Linux Security
    Linux Security
    Linux Security

    Debian: id3lib3.8.3 fix denial of service DSA-1365-3

    Date 02 Oct 2007
    2884
    Posted By LinuxSecurity Advisories
    Nikolaus Schulz discovered that a programming error in id3lib, an ID3 Tag Library, may lead to denial of service through symlink attacks.
    - - --------------------------------------------------------------------------
    Debian Security Advisory DSA 1365-3                    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.debian.org/security/           Moritz Muehlenhoff, Dann Frazier
    October 2nd, 2007                       https://www.debian.org/security/faq
    - - --------------------------------------------------------------------------
    
    Package        : id3lib3.8.3
    Vulnerability  : programming error
    Problem-Type   : local
    Debian-specific: no
    CVE ID         : CVE-2007-4460
    Debian Bug     : 438540
    
    Nikolaus Schulz discovered that a programming error in id3lib, an ID3 Tag
    Library, may lead to denial of service through symlink attacks.
    
    This update to DSA-1365-2 provides missing packages for the mipsel
    architecture for the stable distribution (etch).
    
    For the oldstable distribution (sarge) this problem has been fixed in
    version 3.8.3-4.1sarge1.
    
    For the stable distribution (etch) this problem has been fixed in
    version 3.8.3-6etch1.
    
    For the unstable distribution (sid) this problem has been fixed in
    version 3.8.3-7.
    
    We recommend that you upgrade your id3lib3.8.3 packages.
    
    
    Upgrade Instructions
    - - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 3.1 alias sarge
    - - --------------------------------
      Source archives:
    
        https://security.debian.org/pool/updates/main/i/id3lib3.8.3/id3lib3.8.3_3.8.3-4.1sarge1.dsc
          Size/MD5 checksum:      655 94eda5191994c0dbe0146a85a9e94737
        https://security.debian.org/pool/updates/main/i/id3lib3.8.3/id3lib3.8.3_3.8.3-4.1sarge1.diff.gz
          Size/MD5 checksum:   134382 b45300bc3341dbedf90f4c593462794f
        https://security.debian.org/pool/updates/main/i/id3lib3.8.3/id3lib3.8.3_3.8.3.orig.tar.gz
          Size/MD5 checksum:   950726 19f27ddd2dda4b2d26a559a4f0f402a7
    
      Alpha architecture:
    
        https://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3_3.8.3-4.1sarge1_alpha.deb
          Size/MD5 checksum:   200738 a089ad12c4ddd30a4f6fdb340b3c9c26
        https://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3-dev_3.8.3-4.1sarge1_alpha.deb
          Size/MD5 checksum:   358668 6a3178d16f20a2a4228133a0f692d197
    
      AMD64 architecture:
    
        https://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3_3.8.3-4.1sarge1_amd64.deb
          Size/MD5 checksum:   190378 90cfc4e6ab66afc0618946eda78ce66d
        https://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3-dev_3.8.3-4.1sarge1_amd64.deb
          Size/MD5 checksum:   295174 79e8d0882c54ffceabff4b4b527317cb
    
      ARM architecture:
    
        https://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3_3.8.3-4.1sarge1_arm.deb
          Size/MD5 checksum:   204106 ae12d537affbc35f82517dbba061b332
        https://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3-dev_3.8.3-4.1sarge1_arm.deb
          Size/MD5 checksum:   322872 607fdb462573a9d022338c5f011363e0
    
      HP Precision architecture:
    
        https://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3_3.8.3-4.1sarge1_hppa.deb
          Size/MD5 checksum:   213312 5279c3416cd3d0c301439a8de2b70ee7
        https://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3-dev_3.8.3-4.1sarge1_hppa.deb
          Size/MD5 checksum:   349392 28751fdfecf730380b111537646cac03
    
      Intel IA-32 architecture:
    
        https://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3_3.8.3-4.1sarge1_i386.deb
          Size/MD5 checksum:   180852 10afd005f77c934946d1bcaf04998d92
        https://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3-dev_3.8.3-4.1sarge1_i386.deb
          Size/MD5 checksum:   258526 3bb1cb543f6b2ab1a4985dfa536dd3e5
    
