Package name
grip
Date
2005-04-01
Advisory ID
MDKSA-2005:066
Affected versions
10.0 amd64 , 10.1 i586 , 10.0 i586 , CS3.0 x86_64 , CS3.0 i586 , 10.1 x86_64

Problem description

A buffer overflow bug was found by Joseph VanAndel in the way that grip handles data returned by CDDB servers. If a user connected to a malicious CDDB server, an attacker could execute arbitrary code on the user's machine. The updated packages have been patched to correct these issues.

Updated packages

10.0 amd64

 dee617d6a08a063365e2e3486e534ded  amd64/10.0/RPMS/grip-3.1.4-1.1.100mdk.amd64.rpm
b37da3355866e7bcd6dcc99b46b08085  amd64/10.0/SRPMS/grip-3.1.4-1.1.100mdk.src.rpm

10.1 i586

 53c482bf56570e86946894e50193a869  10.1/RPMS/grip-3.2.0-3.1.101mdk.i586.rpm
051f5840fbc226370bdc6933bdc7de23  10.1/SRPMS/grip-3.2.0-3.1.101mdk.src.rpm

10.0 i586

 125e28ae9091cfa5852f89a025a9a886  10.0/RPMS/grip-3.1.4-1.1.100mdk.i586.rpm
b37da3355866e7bcd6dcc99b46b08085  10.0/SRPMS/grip-3.1.4-1.1.100mdk.src.rpm

CS3.0 x86_64

 bfc65d100286a4fed5c69a5ba2776b95  x86_64/corporate/3.0/RPMS/grip-3.1.4-1.1.C30mdk.x86_64.rpm
cc1f10dd7b4f31e1091cfce12602baa8  x86_64/corporate/3.0/SRPMS/grip-3.1.4-1.1.C30mdk.src.rpm

CS3.0 i586

 d98c1c3843113b7870da3a78bb13085b  corporate/3.0/RPMS/grip-3.1.4-1.1.C30mdk.i586.rpm
cc1f10dd7b4f31e1091cfce12602baa8  corporate/3.0/SRPMS/grip-3.1.4-1.1.C30mdk.src.rpm

10.1 x86_64

 58ca3a87c97206fe8d0567e3e4660e07  x86_64/10.1/RPMS/grip-3.2.0-3.1.101mdk.x86_64.rpm
051f5840fbc226370bdc6933bdc7de23  x86_64/10.1/SRPMS/grip-3.2.0-3.1.101mdk.src.rpm

References