---

Home Security

Advisories, August 30, 2006

By

Debian GNU/Linux

Debian Security Advisory DSA 1162-1 security@debian.org
http://www.debian.org/security/
Martin Schulze
August 30th, 2006 http://www.debian.org/security/faq

Package : libmusicbrainz-2.0, libmusicbrainz-2.1
Vulnerability : buffer overflows
Problem type : remote
Debian-specific: no
CVE ID : CVE-2006-4197
BugTraq ID : 19508
Debian Bug : 383030

Luigi Auriemma discovered several buffer overflows in
libmusicbrainz, a CD index library, that allow remote attackers to
cause a denial of service or execute arbitrary code.

For the stable distribution (sarge) these problems have been
fixed in version 2.0.2-10sarge1 and 2.1.1-3sarge1.

For the unstable distribution (sid) these problems have been
fixed in version 2.1.4-1.

We recommend that you upgrade your libmusicbrainz packages.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:

    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/libmusicbrainz-2.0_2.0.2-10sarge1.diff.gz

      Size/MD5 checksum: 168247
b58a52a9461807e4b8ba7e999ab55bd0
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.1/libmusicbrainz-2.1_2.1.1-3sarge1.diff.gz

      Size/MD5 checksum: 4387
338be74d83828d003745167f65065080
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/libmusicbrainz-2.0_2.0.2.orig.tar.gz

      Size/MD5 checksum: 583123
28226090a5bf5bc844634e1d4faf6334
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.1/libmusicbrainz-2.1_2.1.1-3sarge1.dsc

      Size/MD5 checksum: 712
f40fe796858992908d8c9a2254111a22
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.1/libmusicbrainz-2.1_2.1.1.orig.tar.gz

      Size/MD5 checksum: 528162
4f753d93a85cf413e00f1394b8cbd269
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/libmusicbrainz-2.0_2.0.2-10sarge1.dsc

      Size/MD5 checksum: 805
29c7f0dc846b801f01f9bb3381ea1f34

Alpha architecture:

    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.2-musicbrainz_2.0.2-10sarge1_alpha.deb

      Size/MD5 checksum: 23984
a481e01bb30933b41410822356343e75
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.1/libmusicbrainz4-dev_2.1.1-3sarge1_alpha.deb

      Size/MD5 checksum: 155482
ae7526d2f724bfca20891fb2b08d05fe
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.3-musicbrainz_2.0.2-10sarge1_alpha.deb

      Size/MD5 checksum: 24016
544e21bdc17518f2c89c2dd8fcce8221
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/libmusicbrainz2_2.0.2-10sarge1_alpha.deb

      Size/MD5 checksum: 123686
d956c735abd512f17fd90f42a00858fa
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.1-musicbrainz_2.0.2-10sarge1_alpha.deb

      Size/MD5 checksum: 23848
cc3cc2e376cb46a4f056b9640b3a53b8
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.1/libmusicbrainz4_2.1.1-3sarge1_alpha.deb

      Size/MD5 checksum: 89370
db2ca98dcaf749c3515a0e9f31ead00d
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/libmusicbrainz2-dev_2.0.2-10sarge1_alpha.deb

      Size/MD5 checksum: 207602
4dd8aa2842f090985611f17994da75ac
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python-musicbrainz_2.0.2-10sarge1_alpha.deb

      Size/MD5 checksum: 4780
c88c851864d979d29d21de148b28d136

AMD64 architecture:

    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/libmusicbrainz2-dev_2.0.2-10sarge1_amd64.deb

      Size/MD5 checksum: 151400
cf5f994d240d0ea005d702b79afa3c2a
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.1/libmusicbrainz4_2.1.1-3sarge1_amd64.deb

      Size/MD5 checksum: 80102
1a84d550a88cad4619a4c48b0a92a362
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.3-musicbrainz_2.0.2-10sarge1_amd64.deb

      Size/MD5 checksum: 23636
1bb091b8c621d83a85fe70de1d558001
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python-musicbrainz_2.0.2-10sarge1_amd64.deb

