[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DSA 1585-1] New speex packages fix execution of arbitrary code



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1585-1                  security@debian.org
http://www.debian.org/security/                               Steve Kemp
May 21, 2008                          http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : speex
Vulnerability  : integer overflow
Problem type   : local
Debian-specific: no
CVE Id(s)      : CVE-2008-1686

It was discovered that speex, The Speex codec command line tools, did
not correctly did not correctly deal with negative offsets in a particular
header field.  This could allow a malicious file to execute arbitrary
code.

For the stable distribution (etch), this problem has been fixed in version
1.1.12-3etch1.

We recommend that you upgrade your speex package.


Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------

Source archives:

  http://security.debian.org/pool/updates/main/s/speex/speex_1.1.12.orig.tar.gz
    Size/MD5 checksum:   740110 1bd6cdf3a0ebabf818cd72a3401e2610
  http://security.debian.org/pool/updates/main/s/speex/speex_1.1.12-3etch1.diff.gz
    Size/MD5 checksum:    16595 589686ba95740aa4a3e5549f985b2a1e
  http://security.debian.org/pool/updates/main/s/speex/speex_1.1.12-3etch1.dsc
    Size/MD5 checksum:      878 ab141143903f5ff0b32e42c413ba3bd5

Architecture independent packages:

  http://security.debian.org/pool/updates/main/s/speex/speex-doc_1.1.12-3etch1_all.deb
    Size/MD5 checksum:  1765026 9bda06707fdacf89ce47e3b16184da7e

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/s/speex/libspeex1_1.1.12-3etch1_alpha.deb
    Size/MD5 checksum:    87436 c3c2045fb8d07accaf2b04199fc5e07d
  http://security.debian.org/pool/updates/main/s/speex/libspeex-dev_1.1.12-3etch1_alpha.deb
    Size/MD5 checksum:   127628 ae0d23d6542f4ec2b387d3e5129f072f
  http://security.debian.org/pool/updates/main/s/speex/speex_1.1.12-3etch1_alpha.deb
    Size/MD5 checksum:    27558 4aa4711d1ce23548ede4c7a2cf4d8d41

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/s/speex/libspeex1_1.1.12-3etch1_amd64.deb
    Size/MD5 checksum:    78802 f95d7ce2b1d4eb0d31ac136dc7f9bc42
  http://security.debian.org/pool/updates/main/s/speex/speex_1.1.12-3etch1_amd64.deb
    Size/MD5 checksum:    25840 e25a296956d4e4d64c800ac2bb9b9d52
  http://security.debian.org/pool/updates/main/s/speex/libspeex-dev_1.1.12-3etch1_amd64.deb
    Size/MD5 checksum:   106064 e23d8bb042fea0fcb5e6bdbf320a8c9d

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/s/speex/speex_1.1.12-3etch1_arm.deb
    Size/MD5 checksum:    25932 7cfea1ec2ae44fefa975ff298c6c0ad2
  http://security.debian.org/pool/updates/main/s/speex/libspeex1_1.1.12-3etch1_arm.deb
    Size/MD5 checksum:    75946 c8dd3e44e83df61526816406f806cf52
  http://security.debian.org/pool/updates/main/s/speex/libspeex-dev_1.1.12-3etch1_arm.deb
    Size/MD5 checksum:    93358 a75dee44feb184451b93b15025fe0481

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/s/speex/libspeex1_1.1.12-3etch1_i386.deb
    Size/MD5 checksum:    76400 e36b4b453a1c9810c7422c0e9174780e
  http://security.debian.org/pool/updates/main/s/speex/speex_1.1.12-3etch1_i386.deb
    Size/MD5 checksum:    25424 878ca5f27331a9fe214c070a058d432a
  http://security.debian.org/pool/updates/main/s/speex/libspeex-dev_1.1.12-3etch1_i386.deb
    Size/MD5 checksum:    93212 3ae87c42c88ea0299e34d34e40f59adf

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/s/speex/speex_1.1.12-3etch1_mips.deb
    Size/MD5 checksum:    25778 3f5aa30bf033ebee2030d2df8da7ad01
  http://security.debian.org/pool/updates/main/s/speex/libspeex1_1.1.12-3etch1_mips.deb
    Size/MD5 checksum:    79550 8579afd56d4fa799b26f99a88697b594
  http://security.debian.org/pool/updates/main/s/speex/libspeex-dev_1.1.12-3etch1_mips.deb
    Size/MD5 checksum:   112552 afed5eb65aaa68d56b0ab1e8ceb7b9ab

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/s/speex/speex_1.1.12-3etch1_mipsel.deb
    Size/MD5 checksum:    25658 6bb7e6e3c8b96a19353548fe218986ae
  http://security.debian.org/pool/updates/main/s/speex/libspeex-dev_1.1.12-3etch1_mipsel.deb
    Size/MD5 checksum:   113464 b4400e5b439a92a73a37624ef39ec156
  http://security.debian.org/pool/updates/main/s/speex/libspeex1_1.1.12-3etch1_mipsel.deb
    Size/MD5 checksum:    79760 f4b7c5d4ee70b35d58a12d9e3d0aacba

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/s/speex/libspeex-dev_1.1.12-3etch1_sparc.deb
    Size/MD5 checksum:   100110 09ca9b0636b05f702d5460e95a0f2bbf
  http://security.debian.org/pool/updates/main/s/speex/libspeex1_1.1.12-3etch1_sparc.deb
    Size/MD5 checksum:    77984 d11112e21637cd910fd55202ac039dcb
  http://security.debian.org/pool/updates/main/s/speex/speex_1.1.12-3etch1_sparc.deb
    Size/MD5 checksum:    25708 3403ccb0987b5e7bbf7c7d988d28b4bf


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFINGY5wM/Gs81MDZ0RAoBwAKDhWdpoIo0cclxV0w2VfZ0c7i94TQCffhPJ
etleTbIlHqjFXR3m+r2g1tE=
=04Fy
-----END PGP SIGNATURE-----


Reply to: