[<prev] [next>] [day] [month] [year] [list]
Message-Id: <20060802064638.18DFFFDDD@finlandia.home.infodrom.org>
Date: Wed, 2 Aug 2006 08:46:38 +0200 (CEST)
From: joey@...odrom.org (Martin Schulze)
To: debian-security-announce@...ts.debian.org (Debian Security Announcements)
Cc:
Subject: [SECURITY] [DSA 1135-1] New libtunepimp packages
fix arbitrary code execution
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
Debian Security Advisory DSA 1135-1 security@...ian.org
http://www.debian.org/security/ Martin Schulze
August 2nd, 2006 http://www.debian.org/security/faq
- --------------------------------------------------------------------------
Package : libtunepimp
Vulnerability : buffer overflow
Problem type : remote
Debian-specific: no
CVE ID : CVE-2006-3600
BugTraq ID : 18961
Debian Bug : 378091
Kevin Kofler discovered several stack-based buffer overflows in the
LookupTRM::lookup function in libtunepimp, a MusicBrainz tagging
library, which allows remote attacers to cause a denial of service or
execute arbitrary code.
For the stable distribution (sarge) these problems have been fixed in
version 0.3.0-3sarge2.
For the unstable distribution (sid) these problems have been fixed in
version 0.4.2-4.
We recommend that you upgrade your libtunepimp packages.
Upgrade Instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge
- --------------------------------
Source archives:
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp_0.3.0-3sarge2.dsc
Size/MD5 checksum: 1030 9a4920fa648987c785ca7a90389e26d2
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp_0.3.0-3sarge2.diff.gz
Size/MD5 checksum: 6370 7398c09a7d071ae47a47d8cf439f98f4
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp_0.3.0.orig.tar.gz
Size/MD5 checksum: 524889 f1f506914150c4917ec730f847ad4709
Alpha architecture:
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-bin_0.3.0-3sarge2_alpha.deb
Size/MD5 checksum: 24890 2978735432d84c89ae7298388469f45b
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-perl_0.3.0-3sarge2_alpha.deb
Size/MD5 checksum: 69628 caebe7ed98abb9434b8271a6a60bbcf3
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2_0.3.0-3sarge2_alpha.deb
Size/MD5 checksum: 183756 59e0e4beba76a472ab2871ff560e43db
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-3sarge2_alpha.deb
Size/MD5 checksum: 400968 14a5497f7e5a29c7428051f9ac1197db
http://security.debian.org/pool/updates/main/libt/libtunepimp/python-tunepimp_0.3.0-3sarge2_alpha.deb
Size/MD5 checksum: 7514 ed92833051c36f1834d4c2e8431a995b
http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.2-tunepimp_0.3.0-3sarge2_alpha.deb
Size/MD5 checksum: 36986 3f20bf702c8afd5c515caedb3577d7c4
http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.3-tunepimp_0.3.0-3sarge2_alpha.deb
Size/MD5 checksum: 37012 b397a318bf98a9b8a66e92d813ec1417
AMD64 architecture:
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-bin_0.3.0-3sarge2_amd64.deb
Size/MD5 checksum: 22574 ab767e6a192e3435808cdc3c0f2eba10
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-perl_0.3.0-3sarge2_amd64.deb
Size/MD5 checksum: 64662 2b13c0f10121799469f5918b9457816c
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2_0.3.0-3sarge2_amd64.deb
Size/MD5 checksum: 167846 c8a9826ed526df5f0b3db91671e86ff8
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-3sarge2_amd64.deb
Size/MD5 checksum: 309342 989a04b1b26449ccef4534d3b573da3f
http://security.debian.org/pool/updates/main/libt/libtunepimp/python-tunepimp_0.3.0-3sarge2_amd64.deb
Size/MD5 checksum: 7062 3f59546ad6171eb57027961425008dda
