Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs


Top White Papers

More on LinuxToday


Advisories, August 30, 2006

Aug 31, 2006, 03:45 (0 Talkback[s])

Debian GNU/Linux


Debian Security Advisory DSA 1162-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
August 30th, 2006 http://www.debian.org/security/faq


Package : libmusicbrainz-2.0, libmusicbrainz-2.1
Vulnerability : buffer overflows
Problem type : remote
Debian-specific: no
CVE ID : CVE-2006-4197
BugTraq ID : 19508
Debian Bug : 383030

Luigi Auriemma discovered several buffer overflows in libmusicbrainz, a CD index library, that allow remote attackers to cause a denial of service or execute arbitrary code.

For the stable distribution (sarge) these problems have been fixed in version 2.0.2-10sarge1 and 2.1.1-3sarge1.

For the unstable distribution (sid) these problems have been fixed in version 2.1.4-1.

We recommend that you upgrade your libmusicbrainz packages.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given at the end of this advisory:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge


Source archives:

    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/libmusicbrainz-2.0_2.0.2-10sarge1.diff.gz
      Size/MD5 checksum: 168247 b58a52a9461807e4b8ba7e999ab55bd0
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.1/libmusicbrainz-2.1_2.1.1-3sarge1.diff.gz
      Size/MD5 checksum: 4387 338be74d83828d003745167f65065080
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/libmusicbrainz-2.0_2.0.2.orig.tar.gz
      Size/MD5 checksum: 583123 28226090a5bf5bc844634e1d4faf6334
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.1/libmusicbrainz-2.1_2.1.1-3sarge1.dsc
      Size/MD5 checksum: 712 f40fe796858992908d8c9a2254111a22
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.1/libmusicbrainz-2.1_2.1.1.orig.tar.gz
      Size/MD5 checksum: 528162 4f753d93a85cf413e00f1394b8cbd269
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/libmusicbrainz-2.0_2.0.2-10sarge1.dsc
      Size/MD5 checksum: 805 29c7f0dc846b801f01f9bb3381ea1f34

Alpha architecture:

    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.2-musicbrainz_2.0.2-10sarge1_alpha.deb
      Size/MD5 checksum: 23984 a481e01bb30933b41410822356343e75
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.1/libmusicbrainz4-dev_2.1.1-3sarge1_alpha.deb
      Size/MD5 checksum: 155482 ae7526d2f724bfca20891fb2b08d05fe
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.3-musicbrainz_2.0.2-10sarge1_alpha.deb
      Size/MD5 checksum: 24016 544e21bdc17518f2c89c2dd8fcce8221
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/libmusicbrainz2_2.0.2-10sarge1_alpha.deb
      Size/MD5 checksum: 123686 d956c735abd512f17fd90f42a00858fa
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.1-musicbrainz_2.0.2-10sarge1_alpha.deb
      Size/MD5 checksum: 23848 cc3cc2e376cb46a4f056b9640b3a53b8
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.1/libmusicbrainz4_2.1.1-3sarge1_alpha.deb
      Size/MD5 checksum: 89370 db2ca98dcaf749c3515a0e9f31ead00d
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/libmusicbrainz2-dev_2.0.2-10sarge1_alpha.deb
      Size/MD5 checksum: 207602 4dd8aa2842f090985611f17994da75ac
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python-musicbrainz_2.0.2-10sarge1_alpha.deb
      Size/MD5 checksum: 4780 c88c851864d979d29d21de148b28d136

AMD64 architecture:

