Synopsis

Important: libvorbis security update

Type/Severity

Security Advisory: Important

Topic

An update for libvorbis is now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The libvorbis package contains runtime libraries for use in programs that support Ogg Vorbis, a fully open, non-proprietary, patent- and royalty-free, general-purpose compressed format for audio and music at fixed and variable bitrates.

Security Fix(es):

• Mozilla: Vorbis audio processing out of bounds write (MFSA 2018-08) (CVE-2018-5146)
  

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Red Hat would like to thank the Mozilla Project for reporting this issue. Upstream acknowledges Richard Zhu via Trend Micro's Zero Day Initiative as the original reporter.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

• Red Hat Enterprise Linux Server 6 x86_64
• Red Hat Enterprise Linux Server 6 i386
• Red Hat Enterprise Linux Workstation 6 x86_64
• Red Hat Enterprise Linux Workstation 6 i386
• Red Hat Enterprise Linux Desktop 6 x86_64
• Red Hat Enterprise Linux Desktop 6 i386
• Red Hat Enterprise Linux for IBM z Systems 6 s390x
• Red Hat Enterprise Linux for Power, big endian 6 ppc64
• Red Hat Enterprise Linux for Scientific Computing 6 x86_64

Fixes

• BZ - 1557221 - CVE-2018-5146 Mozilla: Vorbis audio processing out of bounds write (MFSA 2018-08)

CVEs

• CVE-2018-5146

References

• https://access.redhat.com/security/updates/classification/#important

Red Hat Enterprise Linux Server 6

SRPM
libvorbis-1.2.3-5.el6_9.1.src.rpm	SHA-256: 14860653d2d0fff63576ed04fbec64fc93ec5db60ddfca3a473a76b8bd3fe259
x86_64
libvorbis-1.2.3-5.el6_9.1.i686.rpm	SHA-256: 9d231a6a9f5f37ea35a6e4f9f6f38e9fc36c7b0111b5f21fa45a8606bf2de450
libvorbis-1.2.3-5.el6_9.1.x86_64.rpm	SHA-256: e25e86d77945c060be7a3f10e02481b0b88bbe2cc76f09379b1b52b208c4fbda
libvorbis-debuginfo-1.2.3-5.el6_9.1.i686.rpm	SHA-256: 255d7201e46126091e309be1cab7723b3a13c0c4c744dc810e49b6d8d9cd46a6
libvorbis-debuginfo-1.2.3-5.el6_9.1.i686.rpm	SHA-256: 255d7201e46126091e309be1cab7723b3a13c0c4c744dc810e49b6d8d9cd46a6
libvorbis-debuginfo-1.2.3-5.el6_9.1.x86_64.rpm	SHA-256: 403d9711b4f662989fecac3de8b97f748e133d3380c8026cb61c1b335af6ddcf
libvorbis-debuginfo-1.2.3-5.el6_9.1.x86_64.rpm	SHA-256: 403d9711b4f662989fecac3de8b97f748e133d3380c8026cb61c1b335af6ddcf
libvorbis-devel-1.2.3-5.el6_9.1.i686.rpm	SHA-256: 65d048c56ba512bf58c1295bcb627928994d5097e9d7448237bcb3f653e661f8
libvorbis-devel-1.2.3-5.el6_9.1.x86_64.rpm	SHA-256: 7955f0b41ef643344a41f56d0cb6e9bd9406ea408dad0fcd8a71a3d604008502
libvorbis-devel-docs-1.2.3-5.el6_9.1.noarch.rpm	SHA-256: c134957a545104a71facbcf4b7d02584e0184b0083f3b74288152a3d775b3240
i386
libvorbis-1.2.3-5.el6_9.1.i686.rpm	SHA-256: 9d231a6a9f5f37ea35a6e4f9f6f38e9fc36c7b0111b5f21fa45a8606bf2de450
libvorbis-debuginfo-1.2.3-5.el6_9.1.i686.rpm	SHA-256: 255d7201e46126091e309be1cab7723b3a13c0c4c744dc810e49b6d8d9cd46a6
libvorbis-debuginfo-1.2.3-5.el6_9.1.i686.rpm	SHA-256: 255d7201e46126091e309be1cab7723b3a13c0c4c744dc810e49b6d8d9cd46a6
libvorbis-devel-1.2.3-5.el6_9.1.i686.rpm	SHA-256: 65d048c56ba512bf58c1295bcb627928994d5097e9d7448237bcb3f653e661f8
libvorbis-devel-docs-1.2.3-5.el6_9.1.noarch.rpm	SHA-256: c134957a545104a71facbcf4b7d02584e0184b0083f3b74288152a3d775b3240

Red Hat Enterprise Linux Workstation 6

SRPM
libvorbis-1.2.3-5.el6_9.1.src.rpm	SHA-256: 14860653d2d0fff63576ed04fbec64fc93ec5db60ddfca3a473a76b8bd3fe259
x86_64
libvorbis-1.2.3-5.el6_9.1.i686.rpm	SHA-256: 9d231a6a9f5f37ea35a6e4f9f6f38e9fc36c7b0111b5f21fa45a8606bf2de450
libvorbis-1.2.3-5.el6_9.1.x86_64.rpm	SHA-256: e25e86d77945c060be7a3f10e02481b0b88bbe2cc76f09379b1b52b208c4fbda
libvorbis-debuginfo-1.2.3-5.el6_9.1.i686.rpm	SHA-256: 255d7201e46126091e309be1cab7723b3a13c0c4c744dc810e49b6d8d9cd46a6
libvorbis-debuginfo-1.2.3-5.el6_9.1.i686.rpm	SHA-256: 255d7201e46126091e309be1cab7723b3a13c0c4c744dc810e49b6d8d9cd46a6
libvorbis-debuginfo-1.2.3-5.el6_9.1.x86_64.rpm	SHA-256: 403d9711b4f662989fecac3de8b97f748e133d3380c8026cb61c1b335af6ddcf
libvorbis-debuginfo-1.2.3-5.el6_9.1.x86_64.rpm	SHA-256: 403d9711b4f662989fecac3de8b97f748e133d3380c8026cb61c1b335af6ddcf
libvorbis-devel-1.2.3-5.el6_9.1.i686.rpm	SHA-256: 65d048c56ba512bf58c1295bcb627928994d5097e9d7448237bcb3f653e661f8
libvorbis-devel-1.2.3-5.el6_9.1.x86_64.rpm	SHA-256: 7955f0b41ef643344a41f56d0cb6e9bd9406ea408dad0fcd8a71a3d604008502
libvorbis-devel-docs-1.2.3-5.el6_9.1.noarch.rpm	SHA-256: c134957a545104a71facbcf4b7d02584e0184b0083f3b74288152a3d775b3240
i386
libvorbis-1.2.3-5.el6_9.1.i686.rpm	SHA-256: 9d231a6a9f5f37ea35a6e4f9f6f38e9fc36c7b0111b5f21fa45a8606bf2de450
libvorbis-debuginfo-1.2.3-5.el6_9.1.i686.rpm	SHA-256: 255d7201e46126091e309be1cab7723b3a13c0c4c744dc810e49b6d8d9cd46a6
libvorbis-debuginfo-1.2.3-5.el6_9.1.i686.rpm	SHA-256: 255d7201e46126091e309be1cab7723b3a13c0c4c744dc810e49b6d8d9cd46a6
libvorbis-devel-1.2.3-5.el6_9.1.i686.rpm	SHA-256: 65d048c56ba512bf58c1295bcb627928994d5097e9d7448237bcb3f653e661f8
libvorbis-devel-docs-1.2.3-5.el6_9.1.noarch.rpm	SHA-256: c134957a545104a71facbcf4b7d02584e0184b0083f3b74288152a3d775b3240

