Linux Security
Linux Security
Linux Security

Debian: New libtunepimp packages fix arbitrary code execution

Date 01 Aug 2006
3661
Posted By LinuxSecurity Advisories
Updated package.
- --------------------------------------------------------------------------
Debian Security Advisory DSA 1135-1                    This email address is being protected from spambots. You need JavaScript enabled to view it.
https://www.debian.org/security/                             Martin Schulze
August 2nd, 2006                        https://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : libtunepimp
Vulnerability  : buffer overflow
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2006-3600
BugTraq ID     : 18961
Debian Bug     : 378091

Kevin Kofler discovered several stack-based buffer overflows in the
LookupTRM::lookup function in libtunepimp, a MusicBrainz tagging
library, which allows remote attacers to cause a denial of service or
execute arbitrary code.

For the stable distribution (sarge) these problems have been fixed in
version 0.3.0-3sarge2.

For the unstable distribution (sid) these problems have been fixed in
version 0.4.2-4.

We recommend that you upgrade your libtunepimp packages.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    https://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp_0.3.0-3sarge2.dsc
      Size/MD5 checksum:     1030 9a4920fa648987c785ca7a90389e26d2
    https://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp_0.3.0-3sarge2.diff.gz
      Size/MD5 checksum:     6370 7398c09a7d071ae47a47d8cf439f98f4
    https://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp_0.3.0.orig.tar.gz
      Size/MD5 checksum:   524889 f1f506914150c4917ec730f847ad4709

  Alpha architecture:

    https://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-bin_0.3.0-3sarge2_alpha.deb
      Size/MD5 checksum:    24890 2978735432d84c89ae7298388469f45b
    https://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-perl_0.3.0-3sarge2_alpha.deb
      Size/MD5 checksum:    69628 caebe7ed98abb9434b8271a6a60bbcf3
    https://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2_0.3.0-3sarge2_alpha.deb
      Size/MD5 checksum:   183756 59e0e4beba76a472ab2871ff560e43db
    https://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-3sarge2_alpha.deb
      Size/MD5 checksum:   400968 14a5497f7e5a29c7428051f9ac1197db
    https://security.debian.org/pool/updates/main/libt/libtunepimp/python-tunepimp_0.3.0-3sarge2_alpha.deb
      Size/MD5 checksum:     7514 ed92833051c36f1834d4c2e8431a995b
    https://security.debian.org/pool/updates/main/libt/libtunepimp/python2.2-tunepimp_0.3.0-3sarge2_alpha.deb
      Size/MD5 checksum:    36986 3f20bf702c8afd5c515caedb3577d7c4
    https://security.debian.org/pool/updates/main/libt/libtunepimp/python2.3-tunepimp_0.3.0-3sarge2_alpha.deb
      Size/MD5 checksum:    37012 b397a318bf98a9b8a66e92d813ec1417

  AMD64 architecture:

    https://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-bin_0.3.0-3sarge2_amd64.deb
      Size/MD5 checksum:    22574 ab767e6a192e3435808cdc3c0f2eba10
    https://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-perl_0.3.0-3sarge2_amd64.deb
      Size/MD5 checksum:    64662 2b13c0f10121799469f5918b9457816c
    https://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2_0.3.0-3sarge2_amd64.deb
      Size/MD5 checksum:   167846 c8a9826ed526df5f0b3db91671e86ff8
    https://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-3sarge2_amd64.deb
      Size/MD5 checksum:   309342 989a04b1b26449ccef4534d3b573da3f
    https://security.debian.org/pool/updates/main/libt/libtunepimp/python-tunepimp_0.3.0-3sarge2_amd64.deb
      Size/MD5 checksum:     7062 3f59546ad6171eb57027961425008dda
    https://security.debian.org/pool/updates/main/libt/libtunepimp/python2.2-tunepimp_0.3.0-3sarge2_amd64.deb
      Size/MD5 checksum:    35350 85910d25472fd6cd765c5ec70eaec73a
    https://security.debian.org/pool/updates/main/libt/libtunepimp/python2.3-tunepimp_0.3.0-3sarge2_amd64.deb
      Size/MD5 checksum:    35350 ac75587d5816b4b7f4a8c297960c58de

