绿盟科技NSFOCUS安全漏洞系统

安全研究

安全漏洞

libvorbis多个缓冲区溢出漏洞

发布日期：2008-05-12
更新日期：2008-05-16

受影响系统：

Xiph.org Libvorbis 1.2

描述：

BUGTRAQ  ID: 29206
CVE(CAN) ID: CVE-2008-1419,CVE-2008-1420,CVE-2008-1423

libvorbis是开源的音频音乐编码解码函数库。

libvorbis在处理畸形格式的OGG文件时存在漏洞，远程攻击者可能利用此漏洞控制用户系统。

如果特制的OGG文件包含有codebook维度为0的话，打开该文件就会导致使用libvorbis库的应用程序崩溃、出现死循环或堆溢出。

如果使用libvorbis库的应用程序打开了特制的OGG文件的话，在处理residue分区值和计算quantvals及quantlist所需空间时可能会出现整数溢出，最终会导致堆溢出。

<*来源：Will Drewry （wad@google.com）

  链接：http://secunia.com/advisories/26232/
        https://www.redhat.com/support/errata/RHSA-2008-0271.html
        https://www.redhat.com/support/errata/RHSA-2008-0270.html
        http://www.debian.org/security/2008/dsa-1591
        http://security.gentoo.org/glsa/glsa-200806-09.xml
*>

建议：

厂商补丁：

Debian
------
Debian已经为此发布了一个安全公告（DSA-1591-1）以及相应补丁:
DSA-1591-1：New libvorbis packages fix several vulnerabilities
链接：http://www.debian.org/security/2008/dsa-1591

补丁下载：
Source archives:

http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis_1.1.2.dfsg-1.4.dsc
Size/MD5 checksum:      787 2f0bfd28fb368c43c56332e7de7a2e3d
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis_1.1.2.dfsg.orig.tar.gz
Size/MD5 checksum:  1312540 44cf09fef7f78e7c6ba7dd63b6137412
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis_1.1.2.dfsg-1.4.diff.gz
Size/MD5 checksum:    15782 62527e6adcff1dca42018a0252b19b91

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.4_alpha.deb
Size/MD5 checksum:    94500 edb2728b48cd6fc0357f62a7dc8fca5c
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.4_alpha.deb
Size/MD5 checksum:   110468 8273babee8a08c373671b468469b2ede
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.4_alpha.deb
Size/MD5 checksum:    19202 925dfba3f212e8b69c760c433b119716
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.4_alpha.deb
Size/MD5 checksum:   494958 0052fe78f4be43cb9a7f42ea2b25f7fe

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.4_amd64.deb
Size/MD5 checksum:    17790 f49da89a8b972614687f3a5e2f6c5bac
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.4_amd64.deb
Size/MD5 checksum:    93498 241499415b96f3e348d1ec9c66a45981
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.4_amd64.deb
Size/MD5 checksum:   101508 63e1e8392876a822dc664e21b19e0185
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.4_amd64.deb
Size/MD5 checksum:   468670 8c6c80eb7b8e7f8b49be1447357ebce1

arm architecture (ARM)

http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.4_arm.deb
Size/MD5 checksum:    75744 03dad28341cde24fbbfd20444bf346c2
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.4_arm.deb
Size/MD5 checksum:    18528 508cb939f65a367447c44add9dd8c11a
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.4_arm.deb
Size/MD5 checksum:    98190 a09c2d3021f7b9d2d9b2bf04b2d30957
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.4_arm.deb
Size/MD5 checksum:   458578 6dcadbb28c56a0a9368bfcd67b28d3fa

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.4_hppa.deb
Size/MD5 checksum:   483196 0435784553fb2b9c08c915da58c3c7e1
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.4_hppa.deb
Size/MD5 checksum:    21978 6ade3e3b040f8e01c4fe023df6faf2de
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.4_hppa.deb
Size/MD5 checksum:   108084 7d263ee14d29b787b0f32710ae2bffdf
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.4_hppa.deb
Size/MD5 checksum:    92430 72180513d203103e56e4929ca6da035f

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.4_i386.deb
Size/MD5 checksum:   453652 55bc31f817b6806d19d8f0696cc288cd
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.4_i386.deb
Size/MD5 checksum:    18884 5d4f1bccf5efa0d5ba5767b49f97d253
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.4_i386.deb
Size/MD5 checksum:    75346 f11509bd2b430f8be62706a13748d6bc
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.4_i386.deb
Size/MD5 checksum:    98176 d5b46716c8ab083b9c00b523a73a81b9