    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/libmusicbrainz2-dev_2.0.2-10sarge1_amd64.deb
      Size/MD5 checksum: 151400 cf5f994d240d0ea005d702b79afa3c2a
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.1/libmusicbrainz4_2.1.1-3sarge1_amd64.deb
      Size/MD5 checksum: 80102 1a84d550a88cad4619a4c48b0a92a362
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.3-musicbrainz_2.0.2-10sarge1_amd64.deb
      Size/MD5 checksum: 23636 1bb091b8c621d83a85fe70de1d558001
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python-musicbrainz_2.0.2-10sarge1_amd64.deb
      Size/MD5 checksum: 4782 efb3896318b6b6c068a9cf70f5e70724
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.1/libmusicbrainz4-dev_2.1.1-3sarge1_amd64.deb
      Size/MD5 checksum: 115810 244b8b22dd20e28edd32f3eaa2bd58ac
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.1-musicbrainz_2.0.2-10sarge1_amd64.deb
      Size/MD5 checksum: 23466 6d369590afc821d0607ff5396607b466
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/libmusicbrainz2_2.0.2-10sarge1_amd64.deb
      Size/MD5 checksum: 106308 4dbd44c487688ea1c03801cc49b40815
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.2-musicbrainz_2.0.2-10sarge1_amd64.deb
      Size/MD5 checksum: 23562 843bb47d87c0b89f317a33f484ee4de6

ARM architecture:

    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/libmusicbrainz2-dev_2.0.2-10sarge1_arm.deb
      Size/MD5 checksum: 206234 d29878a4480951afc9b1b30afb080aeb
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.1/libmusicbrainz4-dev_2.1.1-3sarge1_arm.deb
      Size/MD5 checksum: 167104 cbb4571a6f07459e3bc688d47caf7751
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/libmusicbrainz2_2.0.2-10sarge1_arm.deb
      Size/MD5 checksum: 143252 9c67cb40525ed311d0afe0e886a4ba05
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.1-musicbrainz_2.0.2-10sarge1_arm.deb
      Size/MD5 checksum: 21656 9f307679152e3881f743a8063ae71ef5
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.3-musicbrainz_2.0.2-10sarge1_arm.deb
      Size/MD5 checksum: 21878 eef87ba7200b1c2762543520503d946b
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python-musicbrainz_2.0.2-10sarge1_arm.deb
      Size/MD5 checksum: 4786 e6812e039a5c1fe068ab1667103e578d
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.2-musicbrainz_2.0.2-10sarge1_arm.deb
      Size/MD5 checksum: 21828 a93e031bbb43d22fe9520826c52e79cd
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.1/libmusicbrainz4_2.1.1-3sarge1_arm.deb
      Size/MD5 checksum: 117074 8ba47b507544adf542bc964699b80ac7

HP Precision architecture:

    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/libmusicbrainz2-dev_2.0.2-10sarge1_hppa.deb
      Size/MD5 checksum: 185786 8b7d9be721d6aab63b6a04510db7ae9c
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.1/libmusicbrainz4-dev_2.1.1-3sarge1_hppa.deb
      Size/MD5 checksum: 145430 ef9b9a6ad00a645818b18cfc56255c97
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.2-musicbrainz_2.0.2-10sarge1_hppa.deb
      Size/MD5 checksum: 24130 e192789d6f4dc9f4ae1810b5519d3ddc
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.1-musicbrainz_2.0.2-10sarge1_hppa.deb
      Size/MD5 checksum: 23814 835166d7569138fce8029f027c14780a
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python-musicbrainz_2.0.2-10sarge1_hppa.deb
      Size/MD5 checksum: 4780 c7a6a516dd37476733490f0e83d0dfad
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.1/libmusicbrainz4_2.1.1-3sarge1_hppa.deb
      Size/MD5 checksum: 96334 52d069c4fce32bc725bc9a77f545c04e
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/libmusicbrainz2_2.0.2-10sarge1_hppa.deb
      Size/MD5 checksum: 126478 8e8257076ce5542ac8cdb06553be2819
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.3-musicbrainz_2.0.2-10sarge1_hppa.deb
      Size/MD5 checksum: 24182 b0fe8cbd9f7853d7a8d861186424c52d

