Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 553
Alerts This Week
Warning Icon 1 553

openSUSE 11.4: 2012:0319-1 Critical: Libvorbis Buffer Overflow

opensuse
Calendar Grey March 1, 2012
Dist Opensuse Esm H88
openSUSE Security Patch for libvorbis fixes a severe buffer overflow vulnerability. Ensure your system is up to date via YaST or zypper commands.
An update that fixes one vulnerability is now available

Description

Specially crafted ogg files could cause a heap-based buffer

overflow in the vorbis audio compression library that could

potentially be exploited by attackers to cause a crash or

execute arbitrary code (CVE-2012-0444).

Patch

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

- openSUSE 11.4:

zypper in -t patch libvorbis-5850

To bring your system up-to-date, use "zypper patch".

Package List

- openSUSE 11.4 (i586 x86_64):

libvorbis-devel-1.3.2-6.7.1

libvorbis0-1.3.2-6.7.1

libvorbisenc2-1.3.2-6.7.1

libvorbisfile3-1.3.2-6.7.1

- openSUSE 11.4 (x86_64):

libvorbis0-32bit-1.3.2-6.7.1

libvorbisenc2-32bit-1.3.2-6.7.1

libvorbisfile3-32bit-1.3.2-6.7.1

- openSUSE 11.4 (noarch):

libvorbis-doc-1.3.2-6.7.1

References

https://www.suse.com/security/cve/CVE-2012-0444.html

Severity
critical
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2012:0319-1
Rating: important
Affected Products: openSUSE 11.4 .

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.