RHSA-2008:0235 - Security Advisory

Overview
Updated Packages

Synopsis

Important: speex security update

Type/Severity

Security Advisory: Important

Topic

Updated speex packages that fix a security issue are now available for Red
Hat Enterprise Linux 4 and Red Hat Enterprise Linux 5.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

Description

Speex is a patent-free compression format designed especially for speech.
The Speex package contains a library for handling Speex files and sample
encoder and decoder implementations using this library.

The Speex library was found to not properly validate input values read from
the Speex files headers. An attacker could create a malicious Speex file
that would crash an application or, possibly, allow arbitrary code
execution with the privileges of the application calling the Speex library.
(CVE-2008-1686)

All users of speex are advised to upgrade to these updated packages, which
contain a backported patch to resolve this issue.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Affected Products

Red Hat Enterprise Linux Server 5 x86_64
Red Hat Enterprise Linux Server 5 ia64
Red Hat Enterprise Linux Server 5 i386
Red Hat Enterprise Linux Server 4 x86_64
Red Hat Enterprise Linux Server 4 ia64
Red Hat Enterprise Linux Server 4 i386
Red Hat Enterprise Linux Server - Extended Update Support 5.1 x86_64
Red Hat Enterprise Linux Server - Extended Update Support 5.1 ia64
Red Hat Enterprise Linux Server - Extended Update Support 5.1 i386
Red Hat Enterprise Linux Server - Extended Update Support 4.6 x86_64
Red Hat Enterprise Linux Server - Extended Update Support 4.6 ia64
Red Hat Enterprise Linux Server - Extended Update Support 4.6 i386
Red Hat Enterprise Linux Workstation 5 x86_64
Red Hat Enterprise Linux Workstation 5 i386
Red Hat Enterprise Linux Workstation 4 x86_64
Red Hat Enterprise Linux Workstation 4 ia64
Red Hat Enterprise Linux Workstation 4 i386
Red Hat Enterprise Linux Desktop 5 x86_64
Red Hat Enterprise Linux Desktop 5 i386
Red Hat Enterprise Linux Desktop 4 x86_64
Red Hat Enterprise Linux Desktop 4 i386
Red Hat Enterprise Linux for IBM z Systems 5 s390x
Red Hat Enterprise Linux for IBM z Systems 4 s390x
Red Hat Enterprise Linux for IBM z Systems 4 s390
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 5.1 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.6 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.6 s390
Red Hat Enterprise Linux for Power, big endian 5 ppc
Red Hat Enterprise Linux for Power, big endian 4 ppc
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 5.1 ppc
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.6 ppc
Red Hat Enterprise Linux Server from RHUI 5 x86_64
Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

BZ - 441239 - CVE-2008-1686 speex, libfishsound: insufficient boundary checks

CVEs

CVE-2008-1686

References

http://www.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 5

SRPM
speex-1.0.5-4.el5_1.1.src.rpm	SHA-256: 791dbd2a41358653fb47e070cd42849e82ab076f8606be3135dbc161f64b2e9c
x86_64
speex-1.0.5-4.el5_1.1.i386.rpm	SHA-256: 3e9041c02322a8424899b7a3082d08c9b3876e133d05c575a23f4d49f53c8697
speex-1.0.5-4.el5_1.1.x86_64.rpm	SHA-256: ecaf2116eaf8ed96ca3f10cbf3e66b64a3e4a21154e798c1ca053f68e164007e
speex-devel-1.0.5-4.el5_1.1.i386.rpm	SHA-256: df8fb43aa8e14bacf5cbd84a9124febd662573a7db0dc668ee21b9f2ead8a03a
speex-devel-1.0.5-4.el5_1.1.x86_64.rpm	SHA-256: 6cf821e4503c684deadf798b27f1588d2fab8fb09f8989a159c9c7de101a749f
ia64
speex-1.0.5-4.el5_1.1.ia64.rpm	SHA-256: becfb3a8e4ee5f739d152451de2f3cc72ca99e12978c8880e81e855368f58d20
speex-devel-1.0.5-4.el5_1.1.ia64.rpm	SHA-256: 5cc9ee3d4010876686a3ce640ba4f6ed84f4208ac4119e78641011ee36843cc8
i386
speex-1.0.5-4.el5_1.1.i386.rpm	SHA-256: 3e9041c02322a8424899b7a3082d08c9b3876e133d05c575a23f4d49f53c8697
speex-devel-1.0.5-4.el5_1.1.i386.rpm	SHA-256: df8fb43aa8e14bacf5cbd84a9124febd662573a7db0dc668ee21b9f2ead8a03a

