Conectiva Linux Advisories: mpg123, ucd-snmp

Jul 16, 2003, 15:59 (0 Talkback[s])

CONECTIVA LINUX SECURITY ANNOUNCEMENT

PACKAGE	:	mpg123
SUMMARY	:	Local buffer overflow vulnerability
DATE	:	2003-07-15 14:43:00
ID	:	CLA-2003:695
RELEVANT RELEASES	:	7.0, 8

DESCRIPTION
mpg123 is a command line mp3 player.

A vulnerability[1] in the way mpg123 handles mp3 files with a bitrate of zero may allow attackers to execute arbitrary code using a specially crafted mp3 file. This update fixes the problem.

SOLUTION
All mpg123 users should upgrade.

REFERENCES:
2.http://www.securityfocus.com/bid/6629

UPDATED PACKAGES
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/mpg123-0.59r-5U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/mpg123-0.59r-5U70_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/mpg123-0.59r-7U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/SRPMS/mpg123-0.59r-7U80_1cl.src.rpm

ADDITIONAL INSTRUCTIONS
The apt tool can be used to perform RPM packages upgrades:

run: apt-get update
after that, execute: apt-get upgrade

Detailed instructions reagarding the use of apt and upgrade examples can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en

All packages are signed with Conectiva's GPG key. The key and instructions on how to import it can be found at
http://distro.conectiva.com.br/seguranca/chave/?idioma=en Instructions on how to check the signatures of the RPM packages can be found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en

All our advisories and generic update instructions can be viewed at http://distro.conectiva.com.br/atualizacoes/?idioma=en

CONECTIVA LINUX SECURITY ANNOUNCEMENT

PACKAGE	:	ucd-snmp
SUMMARY	:	Remote heap overflow vulnerability
DATE	:	2003-07-15 15:03:00
ID	:	CLA-2003:696
RELEVANT RELEASES	:	7.0, 8

DESCRIPTION
ucd-snmp is an implementation and a set of tools to deal with the Simple Network Management Protocol (SNMP), which is used for remote administration and monitoring of network devices and services.

Axioma Security Research found[1] a remote heap overflow vulnerability[2] in snmpnetstat (a tool used to retrieve information about a remote host). When a list of interfaces is requested, a malicious server can return information in a way that will cause a heap overflow in snmpnetstat.

A remote atacker able to control a snmp server can exploit this vulnerability to execute arbitrary code with the privileges of the user running snmpnetstat.

SOLUTION
All ucd-snmp users should upgrade.

REFERENCES:
1.http://www.securityfocus.com/archive/1/248141
2.http://www.securityfocus.com/bid/3780

ADDITIONAL INSTRUCTIONS
The apt tool can be used to perform RPM packages upgrades:

run: apt-get update
after that, execute: apt-get upgrade

Detailed instructions reagarding the use of apt and upgrade examples can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en

All our advisories and generic update instructions can be viewed at http://distro.conectiva.com.br/atualizacoes/?idioma=en

Top White Papers

Subscribe to Our Daily Newsletter

Current Newswire:

More on LinuxToday

Conectiva Linux Advisories: mpg123, ucd-snmp