Paketname
libtunepimp
Datum
2006-07-18
Advisory ID
MDKSA-2006:126
Betroffene Versionen
2006.0 i586 , 2006.0 x86_64

Problembeschreibung

Kevin Kofler discovered multiple stack-based buffer overflows in the
LookupTRM::lookup function in libtunepimp 0.4.2 that allow remote
user-complicit attackers to cause a denial of service (application crash)
and possibly execute code via a long (1) Album release date
(MBE_ReleaseGetDate), (2) data, or (3) error strings.

Updated packages have been patched to correct this issue.

Aktualisierte Pakete

2006.0 i586

 fdb516cf3dea20bf1d88fdbfd14c6d5c  2006.0/RPMS/libtunepimp2-0.3.0-3.2.20060mdk.i586.rpm
 5e10b7d6d6455c3b7be8a8cc21957f04  2006.0/RPMS/libtunepimp2-devel-0.3.0-3.2.20060mdk.i586.rpm
 3eb6321a88393a9614346a7104eba2b5  2006.0/RPMS/libtunepimp2-static-devel-0.3.0-3.2.20060mdk.i586.rpm
 5dbdeb4ee582712d8fc368d37b6a0174  2006.0/RPMS/libtunepimp2-utils-0.3.0-3.2.20060mdk.i586.rpm
 05b7eb248b94c2782ae877304bdc09d2  2006.0/SRPMS/libtunepimp-0.3.0-3.2.20060mdk.src.rpm

2006.0 x86_64

 bce87a055a585ea8591cfefe5da6c6cb  x86_64/2006.0/RPMS/lib64tunepimp2-0.3.0-3.2.20060mdk.x86_64.rpm
 20a641a6086e7a752b4f52be49dc743a  x86_64/2006.0/RPMS/lib64tunepimp2-devel-0.3.0-3.2.20060mdk.x86_64.rpm
 14cb96ff49c1607c6ddc58c097bce42f  x86_64/2006.0/RPMS/lib64tunepimp2-static-devel-0.3.0-3.2.20060mdk.x86_64.rpm
 b8910c32850f889d310cc66d7c03f99e  x86_64/2006.0/RPMS/lib64tunepimp2-utils-0.3.0-3.2.20060mdk.x86_64.rpm
 05b7eb248b94c2782ae877304bdc09d2  x86_64/2006.0/SRPMS/libtunepimp-0.3.0-3.2.20060mdk.src.rpm

Referenzen