Red Hat Enterprise Linux Server 4

SRPM
speex-1.0.4-4.el4_6.1.src.rpm	SHA-256: d27cba557ee2273098e5ed99b9ce17636e6bdcde85fe82ccbcb1f8f79932238b
x86_64
speex-1.0.4-4.el4_6.1.i386.rpm	SHA-256: df67667907da42f13fb9069082e5e6b0fc92f3361ce7cc9a5d45d33bc6961c53
speex-1.0.4-4.el4_6.1.i386.rpm	SHA-256: df67667907da42f13fb9069082e5e6b0fc92f3361ce7cc9a5d45d33bc6961c53
speex-1.0.4-4.el4_6.1.x86_64.rpm	SHA-256: 0139b8bbe1b7dd7d55e7ae9cc8c373f3d7c77e4b2ecc96ebb64cadc631a2c17a
speex-1.0.4-4.el4_6.1.x86_64.rpm	SHA-256: 0139b8bbe1b7dd7d55e7ae9cc8c373f3d7c77e4b2ecc96ebb64cadc631a2c17a
speex-devel-1.0.4-4.el4_6.1.x86_64.rpm	SHA-256: b080878d87c97c61e7f488b6c86af467624235f7f8f84d6b7271a4d8ab2362a0
speex-devel-1.0.4-4.el4_6.1.x86_64.rpm	SHA-256: b080878d87c97c61e7f488b6c86af467624235f7f8f84d6b7271a4d8ab2362a0
ia64
speex-1.0.4-4.el4_6.1.i386.rpm	SHA-256: df67667907da42f13fb9069082e5e6b0fc92f3361ce7cc9a5d45d33bc6961c53
speex-1.0.4-4.el4_6.1.i386.rpm	SHA-256: df67667907da42f13fb9069082e5e6b0fc92f3361ce7cc9a5d45d33bc6961c53
speex-1.0.4-4.el4_6.1.ia64.rpm	SHA-256: fecea816bba6137ed7bca3c80da66625e03d9de11048bd16a8eaa76771dfb786
speex-1.0.4-4.el4_6.1.ia64.rpm	SHA-256: fecea816bba6137ed7bca3c80da66625e03d9de11048bd16a8eaa76771dfb786
speex-devel-1.0.4-4.el4_6.1.ia64.rpm	SHA-256: 3e27c64cdb8402ccab9c828a8801150a413b2851da60934c8c11c61c0a1225cd
speex-devel-1.0.4-4.el4_6.1.ia64.rpm	SHA-256: 3e27c64cdb8402ccab9c828a8801150a413b2851da60934c8c11c61c0a1225cd
i386
speex-1.0.4-4.el4_6.1.i386.rpm	SHA-256: df67667907da42f13fb9069082e5e6b0fc92f3361ce7cc9a5d45d33bc6961c53
speex-1.0.4-4.el4_6.1.i386.rpm	SHA-256: df67667907da42f13fb9069082e5e6b0fc92f3361ce7cc9a5d45d33bc6961c53
speex-devel-1.0.4-4.el4_6.1.i386.rpm	SHA-256: 79adb3c0db23dc17bc1eba99928090a7d86aebb36a43dfc13da488888ed9f002
speex-devel-1.0.4-4.el4_6.1.i386.rpm	SHA-256: 79adb3c0db23dc17bc1eba99928090a7d86aebb36a43dfc13da488888ed9f002