      Size/MD5 checksum: 4782
efb3896318b6b6c068a9cf70f5e70724
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.1/libmusicbrainz4-dev_2.1.1-3sarge1_amd64.deb

      Size/MD5 checksum: 115810
244b8b22dd20e28edd32f3eaa2bd58ac
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.1-musicbrainz_2.0.2-10sarge1_amd64.deb

      Size/MD5 checksum: 23466
6d369590afc821d0607ff5396607b466
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/libmusicbrainz2_2.0.2-10sarge1_amd64.deb

      Size/MD5 checksum: 106308
4dbd44c487688ea1c03801cc49b40815
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.2-musicbrainz_2.0.2-10sarge1_amd64.deb

      Size/MD5 checksum: 23562
843bb47d87c0b89f317a33f484ee4de6

ARM architecture:

    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/libmusicbrainz2-dev_2.0.2-10sarge1_arm.deb

      Size/MD5 checksum: 206234
d29878a4480951afc9b1b30afb080aeb
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.1/libmusicbrainz4-dev_2.1.1-3sarge1_arm.deb

      Size/MD5 checksum: 167104
cbb4571a6f07459e3bc688d47caf7751
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/libmusicbrainz2_2.0.2-10sarge1_arm.deb

      Size/MD5 checksum: 143252
9c67cb40525ed311d0afe0e886a4ba05
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.1-musicbrainz_2.0.2-10sarge1_arm.deb

      Size/MD5 checksum: 21656
9f307679152e3881f743a8063ae71ef5
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.3-musicbrainz_2.0.2-10sarge1_arm.deb

      Size/MD5 checksum: 21878
eef87ba7200b1c2762543520503d946b
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python-musicbrainz_2.0.2-10sarge1_arm.deb

      Size/MD5 checksum: 4786
e6812e039a5c1fe068ab1667103e578d
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.2-musicbrainz_2.0.2-10sarge1_arm.deb

      Size/MD5 checksum: 21828
a93e031bbb43d22fe9520826c52e79cd
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.1/libmusicbrainz4_2.1.1-3sarge1_arm.deb

      Size/MD5 checksum: 117074
8ba47b507544adf542bc964699b80ac7

HP Precision architecture:

    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/libmusicbrainz2-dev_2.0.2-10sarge1_hppa.deb

      Size/MD5 checksum: 185786
8b7d9be721d6aab63b6a04510db7ae9c
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.1/libmusicbrainz4-dev_2.1.1-3sarge1_hppa.deb

      Size/MD5 checksum: 145430
ef9b9a6ad00a645818b18cfc56255c97
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.2-musicbrainz_2.0.2-10sarge1_hppa.deb

      Size/MD5 checksum: 24130
e192789d6f4dc9f4ae1810b5519d3ddc
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.1-musicbrainz_2.0.2-10sarge1_hppa.deb

      Size/MD5 checksum: 23814
835166d7569138fce8029f027c14780a
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python-musicbrainz_2.0.2-10sarge1_hppa.deb

      Size/MD5 checksum: 4780
c7a6a516dd37476733490f0e83d0dfad
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.1/libmusicbrainz4_2.1.1-3sarge1_hppa.deb

      Size/MD5 checksum: 96334
52d069c4fce32bc725bc9a77f545c04e
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/libmusicbrainz2_2.0.2-10sarge1_hppa.deb

      Size/MD5 checksum: 126478
8e8257076ce5542ac8cdb06553be2819
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.3-musicbrainz_2.0.2-10sarge1_hppa.deb

      Size/MD5 checksum: 24182
b0fe8cbd9f7853d7a8d861186424c52d

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.1/libmusicbrainz4_2.1.1-3sarge1_i386.deb

      Size/MD5 checksum: 82838
0ab8cceddfe08df07b305f25dbb6884f
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python-musicbrainz_2.0.2-10sarge1_i386.deb

      Size/MD5 checksum: 4778
c68ec4e6dac4a786ba086e189ee2ebe2
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.1-musicbrainz_2.0.2-10sarge1_i386.deb

