libvorbis-devel-1.3.5-2.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10024-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z libvorbis-devel-1.3.5-2.1 on GA media These are all security issues fixed in the libvorbis-devel-1.3.5-2.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10024 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2008-1420/ SUSE CVE CVE-2008-1420 page https://www.suse.com/security/cve/CVE-2009-3379/ SUSE CVE CVE-2009-3379 page https://www.suse.com/security/cve/CVE-2012-0444/ SUSE CVE CVE-2012-0444 page openSUSE Tumbleweed libvorbis-devel-1.3.5-2.1 libvorbis-devel-32bit-1.3.5-2.1 libvorbis-doc-1.3.5-2.1 libvorbis0-1.3.5-2.1 libvorbis0-32bit-1.3.5-2.1 libvorbisenc2-1.3.5-2.1 libvorbisenc2-32bit-1.3.5-2.1 libvorbisfile3-1.3.5-2.1 libvorbisfile3-32bit-1.3.5-2.1 libvorbis-devel-1.3.5-2.1 as a component of openSUSE Tumbleweed libvorbis-devel-32bit-1.3.5-2.1 as a component of openSUSE Tumbleweed libvorbis-doc-1.3.5-2.1 as a component of openSUSE Tumbleweed libvorbis0-1.3.5-2.1 as a component of openSUSE Tumbleweed libvorbis0-32bit-1.3.5-2.1 as a component of openSUSE Tumbleweed libvorbisenc2-1.3.5-2.1 as a component of openSUSE Tumbleweed libvorbisenc2-32bit-1.3.5-2.1 as a component of openSUSE Tumbleweed libvorbisfile3-1.3.5-2.1 as a component of openSUSE Tumbleweed libvorbisfile3-32bit-1.3.5-2.1 as a component of openSUSE Tumbleweed Integer overflow in residue partition value (aka partvals) evaluation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to execute arbitrary code via a crafted OGG file, which triggers a heap overflow. CVE-2008-1420 openSUSE Tumbleweed:libvorbis-devel-1.3.5-2.1 openSUSE Tumbleweed:libvorbis-devel-32bit-1.3.5-2.1 openSUSE Tumbleweed:libvorbis-doc-1.3.5-2.1 openSUSE Tumbleweed:libvorbis0-1.3.5-2.1 openSUSE Tumbleweed:libvorbis0-32bit-1.3.5-2.1 openSUSE Tumbleweed:libvorbisenc2-1.3.5-2.1 openSUSE Tumbleweed:libvorbisenc2-32bit-1.3.5-2.1 openSUSE Tumbleweed:libvorbisfile3-1.3.5-2.1 openSUSE Tumbleweed:libvorbisfile3-32bit-1.3.5-2.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2008-1420.html CVE-2008-1420 https://bugzilla.suse.com/372246 SUSE Bug 372246 Multiple unspecified vulnerabilities in libvorbis, as used in Mozilla Firefox 3.5.x before 3.5.4, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors. NOTE: this might overlap CVE-2009-2663. CVE-2009-3379 openSUSE Tumbleweed:libvorbis-devel-1.3.5-2.1 openSUSE Tumbleweed:libvorbis-devel-32bit-1.3.5-2.1 openSUSE Tumbleweed:libvorbis-doc-1.3.5-2.1 openSUSE Tumbleweed:libvorbis0-1.3.5-2.1 openSUSE Tumbleweed:libvorbis0-32bit-1.3.5-2.1 openSUSE Tumbleweed:libvorbisenc2-1.3.5-2.1 openSUSE Tumbleweed:libvorbisenc2-32bit-1.3.5-2.1 openSUSE Tumbleweed:libvorbisfile3-1.3.5-2.1 openSUSE Tumbleweed:libvorbisfile3-32bit-1.3.5-2.1 moderate 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2009-3379.html CVE-2009-3379 https://bugzilla.suse.com/522109 SUSE Bug 522109 https://bugzilla.suse.com/545277 SUSE Bug 545277 https://bugzilla.suse.com/608192 SUSE Bug 608192 Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize nsChildView data structures, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Ogg Vorbis file. CVE-2012-0444 openSUSE Tumbleweed:libvorbis-devel-1.3.5-2.1 openSUSE Tumbleweed:libvorbis-devel-32bit-1.3.5-2.1 openSUSE Tumbleweed:libvorbis-doc-1.3.5-2.1 openSUSE Tumbleweed:libvorbis0-1.3.5-2.1 openSUSE Tumbleweed:libvorbis0-32bit-1.3.5-2.1 openSUSE Tumbleweed:libvorbisenc2-1.3.5-2.1 openSUSE Tumbleweed:libvorbisenc2-32bit-1.3.5-2.1 openSUSE Tumbleweed:libvorbisfile3-1.3.5-2.1 openSUSE Tumbleweed:libvorbisfile3-32bit-1.3.5-2.1 moderate 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-0444.html CVE-2012-0444 https://bugzilla.suse.com/744275 SUSE Bug 744275 https://bugzilla.suse.com/747912 SUSE Bug 747912