Debian: New abcmidi packages fix arbitrary code execution

    Date25 Apr 2006
    CategoryDebian
    4890
    Posted ByLinuxSecurity Advisories
    Updated package.
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 1043-1                    This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                             Martin Schulze
    April 26th, 2006                        http://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : abcmidi
    Vulnerability  : buffer overflows
    Problem type   : local (remote)
    Debian-specific: no
    CVE ID         : CVE-2006-1514
    
    Erik Sj�lund discovered that abcmidi-yaps, a translator for ABC music
    description files into PostScript, does not check the boundaries when
    reading in ABC music files resulting in buffer overflows.
    
    For the old stable distribution (woody) these problems have been fixed in
    version 17-1woody1.
    
    For the stable distribution (sarge) these problems have been fixed in
    version 20050101-1sarge1.
    
    For the unstable distribution (sid) these problems will be fixed soon.
    
    We recommend that you upgrade your abcmidi-yaps package.
    
    
    Upgrade Instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 3.0 alias woody
    - --------------------------------
    
      Source archives:
    
        http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi_17-1woody1.dsc
          Size/MD5 checksum:      583 107476dd4ad487defacfbfd8c3a96afa
        http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi_17-1woody1.diff.gz
          Size/MD5 checksum:    16851 4ae528112f985ec0ba35550020beda18
        http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi_17.orig.tar.gz
          Size/MD5 checksum:   163596 4f068a14669ad8933666224418390464
    
      Alpha architecture:
    
        http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi_17-1woody1_alpha.deb
          Size/MD5 checksum:   128232 c24867068caacbf84a41b2a9e7fa3c90
        http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi-yaps_17-1woody1_alpha.deb
          Size/MD5 checksum:    75578 7409e8157cbde2b3c5ee992c63484ba2
    
      ARM architecture:
    
        http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi_17-1woody1_arm.deb
          Size/MD5 checksum:   101420 89bba26fa994a03b82673a37b2934691
        http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi-yaps_17-1woody1_arm.deb
          Size/MD5 checksum:    66524 3d4f68d5cb0c8fe8e0abd5598d2fab8b
    
      Intel IA-32 architecture:
    
        http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi_17-1woody1_i386.deb
          Size/MD5 checksum:    96428 17ccb81420aa822130bfefe3a269b011
        http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi-yaps_17-1woody1_i386.deb
          Size/MD5 checksum:    62860 d556997bb5b1ade9384a5067c27901af
    
      Intel IA-64 architecture:
    
        http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi_17-1woody1_ia64.deb
          Size/MD5 checksum:   156714 e494b5d790b98be710e5e0881421d0fb
        http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi-yaps_17-1woody1_ia64.deb
          Size/MD5 checksum:    92746 d55a047620de10bdf6612831724078e7
    
      HP Precision architecture:
    
        http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi_17-1woody1_hppa.deb
          Size/MD5 checksum:   122528 513dcb5d2b61fc6a86bab96f3aa86e93
        http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi-yaps_17-1woody1_hppa.deb
          Size/MD5 checksum:    78878 bf7ed13fb36210aefd1ed9a928980bd2
    
      Motorola 680x0 architecture:
    
        http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi_17-1woody1_m68k.deb
          Size/MD5 checksum:    92238 9c92fdcf7c16be04108a331d13483a00
        http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi-yaps_17-1woody1_m68k.deb
          Size/MD5 checksum:    57360 d8bc9d12f57494c52af4cf15b2b07c85
    
      Big endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi_17-1woody1_mips.deb
          Size/MD5 checksum:   125182 8cca3436e0aad25567e991e6a93d760f
        http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi-yaps_17-1woody1_mips.deb
          Size/MD5 checksum:    71884 432c145bdb62f4cf743aa4124b4d89d4
    
      Little endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi_17-1woody1_mipsel.deb
          Size/MD5 checksum:   124430 08213671a9ddaebe7fa858713fb3eb7f
        http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi-yaps_17-1woody1_mipsel.deb
          Size/MD5 checksum:    71998 fe477ac117017a3d1bfd743f09d8095a
    
      PowerPC architecture:
    
        http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi_17-1woody1_powerpc.deb
          Size/MD5 checksum:   109436 30b7d3963c8fa8533886f121c3ed9692
        http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi-yaps_17-1woody1_powerpc.deb
          Size/MD5 checksum:    68702 20a761960d5961cd8ca3a55767a0d34b
    
      IBM S/390 architecture:
    
        http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi_17-1woody1_s390.deb
          Size/MD5 checksum:   106662 f4d266bbc0d4a2dc29b49e3e8a185985
        http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi-yaps_17-1woody1_s390.deb
          Size/MD5 checksum:    63428 27aa8cea376b93d31c6a54fe223ff1de
    
      Sun Sparc architecture:
    
        http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi_17-1woody1_sparc.deb
          Size/MD5 checksum:   116176 1109bc650b0f7acb938d7d6987e85249
        http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi-yaps_17-1woody1_sparc.deb
          Size/MD5 checksum:    69802 4df26235ffc4ee56ea8c5e86f5161f5b
    