http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.2-tunepimp_0.3.0-3sarge2_amd64.deb
Size/MD5 checksum: 35350 85910d25472fd6cd765c5ec70eaec73a
http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.3-tunepimp_0.3.0-3sarge2_amd64.deb
Size/MD5 checksum: 35350 ac75587d5816b4b7f4a8c297960c58de
ARM architecture:
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-bin_0.3.0-3sarge2_arm.deb
Size/MD5 checksum: 21328 f0edf637f04bc0569f7d817f7ac4c15f
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-perl_0.3.0-3sarge2_arm.deb
Size/MD5 checksum: 60078 11945b07935b831ebc12850951da1814
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2_0.3.0-3sarge2_arm.deb
Size/MD5 checksum: 252294 1dc8ce3cacbafd0e7724c25534e8c2ac
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-3sarge2_arm.deb
Size/MD5 checksum: 429780 d4025de16da2eeba4daf3b8c373a1972
http://security.debian.org/pool/updates/main/libt/libtunepimp/python-tunepimp_0.3.0-3sarge2_arm.deb
Size/MD5 checksum: 7494 4bbe28e891a9bbcc4e45f7b0fcaf3a18
http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.2-tunepimp_0.3.0-3sarge2_arm.deb
Size/MD5 checksum: 30692 deec987c46ef0036daf8da7950250beb
http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.3-tunepimp_0.3.0-3sarge2_arm.deb
Size/MD5 checksum: 30704 e80752d9804d728e54cc21f213ebbc85
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-bin_0.3.0-3sarge2_i386.deb
Size/MD5 checksum: 21680 0a120ab21f78a77bb59cb99ca1eb1b8f
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-perl_0.3.0-3sarge2_i386.deb
Size/MD5 checksum: 64192 65733e6e2b007c958edddbaa2297ed8c
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2_0.3.0-3sarge2_i386.deb
Size/MD5 checksum: 172848 aae66182b0509ed6e9b9ef8fc1efe8e9
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-3sarge2_i386.deb
Size/MD5 checksum: 295464 bfab73e38dd99e38b6ed3ebc7872521c
http://security.debian.org/pool/updates/main/libt/libtunepimp/python-tunepimp_0.3.0-3sarge2_i386.deb
Size/MD5 checksum: 7384 6b0279cb428e28f0c25936f90c171e7e
http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.2-tunepimp_0.3.0-3sarge2_i386.deb
Size/MD5 checksum: 32342 815c12dc0d0bda96bcc3e9e667acdfb1
http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.3-tunepimp_0.3.0-3sarge2_i386.deb
Size/MD5 checksum: 32346 ead31d0b6cd458c681bee2d4fc894df0
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-bin_0.3.0-3sarge2_ia64.deb
Size/MD5 checksum: 27032 4b4867843c38aec3e7d7cab211c50180
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-perl_0.3.0-3sarge2_ia64.deb
Size/MD5 checksum: 70892 51a6fc495685aa15bca597ba5d49481d
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2_0.3.0-3sarge2_ia64.deb
Size/MD5 checksum: 229114 30d7dd79ef08c59c3dccc707ed4c4149
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-3sarge2_ia64.deb
Size/MD5 checksum: 404248 4417640aa53c74f2316f117788382668
http://security.debian.org/pool/updates/main/libt/libtunepimp/python-tunepimp_0.3.0-3sarge2_ia64.deb
Size/MD5 checksum: 7540 86e56a9b5ba5ebac8e1ce08415c81e5c
http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.2-tunepimp_0.3.0-3sarge2_ia64.deb
Size/MD5 checksum: 41274 5d65583580941d6267755c95bacd6041
http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.3-tunepimp_0.3.0-3sarge2_ia64.deb
Size/MD5 checksum: 41290 af3f7132986f4f4eea952b6bf48ab86b
HP Precision architecture:
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-bin_0.3.0-3sarge2_hppa.deb
Size/MD5 checksum: 23038 70f7ff16fa268b83ec8112ea0943eef7
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-perl_0.3.0-3sarge2_hppa.deb
