In Second Life we have a minor crisis today. There is an exploit that someone figured out. They are griefing the grid with it now. It is unclear how long this exploit has been around. You need to take action now.
Red Hat Security Advisory is out. See: https://rhn.redhat.com/errata/RHSA-2009-1561.html This is an old issue as it was first found 2009. I suppose it just recently came to the Linden’s attention when someone figured out how to implement the exploit in SL.
If you are not a Linux user, you may not know that Red Hat is a flavor of Linux. They broke the news on the exploit.
The problem is in a part of the viewer code library libvorbis. It has runtime libraries for programs that support Ogg Vorbis. A type of sound file compression that SL uses. Presumably Windows users are the primary risk. But, the exploit door is in a library that Windows, Mac, and Linux use.
Multiple flaws were found in the libvorbis library. A specially-crafted Ogg Vorbis media format file (Ogg) could cause an application using libvorbis to crash or, possibly, execute arbitrary code when opened. (CVE-2009-3379)
Viewer Developers were alerted by Linden Lab and asked to recompile their copies of the library to close the exploit.
We have also seen an upset in the usual roll out schedule as server side code was shuffled do to high crash rates. Whether this crashing was just a recent fix gone wrong or included any aspect of this exploit is unknown.
I am assuming new SL Viewers have the new library compile. I suppose anything made in the last week.
The KirstenLee S21(7a) has the fixed library. If you downloaded S21(7), get a new download.
I am uncertain if one can turn off sounds in the viewer and be safe. I suppose it is worth a try.
If you are using a viewer dated before today, you are probably at risk. Check with your viewer’s developer.
Some are rating this risk factor of 9 on a scale of 1 to 10 with 10 being a super nova. However, you should not be drowning in a river of bad ogg files. The problem is you can’t know when someone around you will release one.