64.deb
   Size/MD5 checksum:    78802 f95d7ce2b1d4eb0d31ac136dc7f9bc42
 http://security.debian.org/pool/updates/main/s/speex/speex_1.1.12-3etch1_amd64.deb
   Size/MD5 checksum:    25840 e25a296956d4e4d64c800ac2bb9b9d52
 http://security.debian.org/pool/updates/main/s/speex/libspeex-dev_1.1.12-3etch1_amd64.deb
   Size/MD5 checksum:   106064 e23d8bb042fea0fcb5e6bdbf320a8c9d

arm architecture (ARM)

 http://security.debian.org/pool/updates/main/s/speex/speex_1.1.12-3etch1_arm.deb
   Size/MD5 checksum:    25932 7cfea1ec2ae44fefa975ff298c6c0ad2
 http://security.debian.org/pool/updates/main/s/speex/libspeex1_1.1.12-3etch1_arm.deb
   Size/MD5 checksum:    75946 c8dd3e44e83df61526816406f806cf52
 http://security.debian.org/pool/updates/main/s/speex/libspeex-dev_1.1.12-3etch1_arm.deb
   Size/MD5 checksum:    93358 a75dee44feb184451b93b15025fe0481

i386 architecture (Intel ia32)

 http://security.debian.org/pool/updates/main/s/speex/libspeex1_1.1.12-3etch1_i386.deb
   Size/MD5 checksum:    76400 e36b4b453a1c9810c7422c0e9174780e
 http://security.debian.org/pool/updates/main/s/speex/speex_1.1.12-3etch1_i386.deb
   Size/MD5 checksum:    25424 878ca5f27331a9fe214c070a058d432a
 http://security.debian.org/pool/updates/main/s/speex/libspeex-dev_1.1.12-3etch1_i386.deb
   Size/MD5 checksum:    93212 3ae87c42c88ea0299e34d34e40f59adf

mips architecture (MIPS (Big Endian))

 http://security.debian.org/pool/updates/main/s/speex/speex_1.1.12-3etch1_mips.deb
   Size/MD5 checksum:    25778 3f5aa30bf033ebee2030d2df8da7ad01
 http://security.debian.org/pool/updates/main/s/speex/libspeex1_1.1.12-3etch1_mips.deb
   Size/MD5 checksum:    79550 8579afd56d4fa799b26f99a88697b594
 http://security.debian.org/pool/updates/main/s/speex/libspeex-dev_1.1.12-3etch1_mips.deb
   Size/MD5 checksum:   112552 afed5eb65aaa68d56b0ab1e8ceb7b9ab

mipsel architecture (MIPS (Little Endian))

 http://security.debian.org/pool/updates/main/s/speex/speex_1.1.12-3etch1_mipsel.deb
   Size/MD5 checksum:    25658 6bb7e6e3c8b96a19353548fe218986ae
 http://security.debian.org/pool/updates/main/s/speex/libspeex-dev_1.1.12-3etch1_mipsel.deb
   Size/MD5 checksum:   113464 b4400e5b439a92a73a37624ef39ec156
 http://security.debian.org/pool/updates/main/s/speex/libspeex1_1.1.12-3etch1_mipsel.deb
   Size/MD5 checksum:    79760 f4b7c5d4ee70b35d58a12d9e3d0aacba

sparc architecture (Sun SPARC/UltraSPARC)

 http://security.debian.org/pool/updates/main/s/speex/libspeex-dev_1.1.12-3etch1_sparc.deb
   Size/MD5 checksum:   100110 09ca9b0636b05f702d5460e95a0f2bbf
 http://security.debian.org/pool/updates/main/s/speex/libspeex1_1.1.12-3etch1_sparc.deb
   Size/MD5 checksum:    77984 d11112e21637cd910fd55202ac039dcb
 http://security.debian.org/pool/updates/main/s/speex/speex_1.1.12-3etch1_sparc.deb
   Size/MD5 checksum:    25708 3403ccb0987b5e7bbf7c7d988d28b4bf


 These files will probably be moved into the stable distribution on
 its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFINGY5wM/Gs81MDZ0RAoBwAKDhWdpoIo0cclxV0w2VfZ0c7i94TQCffhPJ
etleTbIlHqjFXR3m+r2g1tE=
=04Fy
-----END PGP SIGNATURE-----
Screenshot

Project Spotlight

Kigo Video Converter Ultimate for Mac

A tool for converting and editing videos.

Screenshot

Project Spotlight

Kid3

An efficient tagger for MP3, Ogg/Vorbis, and FLAC files.