Debian セキュリティ勧告

DSA-1939-1 libvorbis -- 複数の脆弱性

報告日時:
2009-11-24
影響を受けるパッケージ:
libvorbis
危険性:
あり
参考セキュリティデータベース:
Debian バグ追跡システム: バグ 540958.
Mitre の CVE 辞書: CVE-2009-2663, CVE-2009-3379.
詳細:

Lucas Adamski, Matthew Gregan, David Keeler, および Dan Kaminsky の各氏 により、Vorbis 汎用圧縮オーディオコーデックライブラリ libvorbis がある 種の不正な形式の ogg ファイルを正しく処理していないことが発見されました。 攻撃者はこの欠陥を細工した .ogg ファイルで悪用し、サービス拒否攻撃 (メ モリ破壊とアプリケーションクラッシュ) が可能で、更に任意のコードの実行 の可能性があります。

旧安定版 (oldstable) ディストリビューション (etch) では、これらの問題は バージョン 1.1.2.dfsg-1.4+etch1 で修正されています。

安定版 (stable) ディストリビューション (lenny) では、これらの問題はバー ジョン 1.2.0.dfsg-3.1+lenny1 で修正されています。

テスト版 (squeeze) および不安定版 (unstable) ディストリビューションでは、 これらの問題はバージョン 1.2.3-1 で修正されています。

直ぐに libvorbis パッケージをアップグレードすることを勧めます。

修正:

Debian GNU/Linux 4.0 (etch)

ソース:
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis_1.1.2.dfsg-1.4+etch1.diff.gz
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis_1.1.2.dfsg.orig.tar.gz
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis_1.1.2.dfsg-1.4+etch1.dsc
Alpha:
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.4+etch1_alpha.deb
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.4+etch1_alpha.deb
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.4+etch1_alpha.deb
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.4+etch1_alpha.deb
AMD64:
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.4+etch1_amd64.deb
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.4+etch1_amd64.deb
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.4+etch1_amd64.deb
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.4+etch1_amd64.deb
ARM:
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.4+etch1_arm.deb
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.4+etch1_arm.deb
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.4+etch1_arm.deb
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.4+etch1_arm.deb
HP Precision:
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.4+etch1_hppa.deb
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.4+etch1_hppa.deb
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.4+etch1_hppa.deb
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.4+etch1_hppa.deb
Intel IA-32:
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.4+etch1_i386.deb
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.4+etch1_i386.deb
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.4+etch1_i386.deb
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.4+etch1_i386.deb
Intel IA-64:
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.4+etch1_ia64.deb
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.4+etch1_ia64.deb
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.4+etch1_ia64.deb
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.4+etch1_ia64.deb
Big-endian MIPS:
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.4+etch1_mips.deb
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.4+etch1_mips.deb
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.4+etch1_mips.deb
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.4+etch1_mips.deb
Little-endian MIPS:
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.4+etch1_mipsel.deb
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.4+etch1_mipsel.deb
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.4+etch1_mipsel.deb
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.4+etch1_mipsel.deb
PowerPC:
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.4+etch1_powerpc.deb
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.4+etch1_powerpc.deb
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.4+etch1_powerpc.deb
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.4+etch1_powerpc.deb
IBM S/390:
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.4+etch1_s390.deb
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.4+etch1_s390.deb
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.4+etch1_s390.deb
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.4+etch1_s390.deb
Sun Sparc:
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.4+etch1_sparc.deb
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.4+etch1_sparc.deb
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.4+etch1_sparc.deb
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.4+etch1_sparc.deb

Debian GNU/Linux 5.0 (lenny)

ソース:
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis_1.2.0.dfsg-3.1+lenny1.diff.gz
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis_1.2.0.dfsg-3.1+lenny1.dsc
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis_1.2.0.dfsg.orig.tar.gz
Alpha:
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-3.1+lenny1_alpha.deb
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-3.1+lenny1_alpha.deb
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-3.1+lenny1_alpha.deb
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-3.1+lenny1_alpha.deb
AMD64:
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-3.1+lenny1_amd64.deb
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-3.1+lenny1_amd64.deb
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-3.1+lenny1_amd64.deb
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-3.1+lenny1_amd64.deb
ARM:
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-3.1+lenny1_arm.deb
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-3.1+lenny1_arm.deb
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-3.1+lenny1_arm.deb
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-3.1+lenny1_arm.deb
ARM EABI:
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-3.1+lenny1_armel.deb
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-3.1+lenny1_armel.deb
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-3.1+lenny1_armel.deb
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-3.1+lenny1_armel.deb
HP Precision:
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-3.1+lenny1_hppa.deb
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-3.1+lenny1_hppa.deb
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-3.1+lenny1_hppa.deb
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-3.1+lenny1_hppa.deb
Intel IA-32:
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-3.1+lenny1_i386.deb
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-3.1+lenny1_i386.deb
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-3.1+lenny1_i386.deb
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-3.1+lenny1_i386.deb
Intel IA-64:
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-3.1+lenny1_ia64.deb
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-3.1+lenny1_ia64.deb
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-3.1+lenny1_ia64.deb
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-3.1+lenny1_ia64.deb
Big-endian MIPS:
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-3.1+lenny1_mips.deb
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-3.1+lenny1_mips.deb
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-3.1+lenny1_mips.deb
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-3.1+lenny1_mips.deb
Little-endian MIPS:
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-3.1+lenny1_mipsel.deb
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-3.1+lenny1_mipsel.deb
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-3.1+lenny1_mipsel.deb
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-3.1+lenny1_mipsel.deb
PowerPC:
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-3.1+lenny1_powerpc.deb
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-3.1+lenny1_powerpc.deb
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-3.1+lenny1_powerpc.deb
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-3.1+lenny1_powerpc.deb
IBM S/390:
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-3.1+lenny1_s390.deb
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-3.1+lenny1_s390.deb
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-3.1+lenny1_s390.deb
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-3.1+lenny1_s390.deb
Sun Sparc:
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-3.1+lenny1_sparc.deb
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-3.1+lenny1_sparc.deb
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-3.1+lenny1_sparc.deb
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-3.1+lenny1_sparc.deb

一覧にあるファイルの MD5 チェックサムは勧告の原文にあります。