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.4_ia64.deb
Size/MD5 checksum:    98022 dabf436427e867a81074bdca0c53ef6e
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.4_ia64.deb
Size/MD5 checksum:   510180 1c4e1c58e7d63f10ff7efaf3a6555f46
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.4_ia64.deb
Size/MD5 checksum:    24700 8dadf685db0738f52c4b47420eff588a
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.4_ia64.deb
Size/MD5 checksum:   136046 b5d657cad9154915f0a9c0779e68cf1c

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.4_mips.deb
Size/MD5 checksum:   104986 3d6d14fff3621ed344e88e7bb57ae627
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.4_mips.deb
Size/MD5 checksum:    81588 e776156e4d5647f0aa591ea8b01d3aad
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.4_mips.deb
Size/MD5 checksum:    20946 5f5eca06d6b715087a4298d2db944fcf
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.4_mips.deb
Size/MD5 checksum:   479286 4a9404dab651fd387901d6eb223bd835

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.4_mipsel.deb
Size/MD5 checksum:    76982 63638be1a06154fa1126e5be3a4ac95e
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.4_mipsel.deb
Size/MD5 checksum:   469086 9c31f061ab04690bf52876821a9383ea
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.4_mipsel.deb
Size/MD5 checksum:    20944 5f59636c00cbe76590ac1ef23235cd8d
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.4_mipsel.deb
Size/MD5 checksum:   104948 be1bf5fd730d239f5cd62a92cd4b75e4

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.4_powerpc.deb
Size/MD5 checksum:   105760 ba397af813b092de9bea72accb46db4b
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.4_powerpc.deb
Size/MD5 checksum:    21394 7e12a198ce7bed6922d20da108e5bad5
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.4_powerpc.deb
Size/MD5 checksum:    82558 1299949b45c3a6fdba4fa64fcf48dc53
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.4_powerpc.deb
Size/MD5 checksum:   475206 7cda1ebdffc9b47d90efa594bea5d5b8

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.4_s390.deb
Size/MD5 checksum:   452736 403af241544bf4fd66f4993003f0f192
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.4_s390.deb
Size/MD5 checksum:    90546 f2f4a9e7410b946b91c4d44cef18f5af
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.4_s390.deb
Size/MD5 checksum:   102548 ad43cb11ddff398ee0a83ded1a024321
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.4_s390.deb
Size/MD5 checksum:    20920 7ffdc1f9962394073efae81356780428

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.4_sparc.deb
Size/MD5 checksum:    98252 fad4afe3566e986fe819a0fff6a2376e
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.4_sparc.deb
Size/MD5 checksum:   453410 ce3775bb59d55b9ba7e34469225e0d20
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.4_sparc.deb
Size/MD5 checksum:    17888 4eaf8a0cfd4f3b1c6f8332ccf1bf6ef4
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.4_sparc.deb
Size/MD5 checksum:    79796 57795226ac31a7b5bf7793e4e14dc89a

补丁安装方法：

1. 手工安装补丁包：

  首先，使用下面的命令来下载补丁软件：
  # wget url  (url是补丁下载链接地址)

  然后，使用下面的命令来安装补丁：
  # dpkg -i file.deb (file是相应的补丁名)

2. 使用apt-get自动安装补丁包：

   首先，使用下面的命令更新内部数据库：
   # apt-get update

   然后，使用下面的命令安装更新软件包：
   # apt-get upgrade

RedHat
------
RedHat已经为此发布了一个安全公告（RHSA-2008:0270-01）以及相应补丁:
RHSA-2008:0270-01：Important: libvorbis security update
链接：https://www.redhat.com/support/errata/RHSA-2008-0270.html

Gentoo
------
Gentoo已经为此发布了一个安全公告（GLSA-200806-09）以及相应补丁:
GLSA-200806-09：libvorbis: Multiple vulnerabilities
链接：http://security.gentoo.org/glsa/glsa-200806-09.xml

所有libvorbis用户都应升级到最新版本：

    # emerge --sync
    # emerge --ask --oneshot -v ">=media-libs/libvorbis-1.2.1_rc1"

Xiph.org
--------
目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：

https://trac.xiph.org/changeset/14602
https://trac.xiph.org/changeset/14598
https://trac.xiph.org/changeset/14600
https://trac.xiph.org/changeset/14604

浏览次数：3306
严重程度：0（网友投票）

本安全漏洞由绿盟科技翻译整理，版权所有，未经许可，不得转载
绿盟科技给您安全的保障

关于我们: 公司介绍; 公司荣誉; 公司新闻

联系我们: 公司总部; 分支机构; 海外机构

快速链接: 绿盟云; 绿盟威胁情报中心NTI; 技术博客