-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 -------------------------------------------------------------------------- Turbolinux Security Advisory TLSA-2007-50 http://www.turbolinux.co.jp/security/ security-team@turbolinux.co.jp -------------------------------------------------------------------------- Original released date: 15 Oct 2007 Last revised: 15 Oct 2005 Package: libvorbis Summary: Denial of service More information: Libvorbis is a library for handling Ogg Vorbis, a fully open, non-proprietary, patent-and-royalty-free, general-purpose compressed audio format for audio and music at fixed and variable bitrates from 16 to 128 kbps/channel. Remote attackers to execute arbitrary code. Impact: These vulnerabilities may allow remote attackers to execute arbitrary code. Affected Products: - wizpy - Turbolinux Appliance Server 2.0 - Turbolinux FUJI - Turbolinux 10 Server x64 Edition - Turbolinux 10 Server - Turbolinux Home - Turbolinux 10 F... - Turbolinux 10 Desktop - Turbolinux Multimedia - Turbolinux Personal - Turbolinux 8 Server Source Packages Size: MD5 libvorbis-1.0.1-5.src.rpm 1217179 12a20e2a9fd197847b91b4d488bace70 Binary Packages Size: MD5 libvorbis-1.0.1-5.i386.rpm 164666 2187d87e3157c4224d3f9c149ce8c437 Source Packages Size: MD5 libvorbis-1.0.1-5.src.rpm 1217179 da51a4e7d4406c902619bf12747fb13b Binary Packages Size: MD5 libvorbis-1.0.1-5.i586.rpm 172088 0d307a74d04cede76c3277bac832a8ec libvorbis-devel-1.0.1-5.i586.rpm 460348 2f98c84586f77b0897455eec98a27137 Source Packages Size: MD5 libvorbis-1.0.1-5.src.rpm 1217179 000917bd781f5beadab785103eeafd3e Binary Packages Size: MD5 libvorbis-1.0.1-5.i686.rpm 191787 887b65aaacfc65c4299f0601fcf81d19 libvorbis-devel-1.0.1-5.i686.rpm 500896 9858ddb1f6f46e640f3d249a6cb5862b Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/SRPMS/libvorbis-1.0.1-5.src.rpm 1217179 20afcb5c5af8e22c760461782514e46c Binary Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/libvorbis-1.0.1-5.x86_64.rpm 184997 1a2230d2c0cf3f5252c907f76c9132f8 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/libvorbis-devel-1.0.1-5.x86_64.rpm 468137 a192472aa071cd08ec2d10db52991243 Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/libvorbis-1.0.1-5.src.rpm 1217179 da51a4e7d4406c902619bf12747fb13b Binary Packages Size: MD5 libvorbis-1.0.1-5.i586.rpm 172088 0d307a74d04cede76c3277bac832a8ec libvorbis-devel-1.0.1-5.i586.rpm 460348 2f98c84586f77b0897455eec98a27137 Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/libvorbis-1.0-3.src.rpm 747976 f6423e4ee3cc9d60f8f9bbc146872a08 Binary Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/libvorbis-1.0-3.i586.rpm 135126 56778cf851c59ae6e6e67cca2a2a928b Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/libvorbis-1.0-3.src.rpm 747976 4af7e3457391d64e3fda563e3d30057e Binary Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/libvorbis-1.0-3.i586.rpm 180398 63d5bdacb8972aecf46e4b77f53001e7 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/libvorbis-devel-1.0-3.i586.rpm 434918 d0f67faf4094ebbc1410f3e00d7a3518 References: CVE [CVE-2007-3106] http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3106 [CVE-2007-4029] http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4029 -------------------------------------------------------------------------- Revision History 15 Oct 2007 Initial release -------------------------------------------------------------------------- Copyright(C) 2007 Turbolinux, Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHE0lYK0LzjOqIJMwRAoNcAJ99ewhA8d/ty0dAYPOtmeniqnSt9QCfdzNN 1WdY11uR6a7wXR1iAdB7WC4= =4XN0 -----END PGP SIGNATURE-----