Synopsis: Important: speex security update
Issue date: 2008-04-16
CVE Names: CVE-2008-1686
The Speex library was found to not properly validate input values read from
the Speex files headers. An attacker could create a malicious Speex file
that would crash an application or, possibly, allow arbitrary code
execution with the privileges of the application calling the Speex library.
(CVE-2008-1686)
SL 4.x
SRPMS:
speex-1.0.4-4.el4_6.1.src.rpm
i386:
speex-1.0.4-4.el4_6.1.i386.rpm
speex-devel-1.0.4-4.el4_6.1.i386.rpm
x86_64:
speex-1.0.4-4.el4_6.1.i386.rpm
speex-1.0.4-4.el4_6.1.x86_64.rpm
speex-devel-1.0.4-4.el4_6.1.x86_64.rpm
SL 5.x
SRPMS:
speex-1.0.5-4.el5_1.1.src.rpm
i386:
speex-1.0.5-4.el5_1.1.i386.rpm
speex-devel-1.0.5-4.el5_1.1.i386.rpm
x86_64:
speex-1.0.5-4.el5_1.1.i386.rpm
speex-1.0.5-4.el5_1.1.x86_64.rpm
speex-devel-1.0.5-4.el5_1.1.i386.rpm
speex-devel-1.0.5-4.el5_1.1.x86_64.rpm
-Connie Sieh
-Troy Dawson