      Intel IA-64 architecture:
    
        https://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3_3.8.3-4.1sarge1_ia64.deb
          Size/MD5 checksum:   214970 eb496451fad3c40a54f55dd55ff0e4d9
        https://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3-dev_3.8.3-4.1sarge1_ia64.deb
          Size/MD5 checksum:   371532 2a339fa9b2d875dccf416dc648b5d11a
    
      Motorola 680x0 architecture:
    
        https://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3_3.8.3-4.1sarge1_m68k.deb
          Size/MD5 checksum:   190796 9d8b6bb6f224470ea1ac92d92015ad95
        https://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3-dev_3.8.3-4.1sarge1_m68k.deb
          Size/MD5 checksum:   263074 a5747d036e6df6f1170e8c2607cb632d
    
      Big endian MIPS architecture:
    
        https://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3_3.8.3-4.1sarge1_mips.deb
          Size/MD5 checksum:   197400 144d3525c130676898f379e6ab26c804
        https://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3-dev_3.8.3-4.1sarge1_mips.deb
          Size/MD5 checksum:   317716 31cde74a7a1328f63ce17907c539791a
    
      Little endian MIPS architecture:
    
        https://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3_3.8.3-4.1sarge1_mipsel.deb
          Size/MD5 checksum:   186678 2f8a8cdbf9a89b49fb43164b248d9196
        https://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3-dev_3.8.3-4.1sarge1_mipsel.deb
          Size/MD5 checksum:   315966 eb8fd5f5e78b9a0537dca9b5eb5d0f27
    
      PowerPC architecture:
    
        https://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3_3.8.3-4.1sarge1_powerpc.deb
          Size/MD5 checksum:   189040 0eb109d6c6864a912de8396b2fb7be31
        https://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3-dev_3.8.3-4.1sarge1_powerpc.deb
          Size/MD5 checksum:   296638 4c113a84cfe17cc506043e26e6b6f094
    
      IBM S/390 architecture:
    
        https://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3_3.8.3-4.1sarge1_s390.deb
          Size/MD5 checksum:   192592 d897e59ae0f1fe48a5e64bdb8c006416
        https://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3-dev_3.8.3-4.1sarge1_s390.deb
          Size/MD5 checksum:   313664 84727122d6fae1d78f35ecdd3f2beefe
    
      Sun Sparc architecture:
    
        https://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3_3.8.3-4.1sarge1_sparc.deb
          Size/MD5 checksum:   184716 52c13bfcb58b41b2ce0456c046194bf4
        https://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3-dev_3.8.3-4.1sarge1_sparc.deb
          Size/MD5 checksum:   279552 edc8e1d5d6f4f7d7beac85e81b29cdd3
    
    Debian GNU/Linux 4.0 alias etch
    - - --------------------------------
    
      Source archives:
    
        https://security.debian.org/pool/updates/main/i/id3lib3.8.3/id3lib3.8.3_3.8.3-6etch1.dsc
          Size/MD5 checksum:      652 ada1a9d686cbfe925a34b2173227b47e
        https://security.debian.org/pool/updates/main/i/id3lib3.8.3/id3lib3.8.3_3.8.3-6etch1.diff.gz
          Size/MD5 checksum:   135226 495cb5f4610853f02a740e9b7c1a71c5
        https://security.debian.org/pool/updates/main/i/id3lib3.8.3/id3lib3.8.3_3.8.3.orig.tar.gz
          Size/MD5 checksum:   950726 19f27ddd2dda4b2d26a559a4f0f402a7
    
      Alpha architecture:
    
        https://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3-dev_3.8.3-6etch1_alpha.deb
          Size/MD5 checksum:   341286 c074664c96375662596d490ce9e59e2f
        https://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3c2a_3.8.3-6etch1_alpha.deb
          Size/MD5 checksum:   187286 a6cb95da944dfe5e1a28cbf5136f3b6f
    
      AMD64 architecture:
    
        https://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3-dev_3.8.3-6etch1_amd64.deb
          Size/MD5 checksum:   283136 6fe99daa8aab3fd9549ab7d2db11aedc
        https://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3c2a_3.8.3-6etch1_amd64.deb
          Size/MD5 checksum:   176214 e35c8545fe42ae16362144e23772735a
    