Red Hat Enterprise Linux Server - Extended Update Support 4.6

SRPM
speex-1.0.4-4.el4_6.1.src.rpm	SHA-256: d27cba557ee2273098e5ed99b9ce17636e6bdcde85fe82ccbcb1f8f79932238b
x86_64
speex-1.0.4-4.el4_6.1.i386.rpm	SHA-256: df67667907da42f13fb9069082e5e6b0fc92f3361ce7cc9a5d45d33bc6961c53
speex-1.0.4-4.el4_6.1.i386.rpm	SHA-256: df67667907da42f13fb9069082e5e6b0fc92f3361ce7cc9a5d45d33bc6961c53
speex-1.0.4-4.el4_6.1.x86_64.rpm	SHA-256: 0139b8bbe1b7dd7d55e7ae9cc8c373f3d7c77e4b2ecc96ebb64cadc631a2c17a
speex-1.0.4-4.el4_6.1.x86_64.rpm	SHA-256: 0139b8bbe1b7dd7d55e7ae9cc8c373f3d7c77e4b2ecc96ebb64cadc631a2c17a
speex-devel-1.0.4-4.el4_6.1.x86_64.rpm	SHA-256: b080878d87c97c61e7f488b6c86af467624235f7f8f84d6b7271a4d8ab2362a0
speex-devel-1.0.4-4.el4_6.1.x86_64.rpm	SHA-256: b080878d87c97c61e7f488b6c86af467624235f7f8f84d6b7271a4d8ab2362a0
ia64
speex-1.0.4-4.el4_6.1.i386.rpm	SHA-256: df67667907da42f13fb9069082e5e6b0fc92f3361ce7cc9a5d45d33bc6961c53
speex-1.0.4-4.el4_6.1.i386.rpm	SHA-256: df67667907da42f13fb9069082e5e6b0fc92f3361ce7cc9a5d45d33bc6961c53
speex-1.0.4-4.el4_6.1.ia64.rpm	SHA-256: fecea816bba6137ed7bca3c80da66625e03d9de11048bd16a8eaa76771dfb786
speex-1.0.4-4.el4_6.1.ia64.rpm	SHA-256: fecea816bba6137ed7bca3c80da66625e03d9de11048bd16a8eaa76771dfb786
speex-devel-1.0.4-4.el4_6.1.ia64.rpm	SHA-256: 3e27c64cdb8402ccab9c828a8801150a413b2851da60934c8c11c61c0a1225cd
speex-devel-1.0.4-4.el4_6.1.ia64.rpm	SHA-256: 3e27c64cdb8402ccab9c828a8801150a413b2851da60934c8c11c61c0a1225cd
i386
speex-1.0.4-4.el4_6.1.i386.rpm	SHA-256: df67667907da42f13fb9069082e5e6b0fc92f3361ce7cc9a5d45d33bc6961c53
speex-1.0.4-4.el4_6.1.i386.rpm	SHA-256: df67667907da42f13fb9069082e5e6b0fc92f3361ce7cc9a5d45d33bc6961c53
speex-devel-1.0.4-4.el4_6.1.i386.rpm	SHA-256: 79adb3c0db23dc17bc1eba99928090a7d86aebb36a43dfc13da488888ed9f002
speex-devel-1.0.4-4.el4_6.1.i386.rpm	SHA-256: 79adb3c0db23dc17bc1eba99928090a7d86aebb36a43dfc13da488888ed9f002

Red Hat Enterprise Linux Workstation 5

SRPM
speex-1.0.5-4.el5_1.1.src.rpm	SHA-256: 791dbd2a41358653fb47e070cd42849e82ab076f8606be3135dbc161f64b2e9c
x86_64
speex-1.0.5-4.el5_1.1.i386.rpm	SHA-256: 3e9041c02322a8424899b7a3082d08c9b3876e133d05c575a23f4d49f53c8697
speex-1.0.5-4.el5_1.1.x86_64.rpm	SHA-256: ecaf2116eaf8ed96ca3f10cbf3e66b64a3e4a21154e798c1ca053f68e164007e
speex-devel-1.0.5-4.el5_1.1.i386.rpm	SHA-256: df8fb43aa8e14bacf5cbd84a9124febd662573a7db0dc668ee21b9f2ead8a03a
speex-devel-1.0.5-4.el5_1.1.x86_64.rpm	SHA-256: 6cf821e4503c684deadf798b27f1588d2fab8fb09f8989a159c9c7de101a749f
i386
speex-1.0.5-4.el5_1.1.i386.rpm	SHA-256: 3e9041c02322a8424899b7a3082d08c9b3876e133d05c575a23f4d49f53c8697
speex-devel-1.0.5-4.el5_1.1.i386.rpm	SHA-256: df8fb43aa8e14bacf5cbd84a9124febd662573a7db0dc668ee21b9f2ead8a03a

Red Hat Enterprise Linux Workstation 4

SRPM
speex-1.0.4-4.el4_6.1.src.rpm	SHA-256: d27cba557ee2273098e5ed99b9ce17636e6bdcde85fe82ccbcb1f8f79932238b
x86_64
speex-1.0.4-4.el4_6.1.i386.rpm	SHA-256: df67667907da42f13fb9069082e5e6b0fc92f3361ce7cc9a5d45d33bc6961c53
speex-1.0.4-4.el4_6.1.x86_64.rpm	SHA-256: 0139b8bbe1b7dd7d55e7ae9cc8c373f3d7c77e4b2ecc96ebb64cadc631a2c17a
speex-devel-1.0.4-4.el4_6.1.x86_64.rpm	SHA-256: b080878d87c97c61e7f488b6c86af467624235f7f8f84d6b7271a4d8ab2362a0
ia64
speex-1.0.4-4.el4_6.1.i386.rpm	SHA-256: df67667907da42f13fb9069082e5e6b0fc92f3361ce7cc9a5d45d33bc6961c53
speex-1.0.4-4.el4_6.1.ia64.rpm	SHA-256: fecea816bba6137ed7bca3c80da66625e03d9de11048bd16a8eaa76771dfb786
speex-devel-1.0.4-4.el4_6.1.ia64.rpm	SHA-256: 3e27c64cdb8402ccab9c828a8801150a413b2851da60934c8c11c61c0a1225cd
i386
speex-1.0.4-4.el4_6.1.i386.rpm	SHA-256: df67667907da42f13fb9069082e5e6b0fc92f3361ce7cc9a5d45d33bc6961c53
speex-devel-1.0.4-4.el4_6.1.i386.rpm	SHA-256: 79adb3c0db23dc17bc1eba99928090a7d86aebb36a43dfc13da488888ed9f002

Red Hat Enterprise Linux Desktop 5

SRPM
speex-1.0.5-4.el5_1.1.src.rpm	SHA-256: 791dbd2a41358653fb47e070cd42849e82ab076f8606be3135dbc161f64b2e9c
x86_64
speex-1.0.5-4.el5_1.1.i386.rpm	SHA-256: 3e9041c02322a8424899b7a3082d08c9b3876e133d05c575a23f4d49f53c8697
speex-1.0.5-4.el5_1.1.x86_64.rpm	SHA-256: ecaf2116eaf8ed96ca3f10cbf3e66b64a3e4a21154e798c1ca053f68e164007e
i386
speex-1.0.5-4.el5_1.1.i386.rpm	SHA-256: 3e9041c02322a8424899b7a3082d08c9b3876e133d05c575a23f4d49f53c8697

Red Hat Enterprise Linux Desktop 4

SRPM
speex-1.0.4-4.el4_6.1.src.rpm	SHA-256: d27cba557ee2273098e5ed99b9ce17636e6bdcde85fe82ccbcb1f8f79932238b
x86_64
speex-1.0.4-4.el4_6.1.i386.rpm	SHA-256: df67667907da42f13fb9069082e5e6b0fc92f3361ce7cc9a5d45d33bc6961c53
speex-1.0.4-4.el4_6.1.x86_64.rpm	SHA-256: 0139b8bbe1b7dd7d55e7ae9cc8c373f3d7c77e4b2ecc96ebb64cadc631a2c17a
speex-devel-1.0.4-4.el4_6.1.x86_64.rpm	SHA-256: b080878d87c97c61e7f488b6c86af467624235f7f8f84d6b7271a4d8ab2362a0
i386
speex-1.0.4-4.el4_6.1.i386.rpm	SHA-256: df67667907da42f13fb9069082e5e6b0fc92f3361ce7cc9a5d45d33bc6961c53
speex-devel-1.0.4-4.el4_6.1.i386.rpm	SHA-256: 79adb3c0db23dc17bc1eba99928090a7d86aebb36a43dfc13da488888ed9f002

