lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1G2zzo-0004vu-4U@mercury.mandriva.com>
Date: Tue, 18 Jul 2006 18:33:00 -0600
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDKSA-2006:126 ] - Updated libtunepimp packages fixes buffer overflow vulnerabilities.


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:126
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : libtunepimp
 Date    : July 18, 2006
 Affected: 2006.0
 _______________________________________________________________________
 
 Problem Description:
 
 Kevin Kofler discovered multiple stack-based buffer overflows in the 
 LookupTRM::lookup function in libtunepimp 0.4.2 that allow remote 
 user-complicit attackers to cause a denial of service (application crash) 
 and possibly execute code via a long (1) Album release date 
 (MBE_ReleaseGetDate), (2) data, or (3) error strings.
 
 Updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3600
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2006.0:
 fdb516cf3dea20bf1d88fdbfd14c6d5c  2006.0/RPMS/libtunepimp2-0.3.0-3.2.20060mdk.i586.rpm
 5e10b7d6d6455c3b7be8a8cc21957f04  2006.0/RPMS/libtunepimp2-devel-0.3.0-3.2.20060mdk.i586.rpm
 3eb6321a88393a9614346a7104eba2b5  2006.0/RPMS/libtunepimp2-static-devel-0.3.0-3.2.20060mdk.i586.rpm
 5dbdeb4ee582712d8fc368d37b6a0174  2006.0/RPMS/libtunepimp2-utils-0.3.0-3.2.20060mdk.i586.rpm
 05b7eb248b94c2782ae877304bdc09d2  2006.0/SRPMS/libtunepimp-0.3.0-3.2.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 bce87a055a585ea8591cfefe5da6c6cb  x86_64/2006.0/RPMS/lib64tunepimp2-0.3.0-3.2.20060mdk.x86_64.rpm
 20a641a6086e7a752b4f52be49dc743a  x86_64/2006.0/RPMS/lib64tunepimp2-devel-0.3.0-3.2.20060mdk.x86_64.rpm
 14cb96ff49c1607c6ddc58c097bce42f  x86_64/2006.0/RPMS/lib64tunepimp2-static-devel-0.3.0-3.2.20060mdk.x86_64.rpm
 b8910c32850f889d310cc66d7c03f99e  x86_64/2006.0/RPMS/lib64tunepimp2-utils-0.3.0-3.2.20060mdk.x86_64.rpm
 05b7eb248b94c2782ae877304bdc09d2  x86_64/2006.0/SRPMS/libtunepimp-0.3.0-3.2.20060mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEvVOqmqjQ0CJFipgRAmT/AJwN6lZ2N9vVrCTCfeu+P4GCqYrvWACfbQWw
ymaorFMK/yxskvkYtm/e7XI=
=AIkB
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