      Size/MD5 checksum: 22090
2ebda2a4fa8b31c8d2d8b13ccecfe41f
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.3-musicbrainz_2.0.2-10sarge1_i386.deb

      Size/MD5 checksum: 22476
85d4989ce872a843aec0e63009ddb6d1
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.2-musicbrainz_2.0.2-10sarge1_i386.deb

      Size/MD5 checksum: 22400
049309ce3c10a1a8890cfec22ee385c8
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.1/libmusicbrainz4-dev_2.1.1-3sarge1_i386.deb

      Size/MD5 checksum: 111352
3b764c48ee0e35030e6d519a3a426294
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/libmusicbrainz2_2.0.2-10sarge1_i386.deb

      Size/MD5 checksum: 108792
2202e5a768805e93ed8f28880fb1060e
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/libmusicbrainz2-dev_2.0.2-10sarge1_i386.deb

      Size/MD5 checksum: 146590
91a4e9693e61bedf0f9904050bfda0dd

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/libmusicbrainz2-dev_2.0.2-10sarge1_ia64.deb

      Size/MD5 checksum: 196746
0736d510a0fb990f87263bc57ec6e29f
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.1-musicbrainz_2.0.2-10sarge1_ia64.deb

      Size/MD5 checksum: 25542
b432ae1737bfa32f1f19829549000bd0
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.2-musicbrainz_2.0.2-10sarge1_ia64.deb

      Size/MD5 checksum: 25926
b5329eeaa64f90664c11f9019d3a9dfd
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python-musicbrainz_2.0.2-10sarge1_ia64.deb

      Size/MD5 checksum: 4780
4e7d520ff8dc142f072431488031fba6
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.1/libmusicbrainz4-dev_2.1.1-3sarge1_ia64.deb

      Size/MD5 checksum: 153128
44fde13a03c7a40f436d23210bc619ca
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.3-musicbrainz_2.0.2-10sarge1_ia64.deb

      Size/MD5 checksum: 26000
a2d52c02437728546fd1ee513b6a56f6
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/libmusicbrainz2_2.0.2-10sarge1_ia64.deb

      Size/MD5 checksum: 138706
7bcff831394f249c612456972d8480ff
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.1/libmusicbrainz4_2.1.1-3sarge1_ia64.deb

      Size/MD5 checksum: 106676
a8abfd0252a5ed0929f6e49957b7af29

Motorola 680×0 architecture:

    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.3-musicbrainz_2.0.2-10sarge1_m68k.deb

      Size/MD5 checksum: 22474
3619fe2cc6be1748c971d03af5111a2c
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/libmusicbrainz2_2.0.2-10sarge1_m68k.deb

      Size/MD5 checksum: 103836
e48278f3c45d64a3ade08be60807dbb1
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.1-musicbrainz_2.0.2-10sarge1_m68k.deb

      Size/MD5 checksum: 22290
1057a07210dec68fb27ad85556011cfc
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/libmusicbrainz2-dev_2.0.2-10sarge1_m68k.deb

      Size/MD5 checksum: 139162
5587a86130a1e805828d8a99a047712b
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.2-musicbrainz_2.0.2-10sarge1_m68k.deb

      Size/MD5 checksum: 22396
ef41c72e17c23c1c410dee8072b41e4b
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.1/libmusicbrainz4-dev_2.1.1-3sarge1_m68k.deb

      Size/MD5 checksum: 105084
9b339ee1c1201014c80bc0511b586f52
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python-musicbrainz_2.0.2-10sarge1_m68k.deb

      Size/MD5 checksum: 4792
9dd1fe5df6705b9fad2de29a682c72d9
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.1/libmusicbrainz4_2.1.1-3sarge1_m68k.deb

      Size/MD5 checksum: 78370
77f78f1094288437ec9a6a1850b0865d

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/libmusicbrainz2-dev_2.0.2-10sarge1_mips.deb

      Size/MD5 checksum: 165728
a3eccff7424e136504e52c5a08485d0e
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.3-musicbrainz_2.0.2-10sarge1_mips.deb

      Size/MD5 checksum: 22204
3ed2a59ae9038650ad2a7e3a0791e6fd
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.1-musicbrainz_2.0.2-10sarge1_mips.deb

