lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <20060802064638.18DFFFDDD@finlandia.home.infodrom.org>
Date: Wed,  2 Aug 2006 08:46:38 +0200 (CEST)
From: joey@...odrom.org (Martin Schulze)
To: debian-security-announce@...ts.debian.org (Debian Security Announcements)
Cc: 
Subject: [SECURITY] [DSA 1135-1] New libtunepimp packages
	fix arbitrary code execution

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1135-1                    security@...ian.org
http://www.debian.org/security/                             Martin Schulze
August 2nd, 2006                        http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : libtunepimp
Vulnerability  : buffer overflow
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2006-3600
BugTraq ID     : 18961
Debian Bug     : 378091

Kevin Kofler discovered several stack-based buffer overflows in the
LookupTRM::lookup function in libtunepimp, a MusicBrainz tagging
library, which allows remote attacers to cause a denial of service or
execute arbitrary code.

For the stable distribution (sarge) these problems have been fixed in
version 0.3.0-3sarge2.

For the unstable distribution (sid) these problems have been fixed in
version 0.4.2-4.

We recommend that you upgrade your libtunepimp packages.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp_0.3.0-3sarge2.dsc
      Size/MD5 checksum:     1030 9a4920fa648987c785ca7a90389e26d2
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp_0.3.0-3sarge2.diff.gz
      Size/MD5 checksum:     6370 7398c09a7d071ae47a47d8cf439f98f4
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp_0.3.0.orig.tar.gz
      Size/MD5 checksum:   524889 f1f506914150c4917ec730f847ad4709

  Alpha architecture:

    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-bin_0.3.0-3sarge2_alpha.deb
      Size/MD5 checksum:    24890 2978735432d84c89ae7298388469f45b
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-perl_0.3.0-3sarge2_alpha.deb
      Size/MD5 checksum:    69628 caebe7ed98abb9434b8271a6a60bbcf3
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2_0.3.0-3sarge2_alpha.deb
      Size/MD5 checksum:   183756 59e0e4beba76a472ab2871ff560e43db
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-3sarge2_alpha.deb
      Size/MD5 checksum:   400968 14a5497f7e5a29c7428051f9ac1197db
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python-tunepimp_0.3.0-3sarge2_alpha.deb
      Size/MD5 checksum:     7514 ed92833051c36f1834d4c2e8431a995b
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.2-tunepimp_0.3.0-3sarge2_alpha.deb
      Size/MD5 checksum:    36986 3f20bf702c8afd5c515caedb3577d7c4
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.3-tunepimp_0.3.0-3sarge2_alpha.deb
      Size/MD5 checksum:    37012 b397a318bf98a9b8a66e92d813ec1417

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-bin_0.3.0-3sarge2_amd64.deb
      Size/MD5 checksum:    22574 ab767e6a192e3435808cdc3c0f2eba10
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-perl_0.3.0-3sarge2_amd64.deb
      Size/MD5 checksum:    64662 2b13c0f10121799469f5918b9457816c
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2_0.3.0-3sarge2_amd64.deb
      Size/MD5 checksum:   167846 c8a9826ed526df5f0b3db91671e86ff8
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-3sarge2_amd64.deb
      Size/MD5 checksum:   309342 989a04b1b26449ccef4534d3b573da3f
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python-tunepimp_0.3.0-3sarge2_amd64.deb
      Size/MD5 checksum:     7062 3f59546ad6171eb57027961425008dda
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.2-tunepimp_0.3.0-3sarge2_amd64.deb
      Size/MD5 checksum:    35350 85910d25472fd6cd765c5ec70eaec73a
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.3-tunepimp_0.3.0-3sarge2_amd64.deb
      Size/MD5 checksum:    35350 ac75587d5816b4b7f4a8c297960c58de

  ARM architecture:

    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-bin_0.3.0-3sarge2_arm.deb
      Size/MD5 checksum:    21328 f0edf637f04bc0569f7d817f7ac4c15f
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-perl_0.3.0-3sarge2_arm.deb
      Size/MD5 checksum:    60078 11945b07935b831ebc12850951da1814
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2_0.3.0-3sarge2_arm.deb
      Size/MD5 checksum:   252294 1dc8ce3cacbafd0e7724c25534e8c2ac
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-3sarge2_arm.deb
      Size/MD5 checksum:   429780 d4025de16da2eeba4daf3b8c373a1972
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python-tunepimp_0.3.0-3sarge2_arm.deb
      Size/MD5 checksum:     7494 4bbe28e891a9bbcc4e45f7b0fcaf3a18
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.2-tunepimp_0.3.0-3sarge2_arm.deb
      Size/MD5 checksum:    30692 deec987c46ef0036daf8da7950250beb
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.3-tunepimp_0.3.0-3sarge2_arm.deb
      Size/MD5 checksum:    30704 e80752d9804d728e54cc21f213ebbc85

