Oval Definition:oval:com.redhat.rhsa:def:20070845
Revision Date:2008-03-20Version:637
Title:RHSA-2007:0845: libvorbis security update (Important)
Description:The libvorbis package contains runtime libraries for use in programs that support Ogg Voribs. Ogg Vorbis is a fully open, non-proprietary, patent-and royalty-free, general-purpose compressed audio format.

  • Several flaws were found in the way libvorbis processed audio data. An attacker could create a carefully crafted OGG audio file in such a way that it could cause an application linked with libvorbis to crash or execute arbitrary code when it was opened. (CVE-2007-3106, CVE-2007-4029, CVE-2007-4065, CVE-2007-4066)

    Users of libvorbis are advised to upgrade to this updated package, which contains backported patches that resolve these issues.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2007-3106
    CVE-2007-4029
    CVE-2007-4065
    CVE-2007-4066
    RHSA-2007:0845
    RHSA-2007:0845-03
    RHSA-2007:0845-03
    Platform(s):Red Hat Enterprise Linux 3
    Red Hat Enterprise Linux 4
    Red Hat Enterprise Linux 5
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 3 is installed
  • AND
  • libvorbis is earlier than 1:1.0-8.el3
  • AND libvorbis is signed with Red Hat master key
  • libvorbis-devel is earlier than 1:1.0-8.el3
  • AND libvorbis-devel is signed with Red Hat master key
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND
  • libvorbis-devel is earlier than 1:1.1.0-2.el4.5
  • AND libvorbis-devel is signed with Red Hat master key
  • libvorbis is earlier than 1:1.1.0-2.el4.5
  • AND libvorbis is signed with Red Hat master key
  • OR Package Information
  • Red Hat Enterprise Linux 5 is installed
  • AND
  • libvorbis is earlier than 1:1.1.2-3.el5.0
  • AND libvorbis is signed with Red Hat redhatrelease key
  • libvorbis-devel is earlier than 1:1.1.2-3.el5.0
  • AND libvorbis-devel is signed with Red Hat redhatrelease key
    • Definition Synopsis
  • Release Information
  • Red Hat Enterprise Linux 3 is installed
  • AND
  • libvorbis is earlier than 1:1.0-8.el3
  • AND libvorbis is signed with Red Hat master key
  • libvorbis-devel is earlier than 1:1.0-8.el3
  • AND libvorbis-devel is signed with Red Hat master key
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND
  • libvorbis is earlier than 1:1.1.0-2.el4.5
  • AND libvorbis is signed with Red Hat master key
  • libvorbis-devel is earlier than 1:1.1.0-2.el4.5
  • AND libvorbis-devel is signed with Red Hat master key
  • OR Package Information
  • Red Hat Enterprise Linux 5 is installed
  • AND
  • libvorbis is earlier than 1:1.1.2-3.el5.0
  • AND libvorbis is signed with Red Hat redhatrelease key
  • libvorbis-devel is earlier than 1:1.1.2-3.el5.0
  • AND libvorbis-devel is signed with Red Hat redhatrelease key
    • Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND
  • libvorbis is earlier than 1:1.1.0-2.el4.5
  • AND libvorbis is signed with Red Hat redhatrelease2 key
  • libvorbis-devel is earlier than 1:1.1.0-2.el4.5
  • AND libvorbis-devel is signed with Red Hat redhatrelease2 key
  • OR Package Information
  • Red Hat Enterprise Linux 5 is installed
  • AND
  • libvorbis is earlier than 1:1.1.2-3.el5.0
  • AND libvorbis is signed with Red Hat redhatrelease2 key
  • libvorbis-devel is earlier than 1:1.1.2-3.el5.0
  • AND libvorbis-devel is signed with Red Hat redhatrelease2 key
    • BACK