Rapid7 Vulnerability & Exploit Database

RHSA-2009:1561: libvorbis security update

Back to Search

RHSA-2009:1561: libvorbis security update

Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
10/29/2009
Created
07/25/2018
Added
11/12/2009
Modified
07/04/2017

Description

The libvorbis packages contain runtime libraries for use in programs thatsupport Ogg Vorbis. Ogg Vorbis is a fully open, non-proprietary, patent-androyalty-free, general-purpose compressed audio format.Multiple flaws were found in the libvorbis library. A specially-crafted OggVorbis media format file (Ogg) could cause an application using libvorbisto crash or, possibly, execute arbitrary code when opened. (CVE-2009-3379)Users of libvorbis should upgrade to these updated packages, which containbackported patches to correct these issues. The desktop must be restarted(log out, then log back in) for this update to take effect.

Solution(s)

  • redhat-upgrade-libvorbis
  • redhat-upgrade-libvorbis-devel

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;