Paketname
musicbrainz
Datum
2006-09-28
Advisory ID
MDKSA-2006:157-1
Betroffene Versionen
2007.0 x86_64 , 2007.0 i586

Problembeschreibung

Multiple buffer overflows in libmusicbrainz (aka mb_client or
MusicBrainz Client Library) 2.1.2 and earlier, and SVN 8406 and
earlier, allow remote attackers to cause a denial of service (crash) or
execute arbitrary code via (1) a long Location header by the HTTP
server, which triggers an overflow in the MBHttp::Download function in
lib/http.cpp; and (2) a long URL in RDF data, as demonstrated by a URL
in an rdf:resource field in an RDF XML document, which triggers
overflows in many functions in lib/rdfparse.c.

The updated packages have been patched to correct this issue.

Update:

Packages are now available for Mandriva Linux 2007.

Aktualisierte Pakete

2007.0 x86_64

 db2a146cdfe148918466821ebf4b91df  2007.0/x86_64/lib64musicbrainz4-2.1.3-1.1mdv2007.0.x86_64.rpm
 e0fc3bd55e63e77ead8c163aa3c8ca50  2007.0/x86_64/lib64musicbrainz4-devel-2.1.3-1.1mdv2007.0.x86_64.rpm
 e85b97f1b561d7699cf918e005b0f7a0  2007.0/x86_64/python-musicbrainz-2.1.3-1.1mdv2007.0.x86_64.rpm 
 afa5cb48e3700cade99e436ed34c0949  2007.0/SRPMS/musicbrainz-2.1.3-1.1mdv2007.0.src.rpm

2007.0 i586

 73a88b181ad4f3f3dbfc68c2b66b3ed8  2007.0/i586/libmusicbrainz4-2.1.3-1.1mdv2007.0.i586.rpm
 3cba7290aac1c3f04f0e77e96f791a1f  2007.0/i586/libmusicbrainz4-devel-2.1.3-1.1mdv2007.0.i586.rpm
 4ec74f67c8d272f163c7f1be738a7da7  2007.0/i586/python-musicbrainz-2.1.3-1.1mdv2007.0.i586.rpm 
 afa5cb48e3700cade99e436ed34c0949  2007.0/SRPMS/musicbrainz-2.1.3-1.1mdv2007.0.src.rpm

Referenzen