      Size/MD5 checksum: 21978
68434c7188f959e1ddc06a57ec93f4dc
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.1/libmusicbrainz4-dev_2.1.1-3sarge1_mips.deb

      Size/MD5 checksum: 126602
92f3b8127435356cee92d64f3e82330d
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.1/libmusicbrainz4_2.1.1-3sarge1_mips.deb

      Size/MD5 checksum: 79366
022143635f404d04d252bd576344320f
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/libmusicbrainz2_2.0.2-10sarge1_mips.deb

      Size/MD5 checksum: 105770
b73703386d3abc7e608b950bdd0de46c
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.2-musicbrainz_2.0.2-10sarge1_mips.deb

      Size/MD5 checksum: 22164
69e8fae93084d2d07659197112a7e9ab
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python-musicbrainz_2.0.2-10sarge1_mips.deb

      Size/MD5 checksum: 4784
87afa4bfc539ff744db5b1be52994658

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.1/libmusicbrainz4-dev_2.1.1-3sarge1_mipsel.deb

      Size/MD5 checksum: 126836
ba1612416f648e552f53f3391115a347
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.1-musicbrainz_2.0.2-10sarge1_mipsel.deb

      Size/MD5 checksum: 21900
97e3aacc4183b0dc943fb05f96508721
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python-musicbrainz_2.0.2-10sarge1_mipsel.deb

      Size/MD5 checksum: 4786
8c887b8e66f5c3c5a4f2a5dff72c0261
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/libmusicbrainz2-dev_2.0.2-10sarge1_mipsel.deb

      Size/MD5 checksum: 165786
840d773c5997ecf01a9eb2c49f8dd67c
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.1/libmusicbrainz4_2.1.1-3sarge1_mipsel.deb

      Size/MD5 checksum: 79124
e8c08f9b603230a6cfcc078b3586e757
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.2-musicbrainz_2.0.2-10sarge1_mipsel.deb

      Size/MD5 checksum: 22052
ebe792748a6b7b440fc6dccc76ed2548
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/libmusicbrainz2_2.0.2-10sarge1_mipsel.deb

      Size/MD5 checksum: 105484
817450bc2a7cafc4d3f3bd65037a80ee
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.3-musicbrainz_2.0.2-10sarge1_mipsel.deb

      Size/MD5 checksum: 22102
b9eaf668f80bd9d7ba68c52a51f83b4c

PowerPC architecture:

    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.1/libmusicbrainz4_2.1.1-3sarge1_powerpc.deb

      Size/MD5 checksum: 82128
41bef977185e04ea3b747b10d4add31b
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python-musicbrainz_2.0.2-10sarge1_powerpc.deb

      Size/MD5 checksum: 4788
21157ec4a7697b0538857380c40d98c6
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.1/libmusicbrainz4-dev_2.1.1-3sarge1_powerpc.deb

      Size/MD5 checksum: 119702
37be829852eb8088dc5735dce558960d
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/libmusicbrainz2-dev_2.0.2-10sarge1_powerpc.deb

      Size/MD5 checksum: 157740
afc6f2cb4c3ba629cd8657c84e350bb6
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.2-musicbrainz_2.0.2-10sarge1_powerpc.deb

      Size/MD5 checksum: 24014
3297d2fa6ce1910aaab27e3e6334dda0
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.1-musicbrainz_2.0.2-10sarge1_powerpc.deb

      Size/MD5 checksum: 23736
e1915e5a128dff5983ce32cea29d83e4
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/libmusicbrainz2_2.0.2-10sarge1_powerpc.deb

      Size/MD5 checksum: 109158
21b1de237831f5607d053dd260b97891
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.3-musicbrainz_2.0.2-10sarge1_powerpc.deb

      Size/MD5 checksum: 24046
0fe9c3e3b1a6f87285ae82216ffeffb5

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.1/libmusicbrainz4-dev_2.1.1-3sarge1_s390.deb