Size/MD5 checksum: 71002 d4b412a8e7367cbddde555e8bc12b5c4
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2_0.3.0-3sarge2_hppa.deb
Size/MD5 checksum: 202392 b45edc22062afbc716299c70bbde5e62
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-3sarge2_hppa.deb
Size/MD5 checksum: 372742 113319297131816655e0b4e9884c0512
http://security.debian.org/pool/updates/main/libt/libtunepimp/python-tunepimp_0.3.0-3sarge2_hppa.deb
Size/MD5 checksum: 7388 90e1630a60eebc1316185ad3f17ecfc2
http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.2-tunepimp_0.3.0-3sarge2_hppa.deb
Size/MD5 checksum: 37312 9a1702305b151cc90c33fd037d211c40
http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.3-tunepimp_0.3.0-3sarge2_hppa.deb
Size/MD5 checksum: 37322 e664954cc2797cb6b982234f36a947fc
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-bin_0.3.0-3sarge2_m68k.deb
Size/MD5 checksum: 21260 ad6086a9b25ca8d5fde4dbc23ce9c692
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-perl_0.3.0-3sarge2_m68k.deb
Size/MD5 checksum: 65180 ecaf5f32f118c3bea03ee72feb3a706a
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2_0.3.0-3sarge2_m68k.deb
Size/MD5 checksum: 173120 94856cac57d86e7a03e3809965f0e788
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-3sarge2_m68k.deb
Size/MD5 checksum: 294810 7f8a76aabf519488b7e6f566a80cbac4
http://security.debian.org/pool/updates/main/libt/libtunepimp/python-tunepimp_0.3.0-3sarge2_m68k.deb
Size/MD5 checksum: 7362 b4328d4446b3ac504452637a6fe6bd08
http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.2-tunepimp_0.3.0-3sarge2_m68k.deb
Size/MD5 checksum: 33760 6fad71c1af6746f309fbe8ba2a6eebbe
http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.3-tunepimp_0.3.0-3sarge2_m68k.deb
Size/MD5 checksum: 33790 10d2cbfb58b42889a2c163851e99751b
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-bin_0.3.0-3sarge2_mips.deb
Size/MD5 checksum: 23990 dcda0902f1c1124f03e9120ebfde0bfd
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-perl_0.3.0-3sarge2_mips.deb
Size/MD5 checksum: 41350 f7f8f4a0b7c25c235c6b9d8dad1d9d9c
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2_0.3.0-3sarge2_mips.deb
Size/MD5 checksum: 161176 b7d6241896195d7f314a439b372b127e
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-3sarge2_mips.deb
Size/MD5 checksum: 327600 eafb77ad18b8856fe45476197067b8e2
http://security.debian.org/pool/updates/main/libt/libtunepimp/python-tunepimp_0.3.0-3sarge2_mips.deb
Size/MD5 checksum: 7488 b93b17c16646f9d2c43d3b713f0e414e
http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.2-tunepimp_0.3.0-3sarge2_mips.deb
Size/MD5 checksum: 30832 51f3c2b19ec9e12feca6094bfc1c234c
http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.3-tunepimp_0.3.0-3sarge2_mips.deb
Size/MD5 checksum: 30830 075f88566e8bd20c7035ccb6bd5c75c1
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-bin_0.3.0-3sarge2_mipsel.deb
Size/MD5 checksum: 24010 948df50ac97f84a3e87915cf8e2e1227
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-perl_0.3.0-3sarge2_mipsel.deb
Size/MD5 checksum: 41174 58740675d89c0d3790ec8911e465e101
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2_0.3.0-3sarge2_mipsel.deb
Size/MD5 checksum: 159904 17004743326aa4116d39a51f71205d10
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-3sarge2_mipsel.deb
Size/MD5 checksum: 327466 227c0388ec56c7d150d0155ae37c4e70
http://security.debian.org/pool/updates/main/libt/libtunepimp/python-tunepimp_0.3.0-3sarge2_mipsel.deb
Size/MD5 checksum: 7506 bee85b2381fb78193452dd0b59a6ecae
http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.2-tunepimp_0.3.0-3sarge2_mipsel.deb
Size/MD5 checksum: 30530 061f243e1eca9e6f26ef812964907a74
http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.3-tunepimp_0.3.0-3sarge2_mipsel.deb
Size/MD5 checksum: 30550 d3e03c3944ecc11589d63c9f9cfed9f2
PowerPC architecture:
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-bin_0.3.0-3sarge2_powerpc.deb
Size/MD5 checksum: 24732 c9c38d154af36ad28637c763f8dcd117
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-perl_0.3.0-3sarge2_powerpc.deb
Size/MD5 checksum: 65578 99ab71a5594f3f69c3e375da379dc530
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2_0.3.0-3sarge2_powerpc.deb
Size/MD5 checksum: 163704 8f7a6aa6a353144c23a8eed9d364251e
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-3sarge2_powerpc.deb
Size/MD5 checksum: 313058 e4b4d41dcea114933b79a2f0acf1e933
http://security.debian.org/pool/updates/main/libt/libtunepimp/python-tunepimp_0.3.0-3sarge2_powerpc.deb
Size/MD5 checksum: 7540 0a87f9037368c2326618c4fca8420823
http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.2-tunepimp_0.3.0-3sarge2_powerpc.deb
Size/MD5 checksum: 34964 2a29738183724ddf8088457795a57044
http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.3-tunepimp_0.3.0-3sarge2_powerpc.deb
Size/MD5 checksum: 34974 195aaf1a53f0419a6333e49e91b0b2cc
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-bin_0.3.0-3sarge2_s390.deb
Size/MD5 checksum: 22526 1193ac69323d7c312cd75793087c91b9
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-perl_0.3.0-3sarge2_s390.deb
Size/MD5 checksum: 47592 e072c4b460e330972eecc8056ffdf62e
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2_0.3.0-3sarge2_s390.deb
Size/MD5 checksum: 164408 bacc4965dccb7825f71a52bf61216168
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-3sarge2_s390.deb
Size/MD5 checksum: 293254 68deddeeff41080b0e13a8cab173dad0
http://security.debian.org/pool/updates/main/libt/libtunepimp/python-tunepimp_0.3.0-3sarge2_s390.deb
Size/MD5 checksum: 7492 1d23ac5ea74763a38833f933141dd0fa
http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.2-tunepimp_0.3.0-3sarge2_s390.deb
Size/MD5 checksum: 37268 2cf940107c56c3864fa97013bd21598b
http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.3-tunepimp_0.3.0-3sarge2_s390.deb
Size/MD5 checksum: 37252 ac915f3997f66e4c6a94ecee7c6cca37
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-bin_0.3.0-3sarge2_sparc.deb
Size/MD5 checksum: 21478 93b66545509e935ce3a8be05e71a93c5
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-perl_0.3.0-3sarge2_sparc.deb
Size/MD5 checksum: 64890 2bfba94ca4422855510dfd2cbdc6ce02
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2_0.3.0-3sarge2_sparc.deb
Size/MD5 checksum: 163392 a65569a7c43e112ab422e0624a1e4bcb
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-3sarge2_sparc.deb
Size/MD5 checksum: 299368 c2075aa76dac67ab7c82196ae30a63c4
http://security.debian.org/pool/updates/main/libt/libtunepimp/python-tunepimp_0.3.0-3sarge2_sparc.deb
Size/MD5 checksum: 7518 9d9f6ecf4323f7416adb06ccc22c5533
http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.2-tunepimp_0.3.0-3sarge2_sparc.deb
Size/MD5 checksum: 33272 a604ebd85536a7de80d1015114047451
http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.3-tunepimp_0.3.0-3sarge2_sparc.deb
Size/MD5 checksum: 33280 3d50a7091fb5ed0038956a81c0bfd828
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@...ts.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
iD8DBQFE0EpNW5ql+IAeqTIRAnPJAJ4oPLsqagIOfSbMv7E3Nkc853YBjQCgqj6T
TfThd625vxEiVERXLAZK+K8=
=esVD
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists