<<< Date Index >>>     <<< Thread Index >>>

[ MDKSA-2006:126 ] - Updated libtunepimp packages fixes buffer overflow vulnerabilities.



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:126
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : libtunepimp
 Date    : July 18, 2006
 Affected: 2006.0
 _______________________________________________________________________
 
 Problem Description:
 
 Kevin Kofler discovered multiple stack-based buffer overflows in the 
 LookupTRM::lookup function in libtunepimp 0.4.2 that allow remote 
 user-complicit attackers to cause a denial of service (application crash) 
 and possibly execute code via a long (1) Album release date 
 (MBE_ReleaseGetDate), (2) data, or (3) error strings.
 
 Updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3600
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2006.0:
 fdb516cf3dea20bf1d88fdbfd14c6d5c  
2006.0/RPMS/libtunepimp2-0.3.0-3.2.20060mdk.i586.rpm
 5e10b7d6d6455c3b7be8a8cc21957f04  
2006.0/RPMS/libtunepimp2-devel-0.3.0-3.2.20060mdk.i586.rpm
 3eb6321a88393a9614346a7104eba2b5  
2006.0/RPMS/libtunepimp2-static-devel-0.3.0-3.2.20060mdk.i586.rpm
 5dbdeb4ee582712d8fc368d37b6a0174  
2006.0/RPMS/libtunepimp2-utils-0.3.0-3.2.20060mdk.i586.rpm
 05b7eb248b94c2782ae877304bdc09d2  
2006.0/SRPMS/libtunepimp-0.3.0-3.2.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 bce87a055a585ea8591cfefe5da6c6cb  
x86_64/2006.0/RPMS/lib64tunepimp2-0.3.0-3.2.20060mdk.x86_64.rpm
 20a641a6086e7a752b4f52be49dc743a  
x86_64/2006.0/RPMS/lib64tunepimp2-devel-0.3.0-3.2.20060mdk.x86_64.rpm
 14cb96ff49c1607c6ddc58c097bce42f  
x86_64/2006.0/RPMS/lib64tunepimp2-static-devel-0.3.0-3.2.20060mdk.x86_64.rpm
 b8910c32850f889d310cc66d7c03f99e  
x86_64/2006.0/RPMS/lib64tunepimp2-utils-0.3.0-3.2.20060mdk.x86_64.rpm
 05b7eb248b94c2782ae877304bdc09d2  
x86_64/2006.0/SRPMS/libtunepimp-0.3.0-3.2.20060mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEvVOqmqjQ0CJFipgRAmT/AJwN6lZ2N9vVrCTCfeu+P4GCqYrvWACfbQWw
ymaorFMK/yxskvkYtm/e7XI=
=AIkB
-----END PGP SIGNATURE-----