      Size/MD5 checksum: 109362
ffe626e5868d43716e48cf1b9e89a06e
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.2-musicbrainz_2.0.2-10sarge1_s390.deb

      Size/MD5 checksum: 24412
354313e4f6bcd7e7c08dc4cde1034971
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.1-musicbrainz_2.0.2-10sarge1_s390.deb

      Size/MD5 checksum: 23716
553643dcd160631b8051bc4b4d156039
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.3-musicbrainz_2.0.2-10sarge1_s390.deb

      Size/MD5 checksum: 24488
2d583f716f05b48b86e3cb50cd1f2c48
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python-musicbrainz_2.0.2-10sarge1_s390.deb

      Size/MD5 checksum: 4784
bc5fa6405b07892b6cffc60f8640d989
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/libmusicbrainz2_2.0.2-10sarge1_s390.deb

      Size/MD5 checksum: 107408
1c6b39d3827e33c4af1c1ea4e98ccfad
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/libmusicbrainz2-dev_2.0.2-10sarge1_s390.deb

      Size/MD5 checksum: 148338
026e28589d14d5632d656f87963517e3
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.1/libmusicbrainz4_2.1.1-3sarge1_s390.deb

      Size/MD5 checksum: 78782
5cf9096bc6ecac246a848494762242f6

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python-musicbrainz_2.0.2-10sarge1_sparc.deb

      Size/MD5 checksum: 4784
d087972529c2710cdb312fee1022bf9c
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.3-musicbrainz_2.0.2-10sarge1_sparc.deb

      Size/MD5 checksum: 22286
b35b316fca2f4be097dc174d77507084
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.1/libmusicbrainz4-dev_2.1.1-3sarge1_sparc.deb

      Size/MD5 checksum: 113740
4875e3ce5c7c679254631ede45933e40
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/libmusicbrainz2-dev_2.0.2-10sarge1_sparc.deb

      Size/MD5 checksum: 149180
df2b44489b12f10880a4cce44620bdb6
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/libmusicbrainz2_2.0.2-10sarge1_sparc.deb

      Size/MD5 checksum: 104456
8a2b1a972123dd0ff2007a98245e2013
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.1/libmusicbrainz4_2.1.1-3sarge1_sparc.deb

      Size/MD5 checksum: 78344
95c19c8cf73ed6f1d2f64c34b21f941c
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.1-musicbrainz_2.0.2-10sarge1_sparc.deb

      Size/MD5 checksum: 21924
4bb94577d1558f70bc69d689e12524f6
    http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.2-musicbrainz_2.0.2-10sarge1_sparc.deb

      Size/MD5 checksum: 22250
f658a05b1e4ba44e22a377dad6f452ee

These files will probably be moved into the stable distribution
on its next update.

Debian Security Advisory DSA 1163-1 security@debian.org
http://www.debian.org/security/
Martin Schulze
August 30th, 2006 http://www.debian.org/security/faq

Package : gtetrinet
Vulnerability : programming error
Problem type : remote
Debian-specific: no
CVE ID : CVE-2006-3125

Michael Gehring discovered several potential out-of-bounds index
accesses in gtetrinet, a multiplayer Tetris-like game, which may
allow a remove server to execute arbitrary code.

For the stable distribution (sarge) these problems have been
fixed in version 0.7.8-1sarge2.

For the unstable distribution (sid) these problems will be fixed
soon.

We recommend that you upgrade your gtetrinet package.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:

    http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7.8-1sarge2.dsc

      Size/MD5 checksum: 1458
f0e79e08b32da17b7fec81953058bfd6
    http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7.8-1sarge2.diff.gz

      Size/MD5 checksum: 6536
8e5ec47971abaefe25c81eddbd08df03
    http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7.8.orig.tar.gz

