lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 25 Apr 2005 22:14:11 -0400
From: Peachtree Linux Security Team <security@...chtree.burdell.org>
To: peachlnx-security@...ts.sourceforge.net,
	bugtraq@...urityfocus.com
Subject: [PLSN-0007] new libcdaudio package available

---------------------------------------------------------------------------
Peachtree Linux Security Notice PLSN-0007
April 22, 2005

Remote DoS and possible code execution in libcdaudio
CAN-2005-0706
---------------------------------------------------------------------------

The following Peachtree Linux releases are affected:

   Peachtree Linux release 1 ("Atlanta")

Description:

   CAN-2005-0706:  Buffer overflow in CDDB result handling allows
   attackers to cause a denial of service (crash) and possible execute
   arbitrary code by causing the cddb lookup to return more matches than
   expected.

   (NOTE: This vulnerability was originally found to affect grip.  We do
   not ship grip, but Mandriva found that the vulnerability affected
   libcdaudio and gnome-vfs.)

Packages:

   alpha
      7087c543031ed7c2799b047b4d8b2c24  libcdaudio-0.99.4.alpha.dist

   i386
      ca2ca9a7677148641f5c598be1d330b1  libcdaudio-0.99.4.i686.dist

   ppc
      f22c18b50e37e31437ba3ad44fc09d1e  libcdaudio-0.99.4.ppc.dist

Solution:

   Download the appropriate package for your release of Peachtree linux.
   Upgrade your system to the new package:

      distadd -u packagename

   Where package name is the name of the package file from the list above.

-- 
Peachtree Linux Security Team
http://peachtree.burdell.org/

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists