Debian: New cheesetraceker packages fix buffer overflow
Summary
- ------------------------------------------------------------------------Debian Security Advisory DSA-1166-2 security@debian.org http://www.debian.org/security/ Steve Kemp October 13, 2006 - ------------------------------------------------------------------------Package : cheesetracker (0.9.9-1sarge1) Vulnerability : buffer overflow Problem-Type : local Debian-specific: no CVE ID : CVE-2006-3814 BugTraq ID : 20060723 Debian Bug : 380364 This update to DSA-1166 adds the architectures which were missing from the previous advisory. Luigi Auriemma discovered a buffer overflow in the loading component of cheesetracker, a sound module tracking program, which could allow a maliciously constructed input file to execute arbitary code. For the stable distribution (sarge) this problem has been fixed in version 0.9.9-1sarge1. For the unstable distribution (sid) this problem has been fixed in version 0.9.9-6. We recommend that you upgrade your cheesetracker package. Upgrade instructions - --------------------wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian 3.1 (stable) - -------------------Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc. mips architecture (MIPS (Big Endian)) Size/MD5 checksum: 1050496 e5a01ae14aa451723afad8e18bbe748f mipsel architecture (MIPS (Little Endian)) Size/MD5 checksum: 1043988 0e4a9ee9244b41311eea39b2f90528c9 These files will probably be moved into the stable distribution on its next update. - ---------------------------------------------------------------------------------For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org