    
    Debian GNU/Linux 3.1 alias sarge
    - --------------------------------
    
      Source archives:
    
        http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi_20050101-1sarge1.dsc
          Size/MD5 checksum:      600 74cac04e7657e9ccf68bd67bcf035480
        http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi_20050101-1sarge1.diff.gz
          Size/MD5 checksum:     4862 1af2c71fb21d7e0c3f2e60ab8b1d2fc7
        http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi_20050101.orig.tar.gz
          Size/MD5 checksum:   258937 fc1c31f21787e9af297bc6f4c6f6c4c9
    
      Alpha architecture:
    
        http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi_20050101-1sarge1_alpha.deb
          Size/MD5 checksum:   210498 8ccc1bb8c6fcc40d63d0192ddf0d859b
        http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi-yaps_20050101-1sarge1_alpha.deb
          Size/MD5 checksum:   120276 a6bb198acbdf3ca3f6d87ba265aa04e2
    
      AMD64 architecture:
    
        http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi_20050101-1sarge1_amd64.deb
          Size/MD5 checksum:   191240 c62ad4d06f2bb20c6dbbbd6304ec50d6
        http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi-yaps_20050101-1sarge1_amd64.deb
          Size/MD5 checksum:   112368 3758f99ae7b5f42c466c051639ad2da4
    
      ARM architecture:
    
        http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi_20050101-1sarge1_arm.deb
          Size/MD5 checksum:   175272 b6bbac5297bce450d9d425859a3225dc
        http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi-yaps_20050101-1sarge1_arm.deb
          Size/MD5 checksum:   108694 3784bb09cf9abbb5284b92fbae6a6a6b
    
      Intel IA-32 architecture:
    
        http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi_20050101-1sarge1_i386.deb
          Size/MD5 checksum:   173644 663f6cd1fec90675a43b3d4b1552116b
        http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi-yaps_20050101-1sarge1_i386.deb
          Size/MD5 checksum:   107938 41fb3cdba637d5a2a710ecb6672ed62b
    
      Intel IA-64 architecture:
    
        http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi_20050101-1sarge1_ia64.deb
          Size/MD5 checksum:   240806 72dd903dc8388fb40a561f6ecf6feb69
        http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi-yaps_20050101-1sarge1_ia64.deb
          Size/MD5 checksum:   140168 6553d95fdde031a11b7433296f24c39e
    
      HP Precision architecture:
    
        http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi_20050101-1sarge1_hppa.deb
          Size/MD5 checksum:   198396 5c68cf5d3810a82242a142d10b1fe890
        http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi-yaps_20050101-1sarge1_hppa.deb
          Size/MD5 checksum:   118444 305f9b82434fc6ce1e2ab0def0eb126a
    
      Motorola 680x0 architecture:
    
        http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi_20050101-1sarge1_m68k.deb
          Size/MD5 checksum:   159550 146f2de69b6490e777170dcffdd2dc6f
        http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi-yaps_20050101-1sarge1_m68k.deb
          Size/MD5 checksum:    98368 1063016a10f14a5be30a72345c5a0253
    
      Big endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi_20050101-1sarge1_mips.deb
          Size/MD5 checksum:   211522 97878ba78e7b22aaeff4bd8132a0be98
        http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi-yaps_20050101-1sarge1_mips.deb
          Size/MD5 checksum:   115374 06f9bc17f963527f2468b0031c319b68
    
      Little endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi_20050101-1sarge1_mipsel.deb
          Size/MD5 checksum:   210546 4422fdc2847dbac9475860dfdd870d8c
        http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi-yaps_20050101-1sarge1_mipsel.deb
          Size/MD5 checksum:   115802 b52bdba0575a6477dfcf8342d4a8cd72
    
      PowerPC architecture:
    
        http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi_20050101-1sarge1_powerpc.deb
          Size/MD5 checksum:   185160 311b5b372be6992a45c7b2b27284cdae
        http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi-yaps_20050101-1sarge1_powerpc.deb
          Size/MD5 checksum:   112072 e2a824f7b4524229f5f9911b4eb4bbdc
    
      IBM S/390 architecture:
    
        http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi_20050101-1sarge1_s390.deb
          Size/MD5 checksum:   189798 0d11c701e1059f595033b7fc3c34aa8e
        http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi-yaps_20050101-1sarge1_s390.deb
          Size/MD5 checksum:   111020 292f21fcdc55aaa0fa4aa1dc7c6da8c0
    
      Sun Sparc architecture:
    
        http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi_20050101-1sarge1_sparc.deb
          Size/MD5 checksum:   178060 7f9837e5c63eb088d2845cad487aef2b
        http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi-yaps_20050101-1sarge1_sparc.deb
          Size/MD5 checksum:   108698 a291dcbc19963289ca15d2a061161f6e
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"64","type":"x","order":"1","pct":57.14,"resources":[]},{"id":"88","title":"Should be more technical","votes":"15","type":"x","order":"2","pct":13.39,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"33","type":"x","order":"3","pct":29.46,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.