Login
Newsletter
Werbung

Sicherheit: Pufferüberlauf in libcdaudio1
Aktuelle Meldungen Distributionen
Name: Pufferüberlauf in libcdaudio1
ID: MDKSA-2005:075
Distribution: Mandriva
Plattformen: Mandriva 10.1, Mandriva Corporate 3.0, Mandriva 10.2
Datum: Fr, 22. April 2005, 13:00
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0706
Applikationen: libcdaudio

Originalnachricht

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Update Advisory
_______________________________________________________________________

Package name: libcdaudio1
Advisory ID: MDKSA-2005:075
Date: April 20th, 2005

Affected versions: 10.1, 10.2, Corporate 3.0
______________________________________________________________________

Problem Description:

A buffer overflow bug was found by Joseph VanAndel in the way that grip
handles data returned by CDDB servers. If a user connected to a
malicious CDDB server, an attacker could execute arbitrary code on the
user's machine. This same vulnerability is present in the libcdaudio1
code.

The updated packages have been patched to correct these issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0706
______________________________________________________________________

Updated Packages:

Mandrakelinux 10.1:
6b6b43013c8594c16da0cf2a9ec2f2fd
10.1/RPMS/libcdaudio1-0.99.10-1.1.101mdk.i586.rpm
229ee3bc3f3ebfb85a482380d32a63c7
10.1/RPMS/libcdaudio1-devel-0.99.10-1.1.101mdk.i586.rpm
b4986769b509c34bbf80a465cd628261
10.1/SRPMS/libcdaudio1-0.99.10-1.1.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
e7cb79b96945b05b6d65f7dc1f0823aa
x86_64/10.1/RPMS/lib64cdaudio1-0.99.10-1.1.101mdk.x86_64.rpm
434e689a7ced3a5592f1c519e6f3e3ad
x86_64/10.1/RPMS/lib64cdaudio1-devel-0.99.10-1.1.101mdk.x86_64.rpm
b4986769b509c34bbf80a465cd628261
x86_64/10.1/SRPMS/libcdaudio1-0.99.10-1.1.101mdk.src.rpm

Mandrakelinux 10.2:
ee21e09a1917573c3af0cd27dd5a4dbd
10.2/RPMS/libcdaudio1-0.99.10-2.1.102mdk.i586.rpm
f045fee3533042555b6f59a813f345de
10.2/RPMS/libcdaudio1-devel-0.99.10-2.1.102mdk.i586.rpm
b7d2b5021a3d5a86a65f46590107461c
10.2/SRPMS/libcdaudio1-0.99.10-2.1.102mdk.src.rpm

Mandrakelinux 10.2/X86_64:
febb2d2983baf1fd010c366ea6d9eba8
x86_64/10.2/RPMS/lib64cdaudio1-0.99.10-2.1.102mdk.x86_64.rpm
b6fa99c0e8ad0352200b8294215193ef
x86_64/10.2/RPMS/lib64cdaudio1-devel-0.99.10-2.1.102mdk.x86_64.rpm
b7d2b5021a3d5a86a65f46590107461c
x86_64/10.2/SRPMS/libcdaudio1-0.99.10-2.1.102mdk.src.rpm

Corporate 3.0:
49fa757ff390c91bbe7a4e0b7a680896
corporate/3.0/RPMS/libcdaudio1-0.99.9-1.1.C30mdk.i586.rpm
fd66c86e5c78d3f62972ade197ee853f
corporate/3.0/RPMS/libcdaudio1-devel-0.99.9-1.1.C30mdk.i586.rpm
cbfab4f961b261dfed335d754e2d29d3
corporate/3.0/SRPMS/libcdaudio1-0.99.9-1.1.C30mdk.src.rpm

Corporate 3.0/X86_64:
f0898885e18312e1b7fb7db408543a76
x86_64/corporate/3.0/RPMS/libcdaudio1-0.99.9-1.1.C30mdk.x86_64.rpm
211e09953905bb39582e80f73f26863e
x86_64/corporate/3.0/RPMS/libcdaudio1-devel-0.99.9-1.1.C30mdk.x86_64.rpm
cbfab4f961b261dfed335d754e2d29d3
x86_64/corporate/3.0/SRPMS/libcdaudio1-0.99.9-1.1.C30mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFCZ1EsmqjQ0CJFipgRAmiUAKCQUmIC86E2fwyCm8rWr1EmRZOiFQCfdPuM
HFP8umjYjQ2IDmP01fsD48E=
=cDPi
-----END PGP SIGNATURE-----


____________________________________________________
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
Join the Club : http://www.mandrakeclub.com
____________________________________________________
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung