Package name
Advisory ID
Affected versions
2006.0 i586 , 2006.0 x86_64

Problem description

Multiple buffer overflows in libmusicbrainz (aka mb_client or
MusicBrainz Client Library) 2.1.2 and earlier, and SVN 8406 and
earlier, allow remote attackers to cause a denial of service (crash)
or execute arbitrary code via (1) a long Location header by the HTTP
server, which triggers an overflow in the MBHttp::Download function in
lib/http.cpp; and (2) a long URL in RDF data, as demonstrated by a URL
in an rdf:resource field in an RDF XML document, which triggers
overflows in many functions in lib/rdfparse.c.

The updated packages have been patched to correct this issue.

Updated packages

2006.0 i586

 7f958824f626937333164370204436a4  2006.0/RPMS/libmusicbrainz4-2.1.1-3.2.20060mdk.i586.rpm
 2e46ed494e52fb2ef47274ffd8f89e9b  2006.0/RPMS/libmusicbrainz4-devel-2.1.1-3.2.20060mdk.i586.rpm
 ed0c309b2d648ea55cadec0383ede538  2006.0/SRPMS/musicbrainz-2.1.1-3.2.20060mdk.src.rpm

2006.0 x86_64

 85270a120b6da2fdfe9e72e09394a479  x86_64/2006.0/RPMS/lib64musicbrainz4-2.1.1-3.2.20060mdk.x86_64.rpm
 6555da767d22f9f65ee5726f458e001a  x86_64/2006.0/RPMS/lib64musicbrainz4-devel-2.1.1-3.2.20060mdk.x86_64.rpm
 ed0c309b2d648ea55cadec0383ede538  x86_64/2006.0/SRPMS/musicbrainz-2.1.1-3.2.20060mdk.src.rpm