Mandriva Linux Security Advisory : vorbis-tools (MDVSA-2008:093)
High Nessus Plugin ID 37218
SynopsisThe remote Mandriva Linux host is missing a security update.
DescriptionA vulnerability in the Speex library was found where it did not properly validate input values read from the Speex files headers. An attacker could create a malicious Speex file that would crash an application or potentially allow the execution of arbitrary code with the privileges of the application calling the Speex library (CVE-2008-1686).
The ogg123 application in vorbis-tools is similarly affected by this issue.
The updated packages have been patched to correct this issue.
SolutionUpdate the affected vorbis-tools package.