      Size/MD5 checksum: 513790
bff5b52ead863ac2ac859880abbab2c4

Alpha architecture:

    http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7.8-1sarge2_alpha.deb

      Size/MD5 checksum: 305500
ada4429dedbe5c2a6481e2a0a7c2b8aa

AMD64 architecture:

    http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7.8-1sarge2_amd64.deb

      Size/MD5 checksum: 295034
657a0a323a479444ed04becdd494726d

ARM architecture:

    http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7.8-1sarge2_arm.deb

      Size/MD5 checksum: 289166
7fceb7b8fd84d2e4e4792222e1ea74bf

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7.8-1sarge2_i386.deb

      Size/MD5 checksum: 291430
8e395773c184dfdb379342fc3805e9ce

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7.8-1sarge2_ia64.deb

      Size/MD5 checksum: 316198
76659d5ee5072dfb30c58d9967239936

HP Precision architecture:

    http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7.8-1sarge2_hppa.deb

      Size/MD5 checksum: 297686
c55008b4d7d679311a41a331cd3fc437

Motorola 680×0 architecture:

    http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7.8-1sarge2_m68k.deb

      Size/MD5 checksum: 284212
9b70187f40dac186929be12f38c900dc

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7.8-1sarge2_mips.deb

      Size/MD5 checksum: 291736
9a30091ac2ab35a65bb4f0689dca0705

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7.8-1sarge2_mipsel.deb

      Size/MD5 checksum: 290484
1fc68ebb2e3ea41326500e6394c41a6e

PowerPC architecture:

    http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7.8-1sarge2_powerpc.deb

      Size/MD5 checksum: 293458
8b005ce2049acc89205c9aa74dd3fc4f

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7.8-1sarge2_s390.deb

      Size/MD5 checksum: 295194
2fc0597edcad6cc1af5d7b08c734ae08

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7.8-1sarge2_sparc.deb

      Size/MD5 checksum: 289322
e944d44ed1aa2e9ae32d9d8571affd33

These files will probably be moved into the stable distribution
on its next update.

For apt-get: deb http://security.debian.org/
stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org

Package info: `apt-cache show <pkg>’ and http://packages.debian.org/<pkg>

Mandriva Linux

Mandriva Linux Security Advisory MDKSA-2006:156
http://www.mandriva.com/security/

Package : sendmail
Date : August 30, 2006
Affected: 2006.0, Corporate 3.0, Multi Network Firewall 2.0

Problem Description:

Moritz Jodeit discovered a vulnerability in sendmail when
processing very long header lines that could be exploited to cause
a Denial of Service by crashing sendmail.

The updated packages have been patched to correct this
issue.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4434

Updated Packages:

Mandriva Linux 2006.0:
a870f27eea807314c3688258eed755a5
2006.0/RPMS/sendmail-8.13.4-6.3.20060mdk.i586.rpm
35666ba77272168154638784d3126e8a
2006.0/RPMS/sendmail-cf-8.13.4-6.3.20060mdk.i586.rpm
e68900de30eb26c1ad6023b6f25feda4
2006.0/RPMS/sendmail-devel-8.13.4-6.3.20060mdk.i586.rpm
adbdad6844cc56e002e300703dfa800f
2006.0/RPMS/sendmail-doc-8.13.4-6.3.20060mdk.i586.rpm
8db59bc684bf7ee7b50f8d9025aa2f99
2006.0/SRPMS/sendmail-8.13.4-6.3.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
1c23ae6dc8b9aad58efa1f45082bd594
x86_64/2006.0/RPMS/sendmail-8.13.4-6.3.20060mdk.x86_64.rpm
4a4d76c56fb75c24994b0e7759033462
x86_64/2006.0/RPMS/sendmail-cf-8.13.4-6.3.20060mdk.x86_64.rpm
15316c4ecd26d10f840a0e2e9cff0164
x86_64/2006.0/RPMS/sendmail-devel-8.13.4-6.3.20060mdk.x86_64.rpm

31db86ce194192d535a6adbb60f86691
x86_64/2006.0/RPMS/sendmail-doc-8.13.4-6.3.20060mdk.x86_64.rpm
8db59bc684bf7ee7b50f8d9025aa2f99
x86_64/2006.0/SRPMS/sendmail-8.13.4-6.3.20060mdk.src.rpm

