|
|
| Problem Description |
Kevin Kofler discovered multiple stack-based buffer overflows in the
LookupTRM::lookup function in libtunepimp 0.4.2 that allow remote
user-complicit attackers to cause a denial of service (application crash)
and possibly execute code via a long (1) Album release date
(MBE_ReleaseGetDate), (2) data, or (3) error strings.
Updated packages have been patched to correct this issue.
| Updated Packages |
Mandriva Linux 2006
fdb516cf3dea20bf1d88fdbfd14c6d5c 2006.0/RPMS/libtunepimp2-0.3.0-3.2.20060mdk.i586.rpm 5e10b7d6d6455c3b7be8a8cc21957f04 2006.0/RPMS/libtunepimp2-devel-0.3.0-3.2.20060mdk.i586.rpm 3eb6321a88393a9614346a7104eba2b5 2006.0/RPMS/libtunepimp2-static-devel-0.3.0-3.2.20060mdk.i586.rpm 5dbdeb4ee582712d8fc368d37b6a0174 2006.0/RPMS/libtunepimp2-utils-0.3.0-3.2.20060mdk.i586.rpm 05b7eb248b94c2782ae877304bdc09d2 2006.0/SRPMS/libtunepimp-0.3.0-3.2.20060mdk.src.rpm
Mandriva Linux 2006/X86_64
bce87a055a585ea8591cfefe5da6c6cb x86_64/2006.0/RPMS/lib64tunepimp2-0.3.0-3.2.20060mdk.x86_64.rpm 20a641a6086e7a752b4f52be49dc743a x86_64/2006.0/RPMS/lib64tunepimp2-devel-0.3.0-3.2.20060mdk.x86_64.rpm 14cb96ff49c1607c6ddc58c097bce42f x86_64/2006.0/RPMS/lib64tunepimp2-static-devel-0.3.0-3.2.20060mdk.x86_64.rpm b8910c32850f889d310cc66d7c03f99e x86_64/2006.0/RPMS/lib64tunepimp2-utils-0.3.0-3.2.20060mdk.x86_64.rpm 05b7eb248b94c2782ae877304bdc09d2 x86_64/2006.0/SRPMS/libtunepimp-0.3.0-3.2.20060mdk.src.rpm
| References |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3600
| Upgrade |
To upgrade automatically, use MandrivaUpdate.
| Verification |
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.
If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.