Articles / SuSE: New libvorbis package…

SuSE: New libvorbis packages fix security vulnerabilities

Specially crafted ogg files could cause a heap-based buffer overflow in the vorbis audio compression library that could potentially be exploited by attackers to cause a crash or execute arbitrary code. Updated packages are available from download.opensuse.org.

  openSUSE Security Update: libvorbis: fixed a heap based buffer overflow
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2012:0319-1
Rating:             important
References:         #747912 
Cross-References:   CVE-2012-0444
Affected Products:
                   openSUSE 11.4
______________________________________________________________________________

  An update that fixes one vulnerability is now available.

Description:

  Specially crafted ogg files could cause a heap-based buffer
  overflow in the vorbis audio compression library that could
  potentially be exploited by attackers to cause a crash or
  execute arbitrary code (CVE-2012-0444).


Patch Instructions:

  To install this openSUSE Security Update use YaST online_update.
  Alternatively you can run the command listed for your product:

  - openSUSE 11.4:

     zypper in -t patch libvorbis-5850

  To bring your system up-to-date, use "zypper patch".


Package List:

  - openSUSE 11.4 (i586 x86_64):

     libvorbis-devel-1.3.2-6.7.1
     libvorbis0-1.3.2-6.7.1
     libvorbisenc2-1.3.2-6.7.1
     libvorbisfile3-1.3.2-6.7.1

  - openSUSE 11.4 (x86_64):

     libvorbis0-32bit-1.3.2-6.7.1
     libvorbisenc2-32bit-1.3.2-6.7.1
     libvorbisfile3-32bit-1.3.2-6.7.1

  - openSUSE 11.4 (noarch):

     libvorbis-doc-1.3.2-6.7.1


References:

  http://support.novell.com/security/cve/CVE-2012-0444.html
  https://bugzilla.novell.com/747912
Screenshot

Project Spotlight

Kigo Video Converter Ultimate for Mac

A tool for converting and editing videos.

Screenshot

Project Spotlight

Kid3

An efficient tagger for MP3, Ogg/Vorbis, and FLAC files.