Gentoo Archives: gentoo-announce

From: Robert Buchholz <rbu@g.o>
To: gentoo-announce@l.g.o
Cc: bugtraq@×××××××××××××.com, full-disclosure@××××××××××××××.uk, security-alerts@×××××××××××××.com
Subject: [gentoo-announce] [ GLSA 200804-17 ] Speex: User-assisted execution of arbitrary code
Date: Thu, 17 Apr 2008 12:21:39
Message-Id: 200804171417.57556.rbu@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 200804-17
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 http://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: Speex: User-assisted execution of arbitrary code
9 Date: April 17, 2008
10 Bugs: #217715
11 ID: 200804-17
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Improper input validation in Speex might lead to array indexing
19 vulnerabilities in multiple player applications.
20
21 Background
22 ==========
23
24 Speex is an audio compression format designed for speech that is free
25 of patent restrictions.
26
27 Affected packages
28 =================
29
30 -------------------------------------------------------------------
31 Package / Vulnerable / Unaffected
32 -------------------------------------------------------------------
33 1 media-libs/speex < 1.2_beta3_p2 >= 1.2_beta3_p2
34
35 Description
36 ===========
37
38 oCERT reported that the Speex library does not properly validate the
39 "mode" value it derives from Speex streams, allowing for array indexing
40 vulnerabilities inside multiple player applications. Within Gentoo,
41 xine-lib, VLC, gst-plugins-speex from the GStreamer Good Plug-ins,
42 vorbis-tools, libfishsound, Sweep, SDL_sound, and speexdec were found
43 to be vulnerable.
44
45 Impact
46 ======
47
48 A remote attacker could entice a user to open a specially crafted Speex
49 file or network stream with an application listed above. This might
50 lead to the execution of arbitrary code with privileges of the user
51 playing the file.
52
53 Workaround
54 ==========
55
56 There is no known workaround at this time.
57
58 Resolution
59 ==========
60
61 All Speex users should upgrade to the latest version:
62
63 # emerge --sync
64 # emerge --ask --oneshot --verbose ">=media-libs/speex-1.2_beta3_p2"
65
66 References
67 ==========
68
69 [ 1 ] CVE-2008-1686
70 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1686
71
72 Availability
73 ============
74
75 This GLSA and any updates to it are available for viewing at
76 the Gentoo Security Website:
77
78 http://security.gentoo.org/glsa/glsa-200804-17.xml
79
80 Concerns?
81 =========
82
83 Security is a primary focus of Gentoo Linux and ensuring the
84 confidentiality and security of our users machines is of utmost
85 importance to us. Any security concerns should be addressed to
86 security@g.o or alternatively, you may file a bug at
87 http://bugs.gentoo.org.
88
89 License
90 =======
91
92 Copyright 2008 Gentoo Foundation, Inc; referenced text
93 belongs to its owner(s).
94
95 The contents of this document are licensed under the
96 Creative Commons - Attribution / Share Alike license.
97
98 http://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature