Oval Definition:oval:com.redhat.rhsa:def:20080235
Revision Date:2008-04-16Version:637
Title:RHSA-2008:0235: speex security update (Important)
Description:Speex is a patent-free compression format designed especially for speech. The Speex package contains a library for handling Speex files and sample encoder and decoder implementations using this library.

  • The Speex library was found to not properly validate input values read from the Speex files headers. An attacker could create a malicious Speex file that would crash an application or, possibly, allow arbitrary code execution with the privileges of the application calling the Speex library. (CVE-2008-1686)

    All users of speex are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2008-1686
    RHSA-2008:0235
    RHSA-2008:0235-01
    RHSA-2008:0235-01
    Platform(s):Red Hat Enterprise Linux 4
    Red Hat Enterprise Linux 5
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND
  • speex is earlier than 0:1.0.4-4.el4_6.1
  • AND speex is signed with Red Hat redhatrelease2 key
  • speex-devel is earlier than 0:1.0.4-4.el4_6.1
  • AND speex-devel is signed with Red Hat redhatrelease2 key
  • OR Package Information
  • Red Hat Enterprise Linux 5 is installed
  • AND
  • speex is earlier than 0:1.0.5-4.el5_1.1
  • AND speex is signed with Red Hat redhatrelease2 key
  • speex-devel is earlier than 0:1.0.5-4.el5_1.1
  • AND speex-devel is signed with Red Hat redhatrelease2 key
    • BACK