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-bin_0.3.0-3sarge2_i386.deb
      Size/MD5 checksum:    21680 0a120ab21f78a77bb59cb99ca1eb1b8f
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-perl_0.3.0-3sarge2_i386.deb
      Size/MD5 checksum:    64192 65733e6e2b007c958edddbaa2297ed8c
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2_0.3.0-3sarge2_i386.deb
      Size/MD5 checksum:   172848 aae66182b0509ed6e9b9ef8fc1efe8e9
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-3sarge2_i386.deb
      Size/MD5 checksum:   295464 bfab73e38dd99e38b6ed3ebc7872521c
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python-tunepimp_0.3.0-3sarge2_i386.deb
      Size/MD5 checksum:     7384 6b0279cb428e28f0c25936f90c171e7e
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.2-tunepimp_0.3.0-3sarge2_i386.deb
      Size/MD5 checksum:    32342 815c12dc0d0bda96bcc3e9e667acdfb1
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.3-tunepimp_0.3.0-3sarge2_i386.deb
      Size/MD5 checksum:    32346 ead31d0b6cd458c681bee2d4fc894df0

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-bin_0.3.0-3sarge2_ia64.deb
      Size/MD5 checksum:    27032 4b4867843c38aec3e7d7cab211c50180
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-perl_0.3.0-3sarge2_ia64.deb
      Size/MD5 checksum:    70892 51a6fc495685aa15bca597ba5d49481d
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2_0.3.0-3sarge2_ia64.deb
      Size/MD5 checksum:   229114 30d7dd79ef08c59c3dccc707ed4c4149
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-3sarge2_ia64.deb
      Size/MD5 checksum:   404248 4417640aa53c74f2316f117788382668
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python-tunepimp_0.3.0-3sarge2_ia64.deb
      Size/MD5 checksum:     7540 86e56a9b5ba5ebac8e1ce08415c81e5c
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.2-tunepimp_0.3.0-3sarge2_ia64.deb
      Size/MD5 checksum:    41274 5d65583580941d6267755c95bacd6041
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.3-tunepimp_0.3.0-3sarge2_ia64.deb
      Size/MD5 checksum:    41290 af3f7132986f4f4eea952b6bf48ab86b

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-bin_0.3.0-3sarge2_hppa.deb
      Size/MD5 checksum:    23038 70f7ff16fa268b83ec8112ea0943eef7
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-perl_0.3.0-3sarge2_hppa.deb
      Size/MD5 checksum:    71002 d4b412a8e7367cbddde555e8bc12b5c4
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2_0.3.0-3sarge2_hppa.deb
      Size/MD5 checksum:   202392 b45edc22062afbc716299c70bbde5e62
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-3sarge2_hppa.deb
      Size/MD5 checksum:   372742 113319297131816655e0b4e9884c0512
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python-tunepimp_0.3.0-3sarge2_hppa.deb
      Size/MD5 checksum:     7388 90e1630a60eebc1316185ad3f17ecfc2
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.2-tunepimp_0.3.0-3sarge2_hppa.deb
      Size/MD5 checksum:    37312 9a1702305b151cc90c33fd037d211c40
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.3-tunepimp_0.3.0-3sarge2_hppa.deb
      Size/MD5 checksum:    37322 e664954cc2797cb6b982234f36a947fc

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-bin_0.3.0-3sarge2_m68k.deb
      Size/MD5 checksum:    21260 ad6086a9b25ca8d5fde4dbc23ce9c692
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-perl_0.3.0-3sarge2_m68k.deb
      Size/MD5 checksum:    65180 ecaf5f32f118c3bea03ee72feb3a706a
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2_0.3.0-3sarge2_m68k.deb
      Size/MD5 checksum:   173120 94856cac57d86e7a03e3809965f0e788
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-3sarge2_m68k.deb
      Size/MD5 checksum:   294810 7f8a76aabf519488b7e6f566a80cbac4
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python-tunepimp_0.3.0-3sarge2_m68k.deb
      Size/MD5 checksum:     7362 b4328d4446b3ac504452637a6fe6bd08
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.2-tunepimp_0.3.0-3sarge2_m68k.deb
      Size/MD5 checksum:    33760 6fad71c1af6746f309fbe8ba2a6eebbe
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.3-tunepimp_0.3.0-3sarge2_m68k.deb
      Size/MD5 checksum:    33790 10d2cbfb58b42889a2c163851e99751b

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-bin_0.3.0-3sarge2_mips.deb
      Size/MD5 checksum:    23990 dcda0902f1c1124f03e9120ebfde0bfd
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-perl_0.3.0-3sarge2_mips.deb
      Size/MD5 checksum:    41350 f7f8f4a0b7c25c235c6b9d8dad1d9d9c
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2_0.3.0-3sarge2_mips.deb
      Size/MD5 checksum:   161176 b7d6241896195d7f314a439b372b127e
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-3sarge2_mips.deb
      Size/MD5 checksum:   327600 eafb77ad18b8856fe45476197067b8e2
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python-tunepimp_0.3.0-3sarge2_mips.deb
      Size/MD5 checksum:     7488 b93b17c16646f9d2c43d3b713f0e414e
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.2-tunepimp_0.3.0-3sarge2_mips.deb
      Size/MD5 checksum:    30832 51f3c2b19ec9e12feca6094bfc1c234c
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.3-tunepimp_0.3.0-3sarge2_mips.deb
      Size/MD5 checksum:    30830 075f88566e8bd20c7035ccb6bd5c75c1

