lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 21 Apr 2005 01:07:24 -0600
From: Mandriva Security Team <security@...driva.com>
To: bugtraq@...urityfocus.com
Subject: MDKSA-2005:075 - Updated libcdaudio1 packages fix vulnerability


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                Mandriva Linux Security Update Advisory
 _______________________________________________________________________

 Package name:           libcdaudio1
 Advisory ID:            MDKSA-2005:075
 Date:                   April 20th, 2005

 Affected versions:	 10.1, 10.2, Corporate 3.0
 ______________________________________________________________________

 Problem Description:

 A buffer overflow bug was found by Joseph VanAndel in the way that grip
 handles data returned by CDDB servers.  If a user connected to a
 malicious CDDB server, an attacker could execute arbitrary code on the
 user's machine.  This same vulnerability is present in the libcdaudio1
 code.
 
 The updated packages have been patched to correct these issues.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0706
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.1:
 6b6b43013c8594c16da0cf2a9ec2f2fd  10.1/RPMS/libcdaudio1-0.99.10-1.1.101mdk.i586.rpm
 229ee3bc3f3ebfb85a482380d32a63c7  10.1/RPMS/libcdaudio1-devel-0.99.10-1.1.101mdk.i586.rpm
 b4986769b509c34bbf80a465cd628261  10.1/SRPMS/libcdaudio1-0.99.10-1.1.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 e7cb79b96945b05b6d65f7dc1f0823aa  x86_64/10.1/RPMS/lib64cdaudio1-0.99.10-1.1.101mdk.x86_64.rpm
 434e689a7ced3a5592f1c519e6f3e3ad  x86_64/10.1/RPMS/lib64cdaudio1-devel-0.99.10-1.1.101mdk.x86_64.rpm
 b4986769b509c34bbf80a465cd628261  x86_64/10.1/SRPMS/libcdaudio1-0.99.10-1.1.101mdk.src.rpm

 Mandrakelinux 10.2:
 ee21e09a1917573c3af0cd27dd5a4dbd  10.2/RPMS/libcdaudio1-0.99.10-2.1.102mdk.i586.rpm
 f045fee3533042555b6f59a813f345de  10.2/RPMS/libcdaudio1-devel-0.99.10-2.1.102mdk.i586.rpm
 b7d2b5021a3d5a86a65f46590107461c  10.2/SRPMS/libcdaudio1-0.99.10-2.1.102mdk.src.rpm

 Mandrakelinux 10.2/X86_64:
 febb2d2983baf1fd010c366ea6d9eba8  x86_64/10.2/RPMS/lib64cdaudio1-0.99.10-2.1.102mdk.x86_64.rpm
 b6fa99c0e8ad0352200b8294215193ef  x86_64/10.2/RPMS/lib64cdaudio1-devel-0.99.10-2.1.102mdk.x86_64.rpm
 b7d2b5021a3d5a86a65f46590107461c  x86_64/10.2/SRPMS/libcdaudio1-0.99.10-2.1.102mdk.src.rpm

 Corporate 3.0:
 49fa757ff390c91bbe7a4e0b7a680896  corporate/3.0/RPMS/libcdaudio1-0.99.9-1.1.C30mdk.i586.rpm
 fd66c86e5c78d3f62972ade197ee853f  corporate/3.0/RPMS/libcdaudio1-devel-0.99.9-1.1.C30mdk.i586.rpm
 cbfab4f961b261dfed335d754e2d29d3  corporate/3.0/SRPMS/libcdaudio1-0.99.9-1.1.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 f0898885e18312e1b7fb7db408543a76  x86_64/corporate/3.0/RPMS/libcdaudio1-0.99.9-1.1.C30mdk.x86_64.rpm
 211e09953905bb39582e80f73f26863e  x86_64/corporate/3.0/RPMS/libcdaudio1-devel-0.99.9-1.1.C30mdk.x86_64.rpm
 cbfab4f961b261dfed335d754e2d29d3  x86_64/corporate/3.0/SRPMS/libcdaudio1-0.99.9-1.1.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFCZ1EsmqjQ0CJFipgRAmiUAKCQUmIC86E2fwyCm8rWr1EmRZOiFQCfdPuM
HFP8umjYjQ2IDmP01fsD48E=
=cDPi
-----END PGP SIGNATURE-----


Powered by blists - more mailing lists