Bug 249780 (CVE-2007-4029, CVE-2007-4065, CVE-2007-4066)
Summary: | CVE-2007-4065 Multiple libvorbis flaws (CVE-2007-4066, CVE-2007-4029) | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Josh Bressers <bressers> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | kreilly |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2008-01-17 15:47:49 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 250612, 250613, 250614, 250615, 250616, 250617, 250618, 250619, 251668 | ||
Bug Blocks: |
Description
Josh Bressers
2007-07-26 23:23:55 UTC
Here is the breakdown of CVE id to libvorbis commit id mapping: CVE-2007-4065: 13217 (infinite loop) CVE-2007-4029 covers 2 issues with unknown commit IDs. According to Monty these two issues are the commit ids: 13151, 13154, 13155, 13167 and 13149, 13153, 13179 CVE-2007-4066: multiple flaws 13215: multiplexed/non Vorbis stream support [heap read, potential heap write] 13211: better return value checking of seeks [heap read, potential heap write] 13169,13170,13172: correctly handle codebooks with zero entires [heap read/write] 13168: low bitrate static mode declaration error [static read, heap read, potential heap write] 13162: static initializer declarations, check-before-free error fixes [heap read/write] This issue was addressed in: Red Hat Enterprise Linux: http://rhn.redhat.com/errata/RHSA-2007-0845.html http://rhn.redhat.com/errata/RHSA-2007-0912.html Fedora: https://admin.fedoraproject.org/updates/F7/FEDORA-2007-1765 |