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-bin_0.3.0-3sarge2_mipsel.deb
      Size/MD5 checksum:    24010 948df50ac97f84a3e87915cf8e2e1227
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-perl_0.3.0-3sarge2_mipsel.deb
      Size/MD5 checksum:    41174 58740675d89c0d3790ec8911e465e101
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2_0.3.0-3sarge2_mipsel.deb
      Size/MD5 checksum:   159904 17004743326aa4116d39a51f71205d10
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-3sarge2_mipsel.deb
      Size/MD5 checksum:   327466 227c0388ec56c7d150d0155ae37c4e70
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python-tunepimp_0.3.0-3sarge2_mipsel.deb
      Size/MD5 checksum:     7506 bee85b2381fb78193452dd0b59a6ecae
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.2-tunepimp_0.3.0-3sarge2_mipsel.deb
      Size/MD5 checksum:    30530 061f243e1eca9e6f26ef812964907a74
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.3-tunepimp_0.3.0-3sarge2_mipsel.deb
      Size/MD5 checksum:    30550 d3e03c3944ecc11589d63c9f9cfed9f2

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-bin_0.3.0-3sarge2_powerpc.deb
      Size/MD5 checksum:    24732 c9c38d154af36ad28637c763f8dcd117
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-perl_0.3.0-3sarge2_powerpc.deb
      Size/MD5 checksum:    65578 99ab71a5594f3f69c3e375da379dc530
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2_0.3.0-3sarge2_powerpc.deb
      Size/MD5 checksum:   163704 8f7a6aa6a353144c23a8eed9d364251e
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-3sarge2_powerpc.deb
      Size/MD5 checksum:   313058 e4b4d41dcea114933b79a2f0acf1e933
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python-tunepimp_0.3.0-3sarge2_powerpc.deb
      Size/MD5 checksum:     7540 0a87f9037368c2326618c4fca8420823
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.2-tunepimp_0.3.0-3sarge2_powerpc.deb
      Size/MD5 checksum:    34964 2a29738183724ddf8088457795a57044
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.3-tunepimp_0.3.0-3sarge2_powerpc.deb
      Size/MD5 checksum:    34974 195aaf1a53f0419a6333e49e91b0b2cc

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-bin_0.3.0-3sarge2_s390.deb
      Size/MD5 checksum:    22526 1193ac69323d7c312cd75793087c91b9
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-perl_0.3.0-3sarge2_s390.deb
      Size/MD5 checksum:    47592 e072c4b460e330972eecc8056ffdf62e
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2_0.3.0-3sarge2_s390.deb
      Size/MD5 checksum:   164408 bacc4965dccb7825f71a52bf61216168
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-3sarge2_s390.deb
      Size/MD5 checksum:   293254 68deddeeff41080b0e13a8cab173dad0
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python-tunepimp_0.3.0-3sarge2_s390.deb
      Size/MD5 checksum:     7492 1d23ac5ea74763a38833f933141dd0fa
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.2-tunepimp_0.3.0-3sarge2_s390.deb
      Size/MD5 checksum:    37268 2cf940107c56c3864fa97013bd21598b
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.3-tunepimp_0.3.0-3sarge2_s390.deb
      Size/MD5 checksum:    37252 ac915f3997f66e4c6a94ecee7c6cca37

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-bin_0.3.0-3sarge2_sparc.deb
      Size/MD5 checksum:    21478 93b66545509e935ce3a8be05e71a93c5
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-perl_0.3.0-3sarge2_sparc.deb
      Size/MD5 checksum:    64890 2bfba94ca4422855510dfd2cbdc6ce02
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2_0.3.0-3sarge2_sparc.deb
      Size/MD5 checksum:   163392 a65569a7c43e112ab422e0624a1e4bcb
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-3sarge2_sparc.deb
      Size/MD5 checksum:   299368 c2075aa76dac67ab7c82196ae30a63c4
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python-tunepimp_0.3.0-3sarge2_sparc.deb
      Size/MD5 checksum:     7518 9d9f6ecf4323f7416adb06ccc22c5533
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.2-tunepimp_0.3.0-3sarge2_sparc.deb
      Size/MD5 checksum:    33272 a604ebd85536a7de80d1015114047451
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.3-tunepimp_0.3.0-3sarge2_sparc.deb
      Size/MD5 checksum:    33280 3d50a7091fb5ed0038956a81c0bfd828


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@...ts.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFE0EpNW5ql+IAeqTIRAnPJAJ4oPLsqagIOfSbMv7E3Nkc853YBjQCgqj6T
TfThd625vxEiVERXLAZK+K8=
=esVD
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