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.1/libmusicbrainz4_2.1.1-3sarge1_i386.deb
      Size/MD5 checksum: 82838 0ab8cceddfe08df07b305f25dbb6884f
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python-musicbrainz_2.0.2-10sarge1_i386.deb
      Size/MD5 checksum: 4778 c68ec4e6dac4a786ba086e189ee2ebe2
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.1-musicbrainz_2.0.2-10sarge1_i386.deb
      Size/MD5 checksum: 22090 2ebda2a4fa8b31c8d2d8b13ccecfe41f
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.3-musicbrainz_2.0.2-10sarge1_i386.deb
      Size/MD5 checksum: 22476 85d4989ce872a843aec0e63009ddb6d1
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.2-musicbrainz_2.0.2-10sarge1_i386.deb
      Size/MD5 checksum: 22400 049309ce3c10a1a8890cfec22ee385c8
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.1/libmusicbrainz4-dev_2.1.1-3sarge1_i386.deb
      Size/MD5 checksum: 111352 3b764c48ee0e35030e6d519a3a426294
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/libmusicbrainz2_2.0.2-10sarge1_i386.deb
      Size/MD5 checksum: 108792 2202e5a768805e93ed8f28880fb1060e
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/libmusicbrainz2-dev_2.0.2-10sarge1_i386.deb
      Size/MD5 checksum: 146590 91a4e9693e61bedf0f9904050bfda0dd

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/libmusicbrainz2-dev_2.0.2-10sarge1_ia64.deb
      Size/MD5 checksum: 196746 0736d510a0fb990f87263bc57ec6e29f
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.1-musicbrainz_2.0.2-10sarge1_ia64.deb
      Size/MD5 checksum: 25542 b432ae1737bfa32f1f19829549000bd0
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.2-musicbrainz_2.0.2-10sarge1_ia64.deb
      Size/MD5 checksum: 25926 b5329eeaa64f90664c11f9019d3a9dfd
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python-musicbrainz_2.0.2-10sarge1_ia64.deb
      Size/MD5 checksum: 4780 4e7d520ff8dc142f072431488031fba6
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.1/libmusicbrainz4-dev_2.1.1-3sarge1_ia64.deb
      Size/MD5 checksum: 153128 44fde13a03c7a40f436d23210bc619ca
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.3-musicbrainz_2.0.2-10sarge1_ia64.deb
      Size/MD5 checksum: 26000 a2d52c02437728546fd1ee513b6a56f6
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/libmusicbrainz2_2.0.2-10sarge1_ia64.deb
      Size/MD5 checksum: 138706 7bcff831394f249c612456972d8480ff
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.1/libmusicbrainz4_2.1.1-3sarge1_ia64.deb
      Size/MD5 checksum: 106676 a8abfd0252a5ed0929f6e49957b7af29

Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.3-musicbrainz_2.0.2-10sarge1_m68k.deb
      Size/MD5 checksum: 22474 3619fe2cc6be1748c971d03af5111a2c
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/libmusicbrainz2_2.0.2-10sarge1_m68k.deb
      Size/MD5 checksum: 103836 e48278f3c45d64a3ade08be60807dbb1
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.1-musicbrainz_2.0.2-10sarge1_m68k.deb
      Size/MD5 checksum: 22290 1057a07210dec68fb27ad85556011cfc
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/libmusicbrainz2-dev_2.0.2-10sarge1_m68k.deb
      Size/MD5 checksum: 139162 5587a86130a1e805828d8a99a047712b
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.2-musicbrainz_2.0.2-10sarge1_m68k.deb
      Size/MD5 checksum: 22396 ef41c72e17c23c1c410dee8072b41e4b
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.1/libmusicbrainz4-dev_2.1.1-3sarge1_m68k.deb
      Size/MD5 checksum: 105084 9b339ee1c1201014c80bc0511b586f52
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python-musicbrainz_2.0.2-10sarge1_m68k.deb
      Size/MD5 checksum: 4792 9dd1fe5df6705b9fad2de29a682c72d9
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.1/libmusicbrainz4_2.1.1-3sarge1_m68k.deb
      Size/MD5 checksum: 78370 77f78f1094288437ec9a6a1850b0865d

