Linux Security
    Linux Security
    Linux Security

    Debian: id3lib3.8.3 fix denial of service DSA-1365-1

    Date 01 Sep 2007
    Posted By LinuxSecurity Advisories
    Nikolaus Schulz discovered that a programming error in id3lib, an ID3 Tag Library, may lead to denial of service through symlink attacks.
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 1365-1                    This email address is being protected from spambots. You need JavaScript enabled to view it.                         Moritz Muehlenhoff
    September 1st, 2007           
    - --------------------------------------------------------------------------
    Package        : id3lib3.8.3
    Vulnerability  : programming error
    Problem-Type   : local
    Debian-specific: no
    CVE ID         : CVE-2007-4460
    Debian Bug     : 438540
    Nikolaus Schulz discovered that a programming error in id3lib, an ID3 Tag
    Library, may lead to denial of service through symlink attacks.
    For the oldstable distribution (sarge) this problem has been fixed in
    version 3.8.3-4.1sarge1.
    Due to a technical limitation in the archive management scripts the fix
    for the stable distribution (etch) can only be released in a few days.
    For the unstable distribution (sid) this problem has been fixed in
    version 3.8.3-7.
    We recommend that you upgrade your id3lib3.8.3 packages.
    Upgrade Instructions
    - --------------------
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    Debian GNU/Linux 3.1 alias sarge
    - --------------------------------
      Source archives:
          Size/MD5 checksum:      655 94eda5191994c0dbe0146a85a9e94737
          Size/MD5 checksum:   134382 b45300bc3341dbedf90f4c593462794f
          Size/MD5 checksum:   950726 19f27ddd2dda4b2d26a559a4f0f402a7
      Alpha architecture:
          Size/MD5 checksum:   200738 a089ad12c4ddd30a4f6fdb340b3c9c26
          Size/MD5 checksum:   358668 6a3178d16f20a2a4228133a0f692d197
      AMD64 architecture:
          Size/MD5 checksum:   190378 90cfc4e6ab66afc0618946eda78ce66d
          Size/MD5 checksum:   295174 79e8d0882c54ffceabff4b4b527317cb
      ARM architecture:
          Size/MD5 checksum:   204106 ae12d537affbc35f82517dbba061b332
          Size/MD5 checksum:   322872 607fdb462573a9d022338c5f011363e0
      HP Precision architecture:
          Size/MD5 checksum:   213312 5279c3416cd3d0c301439a8de2b70ee7
          Size/MD5 checksum:   349392 28751fdfecf730380b111537646cac03
      Intel IA-32 architecture:
          Size/MD5 checksum:   180852 10afd005f77c934946d1bcaf04998d92
          Size/MD5 checksum:   258526 3bb1cb543f6b2ab1a4985dfa536dd3e5
      Intel IA-64 architecture:
          Size/MD5 checksum:   214970 eb496451fad3c40a54f55dd55ff0e4d9
          Size/MD5 checksum:   371532 2a339fa9b2d875dccf416dc648b5d11a
      Motorola 680x0 architecture:
          Size/MD5 checksum:   190796 9d8b6bb6f224470ea1ac92d92015ad95
          Size/MD5 checksum:   263074 a5747d036e6df6f1170e8c2607cb632d
      Big endian MIPS architecture:
          Size/MD5 checksum:   197400 144d3525c130676898f379e6ab26c804
          Size/MD5 checksum:   317716 31cde74a7a1328f63ce17907c539791a
      Little endian MIPS architecture:
          Size/MD5 checksum:   186678 2f8a8cdbf9a89b49fb43164b248d9196
          Size/MD5 checksum:   315966 eb8fd5f5e78b9a0537dca9b5eb5d0f27
      PowerPC architecture:
          Size/MD5 checksum:   189040 0eb109d6c6864a912de8396b2fb7be31
          Size/MD5 checksum:   296638 4c113a84cfe17cc506043e26e6b6f094
      IBM S/390 architecture:
          Size/MD5 checksum:   192592 d897e59ae0f1fe48a5e64bdb8c006416
          Size/MD5 checksum:   313664 84727122d6fae1d78f35ecdd3f2beefe
      Sun Sparc architecture:
          Size/MD5 checksum:   184716 52c13bfcb58b41b2ce0456c046194bf4
          Size/MD5 checksum:   279552 edc8e1d5d6f4f7d7beac85e81b29cdd3
      These files will probably be moved into the stable distribution on
      its next update.
    - ---------------------------------------------------------------------------------
    For apt-get: deb stable/updates main
    For dpkg-ftp: dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.


    LinuxSecurity Poll

    'Tis the season of giving! How have you given back to the open-source community?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    [{"id":"171","title":"I've contributed to the development of an open-source project.","votes":"11","type":"x","order":"1","pct":34.38,"resources":[]},{"id":"172","title":"I've reviewed open-source code for security bugs.","votes":"6","type":"x","order":"2","pct":18.75,"resources":[]},{"id":"173","title":"I've made a donation to an open-source project.","votes":"15","type":"x","order":"3","pct":46.88,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.