Debian: New id3lib3.8.3 packages fix denial of service

    Date01 Sep 2007
    CategoryDebian
    3408
    Posted ByLinuxSecurity Advisories
    Nikolaus Schulz discovered that a programming error in id3lib, an ID3 Tag Library, may lead to denial of service through symlink attacks.
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 1365-1                    This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                         Moritz Muehlenhoff
    September 1st, 2007                     http://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : id3lib3.8.3
    Vulnerability  : programming error
    Problem-Type   : local
    Debian-specific: no
    CVE ID         : CVE-2007-4460
    Debian Bug     : 438540
    
    Nikolaus Schulz discovered that a programming error in id3lib, an ID3 Tag
    Library, may lead to denial of service through symlink attacks.
    
    For the oldstable distribution (sarge) this problem has been fixed in
    version 3.8.3-4.1sarge1.
    
    Due to a technical limitation in the archive management scripts the fix
    for the stable distribution (etch) can only be released in a few days.
    
    For the unstable distribution (sid) this problem has been fixed in
    version 3.8.3-7.
    
    We recommend that you upgrade your id3lib3.8.3 packages.
    
    
    Upgrade Instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 3.1 alias sarge
    - --------------------------------
    
      Source archives:
    
        http://security.debian.org/pool/updates/main/i/id3lib3.8.3/id3lib3.8.3_3.8.3-4.1sarge1.dsc
          Size/MD5 checksum:      655 94eda5191994c0dbe0146a85a9e94737
        http://security.debian.org/pool/updates/main/i/id3lib3.8.3/id3lib3.8.3_3.8.3-4.1sarge1.diff.gz
          Size/MD5 checksum:   134382 b45300bc3341dbedf90f4c593462794f
        http://security.debian.org/pool/updates/main/i/id3lib3.8.3/id3lib3.8.3_3.8.3.orig.tar.gz
          Size/MD5 checksum:   950726 19f27ddd2dda4b2d26a559a4f0f402a7
    
      Alpha architecture:
    
        http://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3_3.8.3-4.1sarge1_alpha.deb
          Size/MD5 checksum:   200738 a089ad12c4ddd30a4f6fdb340b3c9c26
        http://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3-dev_3.8.3-4.1sarge1_alpha.deb
          Size/MD5 checksum:   358668 6a3178d16f20a2a4228133a0f692d197
    
      AMD64 architecture:
    
        http://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3_3.8.3-4.1sarge1_amd64.deb
          Size/MD5 checksum:   190378 90cfc4e6ab66afc0618946eda78ce66d
        http://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3-dev_3.8.3-4.1sarge1_amd64.deb
          Size/MD5 checksum:   295174 79e8d0882c54ffceabff4b4b527317cb
    
      ARM architecture:
    
        http://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3_3.8.3-4.1sarge1_arm.deb
          Size/MD5 checksum:   204106 ae12d537affbc35f82517dbba061b332
        http://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3-dev_3.8.3-4.1sarge1_arm.deb
          Size/MD5 checksum:   322872 607fdb462573a9d022338c5f011363e0
    
      HP Precision architecture:
    
        http://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3_3.8.3-4.1sarge1_hppa.deb
          Size/MD5 checksum:   213312 5279c3416cd3d0c301439a8de2b70ee7
        http://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3-dev_3.8.3-4.1sarge1_hppa.deb
          Size/MD5 checksum:   349392 28751fdfecf730380b111537646cac03
    
      Intel IA-32 architecture:
    
        http://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3_3.8.3-4.1sarge1_i386.deb
          Size/MD5 checksum:   180852 10afd005f77c934946d1bcaf04998d92
        http://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3-dev_3.8.3-4.1sarge1_i386.deb
          Size/MD5 checksum:   258526 3bb1cb543f6b2ab1a4985dfa536dd3e5
    
      Intel IA-64 architecture:
    
        http://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3_3.8.3-4.1sarge1_ia64.deb
          Size/MD5 checksum:   214970 eb496451fad3c40a54f55dd55ff0e4d9
        http://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3-dev_3.8.3-4.1sarge1_ia64.deb
          Size/MD5 checksum:   371532 2a339fa9b2d875dccf416dc648b5d11a
    
      Motorola 680x0 architecture:
    
        http://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3_3.8.3-4.1sarge1_m68k.deb
          Size/MD5 checksum:   190796 9d8b6bb6f224470ea1ac92d92015ad95
        http://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3-dev_3.8.3-4.1sarge1_m68k.deb
          Size/MD5 checksum:   263074 a5747d036e6df6f1170e8c2607cb632d
    
      Big endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3_3.8.3-4.1sarge1_mips.deb
          Size/MD5 checksum:   197400 144d3525c130676898f379e6ab26c804
        http://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3-dev_3.8.3-4.1sarge1_mips.deb
          Size/MD5 checksum:   317716 31cde74a7a1328f63ce17907c539791a
    
      Little endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3_3.8.3-4.1sarge1_mipsel.deb
          Size/MD5 checksum:   186678 2f8a8cdbf9a89b49fb43164b248d9196
        http://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3-dev_3.8.3-4.1sarge1_mipsel.deb
          Size/MD5 checksum:   315966 eb8fd5f5e78b9a0537dca9b5eb5d0f27
    
      PowerPC architecture:
    
        http://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3_3.8.3-4.1sarge1_powerpc.deb
          Size/MD5 checksum:   189040 0eb109d6c6864a912de8396b2fb7be31
        http://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3-dev_3.8.3-4.1sarge1_powerpc.deb
          Size/MD5 checksum:   296638 4c113a84cfe17cc506043e26e6b6f094
    
      IBM S/390 architecture:
    
        http://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3_3.8.3-4.1sarge1_s390.deb
          Size/MD5 checksum:   192592 d897e59ae0f1fe48a5e64bdb8c006416
        http://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3-dev_3.8.3-4.1sarge1_s390.deb
          Size/MD5 checksum:   313664 84727122d6fae1d78f35ecdd3f2beefe
    
      Sun Sparc architecture:
    
        http://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3_3.8.3-4.1sarge1_sparc.deb
          Size/MD5 checksum:   184716 52c13bfcb58b41b2ce0456c046194bf4
        http://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3-dev_3.8.3-4.1sarge1_sparc.deb
          Size/MD5 checksum:   279552 edc8e1d5d6f4f7d7beac85e81b29cdd3
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"5","type":"x","order":"1","pct":55.56,"resources":[]},{"id":"88","title":"Should be more technical","votes":"3","type":"x","order":"2","pct":33.33,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"1","type":"x","order":"3","pct":11.11,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    Advisories

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.