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/libmusicbrainz2-dev_2.0.2-10sarge1_mips.deb
      Size/MD5 checksum: 165728 a3eccff7424e136504e52c5a08485d0e
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.3-musicbrainz_2.0.2-10sarge1_mips.deb
      Size/MD5 checksum: 22204 3ed2a59ae9038650ad2a7e3a0791e6fd
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.1-musicbrainz_2.0.2-10sarge1_mips.deb
      Size/MD5 checksum: 21978 68434c7188f959e1ddc06a57ec93f4dc
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.1/libmusicbrainz4-dev_2.1.1-3sarge1_mips.deb
      Size/MD5 checksum: 126602 92f3b8127435356cee92d64f3e82330d
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.1/libmusicbrainz4_2.1.1-3sarge1_mips.deb
      Size/MD5 checksum: 79366 022143635f404d04d252bd576344320f
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/libmusicbrainz2_2.0.2-10sarge1_mips.deb
      Size/MD5 checksum: 105770 b73703386d3abc7e608b950bdd0de46c
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.2-musicbrainz_2.0.2-10sarge1_mips.deb
      Size/MD5 checksum: 22164 69e8fae93084d2d07659197112a7e9ab
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python-musicbrainz_2.0.2-10sarge1_mips.deb
      Size/MD5 checksum: 4784 87afa4bfc539ff744db5b1be52994658

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.1/libmusicbrainz4-dev_2.1.1-3sarge1_mipsel.deb
      Size/MD5 checksum: 126836 ba1612416f648e552f53f3391115a347
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.1-musicbrainz_2.0.2-10sarge1_mipsel.deb
      Size/MD5 checksum: 21900 97e3aacc4183b0dc943fb05f96508721
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python-musicbrainz_2.0.2-10sarge1_mipsel.deb
      Size/MD5 checksum: 4786 8c887b8e66f5c3c5a4f2a5dff72c0261
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/libmusicbrainz2-dev_2.0.2-10sarge1_mipsel.deb
      Size/MD5 checksum: 165786 840d773c5997ecf01a9eb2c49f8dd67c
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.1/libmusicbrainz4_2.1.1-3sarge1_mipsel.deb
      Size/MD5 checksum: 79124 e8c08f9b603230a6cfcc078b3586e757
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.2-musicbrainz_2.0.2-10sarge1_mipsel.deb
      Size/MD5 checksum: 22052 ebe792748a6b7b440fc6dccc76ed2548
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/libmusicbrainz2_2.0.2-10sarge1_mipsel.deb
      Size/MD5 checksum: 105484 817450bc2a7cafc4d3f3bd65037a80ee
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.3-musicbrainz_2.0.2-10sarge1_mipsel.deb
      Size/MD5 checksum: 22102 b9eaf668f80bd9d7ba68c52a51f83b4c

PowerPC architecture:

    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.1/libmusicbrainz4_2.1.1-3sarge1_powerpc.deb
      Size/MD5 checksum: 82128 41bef977185e04ea3b747b10d4add31b
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python-musicbrainz_2.0.2-10sarge1_powerpc.deb
      Size/MD5 checksum: 4788 21157ec4a7697b0538857380c40d98c6
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.1/libmusicbrainz4-dev_2.1.1-3sarge1_powerpc.deb
      Size/MD5 checksum: 119702 37be829852eb8088dc5735dce558960d
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/libmusicbrainz2-dev_2.0.2-10sarge1_powerpc.deb
      Size/MD5 checksum: 157740 afc6f2cb4c3ba629cd8657c84e350bb6
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.2-musicbrainz_2.0.2-10sarge1_powerpc.deb
      Size/MD5 checksum: 24014 3297d2fa6ce1910aaab27e3e6334dda0
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.1-musicbrainz_2.0.2-10sarge1_powerpc.deb
      Size/MD5 checksum: 23736 e1915e5a128dff5983ce32cea29d83e4
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/libmusicbrainz2_2.0.2-10sarge1_powerpc.deb
      Size/MD5 checksum: 109158 21b1de237831f5607d053dd260b97891
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.3-musicbrainz_2.0.2-10sarge1_powerpc.deb
      Size/MD5 checksum: 24046 0fe9c3e3b1a6f87285ae82216ffeffb5

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.1/libmusicbrainz4-dev_2.1.1-3sarge1_s390.deb
      Size/MD5 checksum: 109362 ffe626e5868d43716e48cf1b9e89a06e
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.2-musicbrainz_2.0.2-10sarge1_s390.deb
      Size/MD5 checksum: 24412 354313e4f6bcd7e7c08dc4cde1034971
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.1-musicbrainz_2.0.2-10sarge1_s390.deb
      Size/MD5 checksum: 23716 553643dcd160631b8051bc4b4d156039
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.3-musicbrainz_2.0.2-10sarge1_s390.deb
      Size/MD5 checksum: 24488 2d583f716f05b48b86e3cb50cd1f2c48
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python-musicbrainz_2.0.2-10sarge1_s390.deb
      Size/MD5 checksum: 4784 bc5fa6405b07892b6cffc60f8640d989
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/libmusicbrainz2_2.0.2-10sarge1_s390.deb
      Size/MD5 checksum: 107408 1c6b39d3827e33c4af1c1ea4e98ccfad
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/libmusicbrainz2-dev_2.0.2-10sarge1_s390.deb
      Size/MD5 checksum: 148338 026e28589d14d5632d656f87963517e3
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.1/libmusicbrainz4_2.1.1-3sarge1_s390.deb
      Size/MD5 checksum: 78782 5cf9096bc6ecac246a848494762242f6

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python-musicbrainz_2.0.2-10sarge1_sparc.deb
      Size/MD5 checksum: 4784 d087972529c2710cdb312fee1022bf9c
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.3-musicbrainz_2.0.2-10sarge1_sparc.deb
      Size/MD5 checksum: 22286 b35b316fca2f4be097dc174d77507084
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.1/libmusicbrainz4-dev_2.1.1-3sarge1_sparc.deb
      Size/MD5 checksum: 113740 4875e3ce5c7c679254631ede45933e40
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/libmusicbrainz2-dev_2.0.2-10sarge1_sparc.deb
      Size/MD5 checksum: 149180 df2b44489b12f10880a4cce44620bdb6
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/libmusicbrainz2_2.0.2-10sarge1_sparc.deb
      Size/MD5 checksum: 104456 8a2b1a972123dd0ff2007a98245e2013
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.1/libmusicbrainz4_2.1.1-3sarge1_sparc.deb
      Size/MD5 checksum: 78344 95c19c8cf73ed6f1d2f64c34b21f941c
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.1-musicbrainz_2.0.2-10sarge1_sparc.deb
      Size/MD5 checksum: 21924 4bb94577d1558f70bc69d689e12524f6
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.2-musicbrainz_2.0.2-10sarge1_sparc.deb
      Size/MD5 checksum: 22250 f658a05b1e4ba44e22a377dad6f452ee

These files will probably be moved into the stable distribution on its next update.



Debian Security Advisory DSA 1163-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
August 30th, 2006 http://www.debian.org/security/faq


Package : gtetrinet
Vulnerability : programming error
Problem type : remote
Debian-specific: no
CVE ID : CVE-2006-3125

Michael Gehring discovered several potential out-of-bounds index accesses in gtetrinet, a multiplayer Tetris-like game, which may allow a remove server to execute arbitrary code.

For the stable distribution (sarge) these problems have been fixed in version 0.7.8-1sarge2.

For the unstable distribution (sid) these problems will be fixed soon.