Red Hat Enterprise Linux Desktop 6

SRPM
libvorbis-1.2.3-5.el6_9.1.src.rpm	SHA-256: 14860653d2d0fff63576ed04fbec64fc93ec5db60ddfca3a473a76b8bd3fe259
x86_64
libvorbis-1.2.3-5.el6_9.1.i686.rpm	SHA-256: 9d231a6a9f5f37ea35a6e4f9f6f38e9fc36c7b0111b5f21fa45a8606bf2de450
libvorbis-1.2.3-5.el6_9.1.x86_64.rpm	SHA-256: e25e86d77945c060be7a3f10e02481b0b88bbe2cc76f09379b1b52b208c4fbda
libvorbis-debuginfo-1.2.3-5.el6_9.1.i686.rpm	SHA-256: 255d7201e46126091e309be1cab7723b3a13c0c4c744dc810e49b6d8d9cd46a6
libvorbis-debuginfo-1.2.3-5.el6_9.1.i686.rpm	SHA-256: 255d7201e46126091e309be1cab7723b3a13c0c4c744dc810e49b6d8d9cd46a6
libvorbis-debuginfo-1.2.3-5.el6_9.1.x86_64.rpm	SHA-256: 403d9711b4f662989fecac3de8b97f748e133d3380c8026cb61c1b335af6ddcf
libvorbis-debuginfo-1.2.3-5.el6_9.1.x86_64.rpm	SHA-256: 403d9711b4f662989fecac3de8b97f748e133d3380c8026cb61c1b335af6ddcf
libvorbis-devel-1.2.3-5.el6_9.1.i686.rpm	SHA-256: 65d048c56ba512bf58c1295bcb627928994d5097e9d7448237bcb3f653e661f8
libvorbis-devel-1.2.3-5.el6_9.1.x86_64.rpm	SHA-256: 7955f0b41ef643344a41f56d0cb6e9bd9406ea408dad0fcd8a71a3d604008502
libvorbis-devel-docs-1.2.3-5.el6_9.1.noarch.rpm	SHA-256: c134957a545104a71facbcf4b7d02584e0184b0083f3b74288152a3d775b3240
i386
libvorbis-1.2.3-5.el6_9.1.i686.rpm	SHA-256: 9d231a6a9f5f37ea35a6e4f9f6f38e9fc36c7b0111b5f21fa45a8606bf2de450
libvorbis-debuginfo-1.2.3-5.el6_9.1.i686.rpm	SHA-256: 255d7201e46126091e309be1cab7723b3a13c0c4c744dc810e49b6d8d9cd46a6
libvorbis-debuginfo-1.2.3-5.el6_9.1.i686.rpm	SHA-256: 255d7201e46126091e309be1cab7723b3a13c0c4c744dc810e49b6d8d9cd46a6
libvorbis-devel-1.2.3-5.el6_9.1.i686.rpm	SHA-256: 65d048c56ba512bf58c1295bcb627928994d5097e9d7448237bcb3f653e661f8
libvorbis-devel-docs-1.2.3-5.el6_9.1.noarch.rpm	SHA-256: c134957a545104a71facbcf4b7d02584e0184b0083f3b74288152a3d775b3240

Red Hat Enterprise Linux for IBM z Systems 6

SRPM
libvorbis-1.2.3-5.el6_9.1.src.rpm	SHA-256: 14860653d2d0fff63576ed04fbec64fc93ec5db60ddfca3a473a76b8bd3fe259
s390x
libvorbis-1.2.3-5.el6_9.1.s390.rpm	SHA-256: 99eb3bf60633a7fb65885c8ba635513e5571e199b5b4edbe2427b61dec0ed5f8
libvorbis-1.2.3-5.el6_9.1.s390x.rpm	SHA-256: c99d80880fb5c4d7bb7b3aa13e7f7d1d9b920dbb082d592ffba8887e42bfbcd9
libvorbis-debuginfo-1.2.3-5.el6_9.1.s390.rpm	SHA-256: 51095b441cab8abd80897ec3f237d5a41510cbf1986689621f745c96f6a5461a
libvorbis-debuginfo-1.2.3-5.el6_9.1.s390.rpm	SHA-256: 51095b441cab8abd80897ec3f237d5a41510cbf1986689621f745c96f6a5461a
libvorbis-debuginfo-1.2.3-5.el6_9.1.s390x.rpm	SHA-256: 0bee1187ade15be74d5e72f3b6ce4e9dabebc8595ef988a00c5f8b0ba59fa119
libvorbis-debuginfo-1.2.3-5.el6_9.1.s390x.rpm	SHA-256: 0bee1187ade15be74d5e72f3b6ce4e9dabebc8595ef988a00c5f8b0ba59fa119
libvorbis-devel-1.2.3-5.el6_9.1.s390.rpm	SHA-256: 94c64a98dfe7a322e1ab3364483bc1b12dd078c6c8e54e1b99e076891c1e68df
libvorbis-devel-1.2.3-5.el6_9.1.s390x.rpm	SHA-256: be9558050f1163ef379a8b8a06c6a3fbc8ffc8d421ce78ccb3b480e57bcd0c44
libvorbis-devel-docs-1.2.3-5.el6_9.1.noarch.rpm	SHA-256: c134957a545104a71facbcf4b7d02584e0184b0083f3b74288152a3d775b3240

Red Hat Enterprise Linux for Power, big endian 6

SRPM
libvorbis-1.2.3-5.el6_9.1.src.rpm	SHA-256: 14860653d2d0fff63576ed04fbec64fc93ec5db60ddfca3a473a76b8bd3fe259
ppc64
libvorbis-1.2.3-5.el6_9.1.ppc.rpm	SHA-256: 14a72fa93cef6f9fcc0efcdf9c05d21288ee83a8b000d797a39e322cd2644367
libvorbis-1.2.3-5.el6_9.1.ppc64.rpm	SHA-256: 017bebd86d00ba766fcadfc1378297dc0825044e8fe60072d5eb9bbedad96fbc
libvorbis-debuginfo-1.2.3-5.el6_9.1.ppc.rpm	SHA-256: 7c2606d79c77dd45e6f5e40ccdc87479433999ffc3e6650e3d5f191c0f043e1b
libvorbis-debuginfo-1.2.3-5.el6_9.1.ppc.rpm	SHA-256: 7c2606d79c77dd45e6f5e40ccdc87479433999ffc3e6650e3d5f191c0f043e1b
libvorbis-debuginfo-1.2.3-5.el6_9.1.ppc64.rpm	SHA-256: 5acc063155fa1eafaa2af2a07a7817e055ef95e8d2ba25f492a684491289182d
libvorbis-debuginfo-1.2.3-5.el6_9.1.ppc64.rpm	SHA-256: 5acc063155fa1eafaa2af2a07a7817e055ef95e8d2ba25f492a684491289182d
libvorbis-devel-1.2.3-5.el6_9.1.ppc.rpm	SHA-256: 113bf4001856f7fa4a33cd7aae87884b726954b8675b572956032e87463305f9
libvorbis-devel-1.2.3-5.el6_9.1.ppc64.rpm	SHA-256: 21d57dbe0702b7878bb89b785fc2a4bbb94d126e62c4afd4c33bd6ad5f9d6d13
libvorbis-devel-docs-1.2.3-5.el6_9.1.noarch.rpm	SHA-256: c134957a545104a71facbcf4b7d02584e0184b0083f3b74288152a3d775b3240

Red Hat Enterprise Linux for Scientific Computing 6

SRPM
libvorbis-1.2.3-5.el6_9.1.src.rpm	SHA-256: 14860653d2d0fff63576ed04fbec64fc93ec5db60ddfca3a473a76b8bd3fe259
x86_64
libvorbis-1.2.3-5.el6_9.1.i686.rpm	SHA-256: 9d231a6a9f5f37ea35a6e4f9f6f38e9fc36c7b0111b5f21fa45a8606bf2de450
libvorbis-1.2.3-5.el6_9.1.x86_64.rpm	SHA-256: e25e86d77945c060be7a3f10e02481b0b88bbe2cc76f09379b1b52b208c4fbda
libvorbis-debuginfo-1.2.3-5.el6_9.1.i686.rpm	SHA-256: 255d7201e46126091e309be1cab7723b3a13c0c4c744dc810e49b6d8d9cd46a6
libvorbis-debuginfo-1.2.3-5.el6_9.1.i686.rpm	SHA-256: 255d7201e46126091e309be1cab7723b3a13c0c4c744dc810e49b6d8d9cd46a6
libvorbis-debuginfo-1.2.3-5.el6_9.1.x86_64.rpm	SHA-256: 403d9711b4f662989fecac3de8b97f748e133d3380c8026cb61c1b335af6ddcf
libvorbis-debuginfo-1.2.3-5.el6_9.1.x86_64.rpm	SHA-256: 403d9711b4f662989fecac3de8b97f748e133d3380c8026cb61c1b335af6ddcf
libvorbis-devel-1.2.3-5.el6_9.1.i686.rpm	SHA-256: 65d048c56ba512bf58c1295bcb627928994d5097e9d7448237bcb3f653e661f8
libvorbis-devel-1.2.3-5.el6_9.1.x86_64.rpm	SHA-256: 7955f0b41ef643344a41f56d0cb6e9bd9406ea408dad0fcd8a71a3d604008502
libvorbis-devel-docs-1.2.3-5.el6_9.1.noarch.rpm	SHA-256: c134957a545104a71facbcf4b7d02584e0184b0083f3b74288152a3d775b3240