Red Hat Enterprise Linux for IBM z Systems 5

SRPM
speex-1.0.5-4.el5_1.1.src.rpm	SHA-256: 791dbd2a41358653fb47e070cd42849e82ab076f8606be3135dbc161f64b2e9c
s390x
speex-1.0.5-4.el5_1.1.s390.rpm	SHA-256: 6f33004db88d546991745582f05d54ea47d1d71ea36bfa25c77a5c79834e57e5
speex-1.0.5-4.el5_1.1.s390x.rpm	SHA-256: f3b645ac89bcfb62aa6d80b1e690016b1c931ee88406813e1c7f48d99b483b21
speex-devel-1.0.5-4.el5_1.1.s390.rpm	SHA-256: 848acfa20fc4b550c690c15af322fb028db8cde5f05be32eb34337e40d79cc87
speex-devel-1.0.5-4.el5_1.1.s390x.rpm	SHA-256: f3c555563488bc1fe82801e28b16d3086a72fa51e7fb7b553e64f08ddae9273b

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
speex-1.0.4-4.el4_6.1.src.rpm	SHA-256: d27cba557ee2273098e5ed99b9ce17636e6bdcde85fe82ccbcb1f8f79932238b
s390x
speex-1.0.4-4.el4_6.1.s390.rpm	SHA-256: 56c1582a3563346ba78aff96e0c04d0acbfaf0ff00b7f5f74150592e516ffb8e
speex-1.0.4-4.el4_6.1.s390x.rpm	SHA-256: 56e9ccb3ca980c0cc29e4515aaeb42c651c256027af4f8b95a3e9e37f9d380a6
speex-devel-1.0.4-4.el4_6.1.s390x.rpm	SHA-256: 2796762a9dd30e9a956d25212bdb920214206075c2d9a80242e4f10dc14a05dd
s390
speex-1.0.4-4.el4_6.1.s390.rpm	SHA-256: 56c1582a3563346ba78aff96e0c04d0acbfaf0ff00b7f5f74150592e516ffb8e
speex-devel-1.0.4-4.el4_6.1.s390.rpm	SHA-256: 2bb17b7e5fc86996c740c36374ba45442bdcd7e75559961d1d2a8efb0cd70b23

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.6

SRPM
speex-1.0.4-4.el4_6.1.src.rpm	SHA-256: d27cba557ee2273098e5ed99b9ce17636e6bdcde85fe82ccbcb1f8f79932238b
s390x
speex-1.0.4-4.el4_6.1.s390.rpm	SHA-256: 56c1582a3563346ba78aff96e0c04d0acbfaf0ff00b7f5f74150592e516ffb8e
speex-1.0.4-4.el4_6.1.s390x.rpm	SHA-256: 56e9ccb3ca980c0cc29e4515aaeb42c651c256027af4f8b95a3e9e37f9d380a6
speex-devel-1.0.4-4.el4_6.1.s390x.rpm	SHA-256: 2796762a9dd30e9a956d25212bdb920214206075c2d9a80242e4f10dc14a05dd
s390
speex-1.0.4-4.el4_6.1.s390.rpm	SHA-256: 56c1582a3563346ba78aff96e0c04d0acbfaf0ff00b7f5f74150592e516ffb8e
speex-devel-1.0.4-4.el4_6.1.s390.rpm	SHA-256: 2bb17b7e5fc86996c740c36374ba45442bdcd7e75559961d1d2a8efb0cd70b23

Red Hat Enterprise Linux for Power, big endian 5

SRPM
speex-1.0.5-4.el5_1.1.src.rpm	SHA-256: 791dbd2a41358653fb47e070cd42849e82ab076f8606be3135dbc161f64b2e9c
ppc
speex-1.0.5-4.el5_1.1.ppc.rpm	SHA-256: 4a742b7ace329ff59c63a971d758ee11a550130f7ff5eb90a63d22c3b197968a
speex-1.0.5-4.el5_1.1.ppc64.rpm	SHA-256: bafc9862767f976ff199f3331875fcd87945cd7dd05072cb1f54c6a64011e606
speex-devel-1.0.5-4.el5_1.1.ppc.rpm	SHA-256: 8581372950034f0b78b14f8cfa187ac63552e70026aa31757bdb9dbecc0f047b
speex-devel-1.0.5-4.el5_1.1.ppc64.rpm	SHA-256: f5d6dbc524d6f6c8b4cb8ea0e9307fb77d531ee35b80404707c21ebcbd1e6eb8

Red Hat Enterprise Linux for Power, big endian 4

SRPM
speex-1.0.4-4.el4_6.1.src.rpm	SHA-256: d27cba557ee2273098e5ed99b9ce17636e6bdcde85fe82ccbcb1f8f79932238b
ppc
speex-1.0.4-4.el4_6.1.ppc.rpm	SHA-256: c636f966a0f9e2b9c7db919186b920d88b38f8e7ea3e9ff7f4db531d202d2146
speex-1.0.4-4.el4_6.1.ppc64.rpm	SHA-256: 44ba2365574f411864310ee66084ee3e429169d6c0fd1acfea61957db0e4698e
speex-devel-1.0.4-4.el4_6.1.ppc.rpm	SHA-256: 7be92fcf64a10aae2c990f4032fccf16f6761e3c0505f269eb14b9ffa5d1a04d

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.6

SRPM
speex-1.0.4-4.el4_6.1.src.rpm	SHA-256: d27cba557ee2273098e5ed99b9ce17636e6bdcde85fe82ccbcb1f8f79932238b
ppc
speex-1.0.4-4.el4_6.1.ppc.rpm	SHA-256: c636f966a0f9e2b9c7db919186b920d88b38f8e7ea3e9ff7f4db531d202d2146
speex-1.0.4-4.el4_6.1.ppc64.rpm	SHA-256: 44ba2365574f411864310ee66084ee3e429169d6c0fd1acfea61957db0e4698e
speex-devel-1.0.4-4.el4_6.1.ppc.rpm	SHA-256: 7be92fcf64a10aae2c990f4032fccf16f6761e3c0505f269eb14b9ffa5d1a04d

Red Hat Enterprise Linux Server from RHUI 5

SRPM
speex-1.0.5-4.el5_1.1.src.rpm	SHA-256: 791dbd2a41358653fb47e070cd42849e82ab076f8606be3135dbc161f64b2e9c
x86_64
speex-1.0.5-4.el5_1.1.i386.rpm	SHA-256: 3e9041c02322a8424899b7a3082d08c9b3876e133d05c575a23f4d49f53c8697
speex-1.0.5-4.el5_1.1.x86_64.rpm	SHA-256: ecaf2116eaf8ed96ca3f10cbf3e66b64a3e4a21154e798c1ca053f68e164007e
speex-devel-1.0.5-4.el5_1.1.i386.rpm	SHA-256: df8fb43aa8e14bacf5cbd84a9124febd662573a7db0dc668ee21b9f2ead8a03a
speex-devel-1.0.5-4.el5_1.1.x86_64.rpm	SHA-256: 6cf821e4503c684deadf798b27f1588d2fab8fb09f8989a159c9c7de101a749f
i386
speex-1.0.5-4.el5_1.1.i386.rpm	SHA-256: 3e9041c02322a8424899b7a3082d08c9b3876e133d05c575a23f4d49f53c8697
speex-devel-1.0.5-4.el5_1.1.i386.rpm	SHA-256: df8fb43aa8e14bacf5cbd84a9124febd662573a7db0dc668ee21b9f2ead8a03a

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.