We recommend that you upgrade your gtetrinet package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given at the end of this advisory:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge


Source archives:

    http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7.8-1sarge2.dsc
      Size/MD5 checksum: 1458 f0e79e08b32da17b7fec81953058bfd6
    http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7.8-1sarge2.diff.gz
      Size/MD5 checksum: 6536 8e5ec47971abaefe25c81eddbd08df03
    http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7.8.orig.tar.gz
      Size/MD5 checksum: 513790 bff5b52ead863ac2ac859880abbab2c4

Alpha architecture:

    http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7.8-1sarge2_alpha.deb
      Size/MD5 checksum: 305500 ada4429dedbe5c2a6481e2a0a7c2b8aa

AMD64 architecture:

    http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7.8-1sarge2_amd64.deb
      Size/MD5 checksum: 295034 657a0a323a479444ed04becdd494726d

ARM architecture:

    http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7.8-1sarge2_arm.deb
      Size/MD5 checksum: 289166 7fceb7b8fd84d2e4e4792222e1ea74bf

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7.8-1sarge2_i386.deb
      Size/MD5 checksum: 291430 8e395773c184dfdb379342fc3805e9ce

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7.8-1sarge2_ia64.deb
      Size/MD5 checksum: 316198 76659d5ee5072dfb30c58d9967239936

HP Precision architecture:

    http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7.8-1sarge2_hppa.deb
      Size/MD5 checksum: 297686 c55008b4d7d679311a41a331cd3fc437

Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7.8-1sarge2_m68k.deb
      Size/MD5 checksum: 284212 9b70187f40dac186929be12f38c900dc

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7.8-1sarge2_mips.deb
      Size/MD5 checksum: 291736 9a30091ac2ab35a65bb4f0689dca0705

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7.8-1sarge2_mipsel.deb
      Size/MD5 checksum: 290484 1fc68ebb2e3ea41326500e6394c41a6e

PowerPC architecture:

    http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7.8-1sarge2_powerpc.deb
      Size/MD5 checksum: 293458 8b005ce2049acc89205c9aa74dd3fc4f

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7.8-1sarge2_s390.deb
      Size/MD5 checksum: 295194 2fc0597edcad6cc1af5d7b08c734ae08

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7.8-1sarge2_sparc.deb
      Size/MD5 checksum: 289322 e944d44ed1aa2e9ae32d9d8571affd33

These files will probably be moved into the stable distribution on its next update.


For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

Mandriva Linux


Mandriva Linux Security Advisory MDKSA-2006:156
http://www.mandriva.com/security/


Package : sendmail
Date : August 30, 2006
Affected: 2006.0, Corporate 3.0, Multi Network Firewall 2.0


Problem Description:

Moritz Jodeit discovered a vulnerability in sendmail when processing very long header lines that could be exploited to cause a Denial of Service by crashing sendmail.

The updated packages have been patched to correct this issue.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4434


Updated Packages:

Mandriva Linux 2006.0:
a870f27eea807314c3688258eed755a5 2006.0/RPMS/sendmail-8.13.4-6.3.20060mdk.i586.rpm
35666ba77272168154638784d3126e8a 2006.0/RPMS/sendmail-cf-8.13.4-6.3.20060mdk.i586.rpm
e68900de30eb26c1ad6023b6f25feda4 2006.0/RPMS/sendmail-devel-8.13.4-6.3.20060mdk.i586.rpm
adbdad6844cc56e002e300703dfa800f 2006.0/RPMS/sendmail-doc-8.13.4-6.3.20060mdk.i586.rpm
8db59bc684bf7ee7b50f8d9025aa2f99 2006.0/SRPMS/sendmail-8.13.4-6.3.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
1c23ae6dc8b9aad58efa1f45082bd594 x86_64/2006.0/RPMS/sendmail-8.13.4-6.3.20060mdk.x86_64.rpm
4a4d76c56fb75c24994b0e7759033462 x86_64/2006.0/RPMS/sendmail-cf-8.13.4-6.3.20060mdk.x86_64.rpm
15316c4ecd26d10f840a0e2e9cff0164 x86_64/2006.0/RPMS/sendmail-devel-8.13.4-6.3.20060mdk.x86_64.rpm
31db86ce194192d535a6adbb60f86691 x86_64/2006.0/RPMS/sendmail-doc-8.13.4-6.3.20060mdk.x86_64.rpm
8db59bc684bf7ee7b50f8d9025aa2f99 x86_64/2006.0/SRPMS/sendmail-8.13.4-6.3.20060mdk.src.rpm

