lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1LwXSz-0001Kh-0S@titan.mandriva.com>
Date: Wed, 22 Apr 2009 10:06:00 +0200
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDVSA-2009:093 ] mpg123


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2009:093
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : mpg123
 Date    : April 22, 2009
 Affected: 2008.1, 2009.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been found and corrected in mpg123:
 
 Integer signedness error in the store_id3_text function in the
 ID3v2 code in mpg123 before 1.7.2 allows remote attackers to cause a
 denial of service (out-of-bounds memory access) and possibly execute
 arbitrary code via an ID3 tag with a negative encoding value.  NOTE:
 some of these details are obtained from third party information
 (CVE-2009-1301).
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1301
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.1:
 841bd47d2b98cea2d6599b06b8f37941  2008.1/i586/libmpg123_0-1.3.0-2.1mdv2008.1.i586.rpm
 e12f7c088f18cd8bb23fbe020110c549  2008.1/i586/libmpg123-devel-1.3.0-2.1mdv2008.1.i586.rpm
 b34bad8d5898df44ac1d0bec68e89177  2008.1/i586/mpg123-1.3.0-2.1mdv2008.1.i586.rpm
 07e785c76d1966af59261e15444c7bd5  2008.1/i586/mpg123-arts-1.3.0-2.1mdv2008.1.i586.rpm
 4062000a7af212ca1966207ffbe5801e  2008.1/i586/mpg123-esd-1.3.0-2.1mdv2008.1.i586.rpm
 1bba6b00c83a8286d025af3610ca3aae  2008.1/i586/mpg123-jack-1.3.0-2.1mdv2008.1.i586.rpm
 ca8cecc89792bb9a642eea1cb998b6ed  2008.1/i586/mpg123-nas-1.3.0-2.1mdv2008.1.i586.rpm
 06d2112fd4e1ee796b58449344e68c62  2008.1/i586/mpg123-portaudio-1.3.0-2.1mdv2008.1.i586.rpm
 6b59b19a0762c7758e95886ab0beee84  2008.1/i586/mpg123-pulse-1.3.0-2.1mdv2008.1.i586.rpm
 e8a971e1baabaaa3b537bf09a41a60a9  2008.1/i586/mpg123-sdl-1.3.0-2.1mdv2008.1.i586.rpm 
 7f2b01f872bef312145e9457d40915e0  2008.1/SRPMS/mpg123-1.3.0-2.1mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 80de2daf3547f24a55b11eb4081d8764  2008.1/x86_64/lib64mpg123_0-1.3.0-2.1mdv2008.1.x86_64.rpm
 f316f27f7c2649ab4a11d370fdd77a57  2008.1/x86_64/lib64mpg123-devel-1.3.0-2.1mdv2008.1.x86_64.rpm
 fbf5a5cb6f12573a918cc65087aaf886  2008.1/x86_64/mpg123-1.3.0-2.1mdv2008.1.x86_64.rpm
 ff1337fe890fd39ba17e78446d594501  2008.1/x86_64/mpg123-arts-1.3.0-2.1mdv2008.1.x86_64.rpm
 45cbe7842f7ad497d5a199e1b0965682  2008.1/x86_64/mpg123-esd-1.3.0-2.1mdv2008.1.x86_64.rpm
 603a552d7c630b8978976dd685cd26b5  2008.1/x86_64/mpg123-jack-1.3.0-2.1mdv2008.1.x86_64.rpm
 9921ffe979eabac108a1a36e4b0d5dd2  2008.1/x86_64/mpg123-nas-1.3.0-2.1mdv2008.1.x86_64.rpm
 68a74b613c67555f17784d5c4713648c  2008.1/x86_64/mpg123-portaudio-1.3.0-2.1mdv2008.1.x86_64.rpm
 72a05a1eebcc661707399d8d6f331ba1  2008.1/x86_64/mpg123-pulse-1.3.0-2.1mdv2008.1.x86_64.rpm
 c8c753e156be443afba158363dd3e39a  2008.1/x86_64/mpg123-sdl-1.3.0-2.1mdv2008.1.x86_64.rpm 
 7f2b01f872bef312145e9457d40915e0  2008.1/SRPMS/mpg123-1.3.0-2.1mdv2008.1.src.rpm

