Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs


More on LinuxToday


Conectiva Linux Advisories: mpg123, ucd-snmp

Jul 16, 2003, 15:59 (0 Talkback[s])

CONECTIVA LINUX SECURITY ANNOUNCEMENT
PACKAGE : mpg123
SUMMARY : Local buffer overflow vulnerability
DATE : 2003-07-15 14:43:00
ID : CLA-2003:695
RELEVANT RELEASES : 7.0, 8

DESCRIPTION
mpg123 is a command line mp3 player.

A vulnerability[1] in the way mpg123 handles mp3 files with a bitrate of zero may allow attackers to execute arbitrary code using a specially crafted mp3 file. This update fixes the problem.

SOLUTION
All mpg123 users should upgrade.

REFERENCES:
2.http://www.securityfocus.com/bid/6629

UPDATED PACKAGES
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/mpg123-0.59r-5U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/mpg123-0.59r-5U70_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/mpg123-0.59r-7U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/SRPMS/mpg123-0.59r-7U80_1cl.src.rpm

ADDITIONAL INSTRUCTIONS
The apt tool can be used to perform RPM packages upgrades:

  • run: apt-get update
  • after that, execute: apt-get upgrade

Detailed instructions reagarding the use of apt and upgrade examples can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en


All packages are signed with Conectiva's GPG key. The key and instructions on how to import it can be found at
http://distro.conectiva.com.br/seguranca/chave/?idioma=en Instructions on how to check the signatures of the RPM packages can be found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en
All our advisories and generic update instructions can be viewed at http://distro.conectiva.com.br/atualizacoes/?idioma=en
Copyright (c) 2003 Conectiva Inc.
http://www.conectiva.com
CONECTIVA LINUX SECURITY ANNOUNCEMENT
PACKAGE : ucd-snmp
SUMMARY : Remote heap overflow vulnerability
DATE : 2003-07-15 15:03:00
ID : CLA-2003:696
RELEVANT RELEASES : 7.0, 8

DESCRIPTION
ucd-snmp is an implementation and a set of tools to deal with the Simple Network Management Protocol (SNMP), which is used for remote administration and monitoring of network devices and services.

Axioma Security Research found[1] a remote heap overflow vulnerability[2] in snmpnetstat (a tool used to retrieve information about a remote host). When a list of interfaces is requested, a malicious server can return information in a way that will cause a heap overflow in snmpnetstat.

A remote atacker able to control a snmp server can exploit this vulnerability to execute arbitrary code with the privileges of the user running snmpnetstat.

SOLUTION
All ucd-snmp users should upgrade.

REFERENCES:
1.http://www.securityfocus.com/archive/1/248141
2.http://www.securityfocus.com/bid/3780

UPDATED PACKAGES
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/ucd-snmp-4.2.3-1U70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/ucd-snmp-devel-4.2.3-1U70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/ucd-snmp-devel-static-4.2.3-1U70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/ucd-snmp-utils-4.2.3-1U70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/ucd-snmp-4.2.3-1U70_2cl.src.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/ucd-snmp-4.2.3-4U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/ucd-snmp-devel-4.2.3-4U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/ucd-snmp-devel-static-4.2.3-4U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/ucd-snmp-utils-4.2.3-4U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/SRPMS/ucd-snmp-4.2.3-4U80_1cl.src.rpm

ADDITIONAL INSTRUCTIONS
The apt tool can be used to perform RPM packages upgrades:

  • run: apt-get update
  • after that, execute: apt-get upgrade

Detailed instructions reagarding the use of apt and upgrade examples can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en


All packages are signed with Conectiva's GPG key. The key and instructions on how to import it can be found at
http://distro.conectiva.com.br/seguranca/chave/?idioma=en Instructions on how to check the signatures of the RPM packages can be found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en
All our advisories and generic update instructions can be viewed at http://distro.conectiva.com.br/atualizacoes/?idioma=en
Copyright (c) 2003 Conectiva Inc.
http://www.conectiva.com