Corporate 3.0:
421f3b45e01bbb9ea6dd907a60eafd21 corporate/3.0/RPMS/sendmail-8.12.11-1.3.C30mdk.i586.rpm
363fe7e5f501e3c638f893e3bb805889 corporate/3.0/RPMS/sendmail-cf-8.12.11-1.3.C30mdk.i586.rpm
efdfae3157d77708d2fdec4fdcbd2362 corporate/3.0/RPMS/sendmail-devel-8.12.11-1.3.C30mdk.i586.rpm
05d8e255ebe10729361bde038ab999ec corporate/3.0/RPMS/sendmail-doc-8.12.11-1.3.C30mdk.i586.rpm
bc7577c81a324fb8c2cb4392f9039372 corporate/3.0/SRPMS/sendmail-8.12.11-1.3.C30mdk.src.rpm

Corporate 3.0/X86_64:
65d846ef86d0df8d32316c79a2b9a326 x86_64/corporate/3.0/RPMS/sendmail-8.12.11-1.3.C30mdk.x86_64.rpm
457e8e7d69b48bbeff20a54c3f01ef4d x86_64/corporate/3.0/RPMS/sendmail-cf-8.12.11-1.3.C30mdk.x86_64.rpm
34e7e51ef099d09b4781d79b3e05be42 x86_64/corporate/3.0/RPMS/sendmail-devel-8.12.11-1.3.C30mdk.x86_64.rpm
31d545ea1139af2b397a5e65d1b6c961 x86_64/corporate/3.0/RPMS/sendmail-doc-8.12.11-1.3.C30mdk.x86_64.rpm
bc7577c81a324fb8c2cb4392f9039372 x86_64/corporate/3.0/SRPMS/sendmail-8.12.11-1.3.C30mdk.src.rpm

Multi Network Firewall 2.0:
d4f9409b6f07b43d8d28340553a42aac mnf/2.0/RPMS/sendmail-8.12.11-1.3.M20mdk.i586.rpm
f50c4ea50ac1f24431c7a693cc665e72 mnf/2.0/RPMS/sendmail-cf-8.12.11-1.3.M20mdk.i586.rpm
7b141d0baf6d3c42bc88bf9aec6c3c93 mnf/2.0/SRPMS/sendmail-8.12.11-1.3.M20mdk.src.rpm


To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com


Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com>


Mandriva Linux Security Advisory MDKSA-2006:157
http://www.mandriva.com/security/


Package : musicbrainz
Date : August 30, 2006
Affected: 2006.0


Problem Description:

Multiple buffer overflows in libmusicbrainz (aka mb_client or MusicBrainz Client Library) 2.1.2 and earlier, and SVN 8406 and earlier, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) a long Location header by the HTTP server, which triggers an overflow in the MBHttp::Download function in lib/http.cpp; and (2) a long URL in RDF data, as demonstrated by a URL in an rdf:resource field in an RDF XML document, which triggers overflows in many functions in lib/rdfparse.c.

The updated packages have been patched to correct this issue.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4197


Updated Packages:

Mandriva Linux 2006.0:
7f958824f626937333164370204436a4 2006.0/RPMS/libmusicbrainz4-2.1.1-3.2.20060mdk.i586.rpm
2e46ed494e52fb2ef47274ffd8f89e9b 2006.0/RPMS/libmusicbrainz4-devel-2.1.1-3.2.20060mdk.i586.rpm
ed0c309b2d648ea55cadec0383ede538 2006.0/SRPMS/musicbrainz-2.1.1-3.2.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
85270a120b6da2fdfe9e72e09394a479 x86_64/2006.0/RPMS/lib64musicbrainz4-2.1.1-3.2.20060mdk.x86_64.rpm
6555da767d22f9f65ee5726f458e001a x86_64/2006.0/RPMS/lib64musicbrainz4-devel-2.1.1-3.2.20060mdk.x86_64.rpm
ed0c309b2d648ea55cadec0383ede538 x86_64/2006.0/SRPMS/musicbrainz-2.1.1-3.2.20060mdk.src.rpm


To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com


Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com>