Corporate 3.0:
421f3b45e01bbb9ea6dd907a60eafd21
corporate/3.0/RPMS/sendmail-8.12.11-1.3.C30mdk.i586.rpm
363fe7e5f501e3c638f893e3bb805889
corporate/3.0/RPMS/sendmail-cf-8.12.11-1.3.C30mdk.i586.rpm
efdfae3157d77708d2fdec4fdcbd2362
corporate/3.0/RPMS/sendmail-devel-8.12.11-1.3.C30mdk.i586.rpm
05d8e255ebe10729361bde038ab999ec
corporate/3.0/RPMS/sendmail-doc-8.12.11-1.3.C30mdk.i586.rpm
bc7577c81a324fb8c2cb4392f9039372
corporate/3.0/SRPMS/sendmail-8.12.11-1.3.C30mdk.src.rpm

Corporate 3.0/X86_64:
65d846ef86d0df8d32316c79a2b9a326
x86_64/corporate/3.0/RPMS/sendmail-8.12.11-1.3.C30mdk.x86_64.rpm

457e8e7d69b48bbeff20a54c3f01ef4d
x86_64/corporate/3.0/RPMS/sendmail-cf-8.12.11-1.3.C30mdk.x86_64.rpm

34e7e51ef099d09b4781d79b3e05be42
x86_64/corporate/3.0/RPMS/sendmail-devel-8.12.11-1.3.C30mdk.x86_64.rpm

31d545ea1139af2b397a5e65d1b6c961
x86_64/corporate/3.0/RPMS/sendmail-doc-8.12.11-1.3.C30mdk.x86_64.rpm

bc7577c81a324fb8c2cb4392f9039372
x86_64/corporate/3.0/SRPMS/sendmail-8.12.11-1.3.C30mdk.src.rpm

Multi Network Firewall 2.0:
d4f9409b6f07b43d8d28340553a42aac
mnf/2.0/RPMS/sendmail-8.12.11-1.3.M20mdk.i586.rpm
f50c4ea50ac1f24431c7a693cc665e72
mnf/2.0/RPMS/sendmail-cf-8.12.11-1.3.M20mdk.i586.rpm
7b141d0baf6d3c42bc88bf9aec6c3c93
mnf/2.0/SRPMS/sendmail-8.12.11-1.3.M20mdk.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.

All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing:

gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>

Mandriva Linux Security Advisory MDKSA-2006:157
http://www.mandriva.com/security/

Package : musicbrainz
Date : August 30, 2006
Affected: 2006.0

Problem Description:

Multiple buffer overflows in libmusicbrainz (aka mb_client or
MusicBrainz Client Library) 2.1.2 and earlier, and SVN 8406 and
earlier, allow remote attackers to cause a denial of service
(crash) or execute arbitrary code via (1) a long Location header by
the HTTP server, which triggers an overflow in the MBHttp::Download
function in lib/http.cpp; and (2) a long URL in RDF data, as
demonstrated by a URL in an rdf:resource field in an RDF XML
document, which triggers overflows in many functions in
lib/rdfparse.c.

The updated packages have been patched to correct this
issue.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4197

Updated Packages:

Mandriva Linux 2006.0:
7f958824f626937333164370204436a4
2006.0/RPMS/libmusicbrainz4-2.1.1-3.2.20060mdk.i586.rpm
2e46ed494e52fb2ef47274ffd8f89e9b
2006.0/RPMS/libmusicbrainz4-devel-2.1.1-3.2.20060mdk.i586.rpm
ed0c309b2d648ea55cadec0383ede538
2006.0/SRPMS/musicbrainz-2.1.1-3.2.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
85270a120b6da2fdfe9e72e09394a479
x86_64/2006.0/RPMS/lib64musicbrainz4-2.1.1-3.2.20060mdk.x86_64.rpm

6555da767d22f9f65ee5726f458e001a
x86_64/2006.0/RPMS/lib64musicbrainz4-devel-2.1.1-3.2.20060mdk.x86_64.rpm

ed0c309b2d648ea55cadec0383ede538
x86_64/2006.0/SRPMS/musicbrainz-2.1.1-3.2.20060mdk.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.

All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing:

gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis

Must Read

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Our Brands

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.