 Mandriva Linux 2009.0:
 55d2e58aac27199d56fafa090f304e1d  2009.0/i586/libmpg123_0-1.5.1-1.1mdv2009.0.i586.rpm
 12c5fd3ed53e3acde2fd864adb71f3a2  2009.0/i586/libmpg123-devel-1.5.1-1.1mdv2009.0.i586.rpm
 bdd8379acaf7ee7ae7cab0f33171894e  2009.0/i586/mpg123-1.5.1-1.1mdv2009.0.i586.rpm
 1cf33578ede2faf231beb65ba87d44f6  2009.0/i586/mpg123-arts-1.5.1-1.1mdv2009.0.i586.rpm
 fb3a2408082c979e8c0113f4f75bd2ae  2009.0/i586/mpg123-esd-1.5.1-1.1mdv2009.0.i586.rpm
 6cf812ce20e713b3348da94148591531  2009.0/i586/mpg123-jack-1.5.1-1.1mdv2009.0.i586.rpm
 cf104d9c646ad25aa3f8fdfe2397d7a1  2009.0/i586/mpg123-nas-1.5.1-1.1mdv2009.0.i586.rpm
 25deb84bde82e41deb31bfa2baaa081a  2009.0/i586/mpg123-portaudio-1.5.1-1.1mdv2009.0.i586.rpm
 278145ef704f391efa4d47b1b6560797  2009.0/i586/mpg123-pulse-1.5.1-1.1mdv2009.0.i586.rpm
 12249c606e9091db23e7e8679cc62a59  2009.0/i586/mpg123-sdl-1.5.1-1.1mdv2009.0.i586.rpm 
 33c0c1eca9214ae675ee64e5f60a5680  2009.0/SRPMS/mpg123-1.5.1-1.1mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 55456399081d421116e15fb5c6142047  2009.0/x86_64/lib64mpg123_0-1.5.1-1.1mdv2009.0.x86_64.rpm
 61ee85441821a474afc3c5bbc078fe3a  2009.0/x86_64/lib64mpg123-devel-1.5.1-1.1mdv2009.0.x86_64.rpm
 a6862814757d750351cf2e5ae2a63513  2009.0/x86_64/mpg123-1.5.1-1.1mdv2009.0.x86_64.rpm
 9dd1fe35d257e3b572f62a1b84973539  2009.0/x86_64/mpg123-arts-1.5.1-1.1mdv2009.0.x86_64.rpm
 9c3352756eb2d47674b78c06d64af245  2009.0/x86_64/mpg123-esd-1.5.1-1.1mdv2009.0.x86_64.rpm
 6861a571d67491f5f682f28ba20791b0  2009.0/x86_64/mpg123-jack-1.5.1-1.1mdv2009.0.x86_64.rpm
 d68a98de48576e1ae59ff7416310722d  2009.0/x86_64/mpg123-nas-1.5.1-1.1mdv2009.0.x86_64.rpm
 41300cdbaecbb9076be86523c02fcd02  2009.0/x86_64/mpg123-portaudio-1.5.1-1.1mdv2009.0.x86_64.rpm
 f5cfbb7a0924144907727d3243dc36bb  2009.0/x86_64/mpg123-pulse-1.5.1-1.1mdv2009.0.x86_64.rpm
 7a4befb77ac872c102d62b479729c4bf  2009.0/x86_64/mpg123-sdl-1.5.1-1.1mdv2009.0.x86_64.rpm 
 33c0c1eca9214ae675ee64e5f60a5680  2009.0/SRPMS/mpg123-1.5.1-1.1mdv2009.0.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFJ7qQEmqjQ0CJFipgRAnQaAJ9IYBt9io4Hoyc6DgGQU5JeISRAcACgq5I0
uYhyYA9o/xPZaC6JwH9irQQ=
=st9Z
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