      ARM architecture:
    
        https://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3-dev_3.8.3-6etch1_arm.deb
          Size/MD5 checksum:   277156 4f1e8102266eb7fe3f42dd613274c02a
        https://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3c2a_3.8.3-6etch1_arm.deb
          Size/MD5 checksum:   179072 fa3c352ad012326b3753fa1b7b189eaf
    
      HP Precision architecture:
    
        https://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3-dev_3.8.3-6etch1_hppa.deb
          Size/MD5 checksum:   305654 f9d69c8cdb5585e5b1dc3a9742b5edce
        https://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3c2a_3.8.3-6etch1_hppa.deb
          Size/MD5 checksum:   196342 fa9087816b58d9ed207e25401906c64a
    
      Intel IA-32 architecture:
    
        https://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3-dev_3.8.3-6etch1_i386.deb
          Size/MD5 checksum:   263064 6b7e0823707843fa76158a0e1ba7f42f
        https://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3c2a_3.8.3-6etch1_i386.deb
          Size/MD5 checksum:   176662 05ca5942a44486b658a44e4bee16154d
    
      Intel IA-64 architecture:
    
        https://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3-dev_3.8.3-6etch1_ia64.deb
          Size/MD5 checksum:   351960 6fd56a95a8aa66fa890a99a3264a7cbd
        https://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3c2a_3.8.3-6etch1_ia64.deb
          Size/MD5 checksum:   202690 e1c25a15ff7a480cafd1ac5d95ea0083
    
      Big endian MIPS architecture:
    
        https://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3-dev_3.8.3-6etch1_mips.deb
          Size/MD5 checksum:   285984 576083197b0d3778f9963ff697f0dd6f
        https://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3c2a_3.8.3-6etch1_mips.deb
          Size/MD5 checksum:   173660 221f900fe4f7bb66fc1cfdae380844c5
    
      Little endian MIPS architecture:
    
        https://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3-dev_3.8.3-6etch1_mipsel.deb
          Size/MD5 checksum:   285784 ac22324cd11eeb23ee2dd17c52b18401
        https://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3c2a_3.8.3-6etch1_mipsel.deb
          Size/MD5 checksum:   172404 ff862958eca1c3257d843a956dd64d2c
    
      PowerPC architecture:
    
        https://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3-dev_3.8.3-6etch1_powerpc.deb
          Size/MD5 checksum:   283208 8d6f0c3417ba62980ff80c5084ba0cad
        https://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3c2a_3.8.3-6etch1_powerpc.deb
          Size/MD5 checksum:   176614 89b9c136ae81ebd9918420d7d6915c28
    
      IBM S/390 architecture:
    
        https://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3-dev_3.8.3-6etch1_s390.deb
          Size/MD5 checksum:   269674 d8dd6f6d7d76a46063c0723f974198da
        https://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3c2a_3.8.3-6etch1_s390.deb
          Size/MD5 checksum:   177402 028a696232d95ddf67ae6acb7a3aac9c
    
      Sun Sparc architecture:
    
        https://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3-dev_3.8.3-6etch1_sparc.deb
          Size/MD5 checksum:   251852 2356b2546559f20403987530357a68fc
        https://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3c2a_3.8.3-6etch1_sparc.deb
          Size/MD5 checksum:   176600 80690cceeeb56b25d0cd30381ee28ad4
    
    
      These files will probably be moved into the stable and oldstable
      distributions upon their next updates.
    
    - - ---------------------------------------------------------------------------------
    For apt-get: deb https://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    

    LinuxSecurity Poll

    'Tis the season of giving! How have you given back to the open-source community?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/49-tis-the-season-of-giving-how-have-you-given-back-to-the-open-source-community?task=poll.vote&format=json
    49
    radio
    [{"id":"171","title":"I've contributed to the development of an open-source project.","votes":"11","type":"x","order":"1","pct":34.38,"resources":[]},{"id":"172","title":"I've reviewed open-source code for security bugs.","votes":"6","type":"x","order":"2","pct":18.75,"resources":[]},{"id":"173","title":"I've made a donation to an open-source project.","votes":"15","type":"x","order":"3","pct":46.88,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.