  ARM architecture:

    https://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-bin_0.3.0-3sarge2_arm.deb
      Size/MD5 checksum:    21328 f0edf637f04bc0569f7d817f7ac4c15f
    https://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-perl_0.3.0-3sarge2_arm.deb
      Size/MD5 checksum:    60078 11945b07935b831ebc12850951da1814
    https://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2_0.3.0-3sarge2_arm.deb
      Size/MD5 checksum:   252294 1dc8ce3cacbafd0e7724c25534e8c2ac
    https://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-3sarge2_arm.deb
      Size/MD5 checksum:   429780 d4025de16da2eeba4daf3b8c373a1972
    https://security.debian.org/pool/updates/main/libt/libtunepimp/python-tunepimp_0.3.0-3sarge2_arm.deb
      Size/MD5 checksum:     7494 4bbe28e891a9bbcc4e45f7b0fcaf3a18
    https://security.debian.org/pool/updates/main/libt/libtunepimp/python2.2-tunepimp_0.3.0-3sarge2_arm.deb
      Size/MD5 checksum:    30692 deec987c46ef0036daf8da7950250beb
    https://security.debian.org/pool/updates/main/libt/libtunepimp/python2.3-tunepimp_0.3.0-3sarge2_arm.deb
      Size/MD5 checksum:    30704 e80752d9804d728e54cc21f213ebbc85

  Intel IA-32 architecture:

    https://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-bin_0.3.0-3sarge2_i386.deb
      Size/MD5 checksum:    21680 0a120ab21f78a77bb59cb99ca1eb1b8f
    https://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-perl_0.3.0-3sarge2_i386.deb
      Size/MD5 checksum:    64192 65733e6e2b007c958edddbaa2297ed8c
    https://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2_0.3.0-3sarge2_i386.deb
      Size/MD5 checksum:   172848 aae66182b0509ed6e9b9ef8fc1efe8e9
    https://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-3sarge2_i386.deb
      Size/MD5 checksum:   295464 bfab73e38dd99e38b6ed3ebc7872521c
    https://security.debian.org/pool/updates/main/libt/libtunepimp/python-tunepimp_0.3.0-3sarge2_i386.deb
      Size/MD5 checksum:     7384 6b0279cb428e28f0c25936f90c171e7e
    https://security.debian.org/pool/updates/main/libt/libtunepimp/python2.2-tunepimp_0.3.0-3sarge2_i386.deb
      Size/MD5 checksum:    32342 815c12dc0d0bda96bcc3e9e667acdfb1
    https://security.debian.org/pool/updates/main/libt/libtunepimp/python2.3-tunepimp_0.3.0-3sarge2_i386.deb
      Size/MD5 checksum:    32346 ead31d0b6cd458c681bee2d4fc894df0

  Intel IA-64 architecture:

    https://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-bin_0.3.0-3sarge2_ia64.deb
      Size/MD5 checksum:    27032 4b4867843c38aec3e7d7cab211c50180
    https://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-perl_0.3.0-3sarge2_ia64.deb
      Size/MD5 checksum:    70892 51a6fc495685aa15bca597ba5d49481d
    https://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2_0.3.0-3sarge2_ia64.deb
      Size/MD5 checksum:   229114 30d7dd79ef08c59c3dccc707ed4c4149
    https://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-3sarge2_ia64.deb
      Size/MD5 checksum:   404248 4417640aa53c74f2316f117788382668
    https://security.debian.org/pool/updates/main/libt/libtunepimp/python-tunepimp_0.3.0-3sarge2_ia64.deb
      Size/MD5 checksum:     7540 86e56a9b5ba5ebac8e1ce08415c81e5c
    https://security.debian.org/pool/updates/main/libt/libtunepimp/python2.2-tunepimp_0.3.0-3sarge2_ia64.deb
      Size/MD5 checksum:    41274 5d65583580941d6267755c95bacd6041
    https://security.debian.org/pool/updates/main/libt/libtunepimp/python2.3-tunepimp_0.3.0-3sarge2_ia64.deb
      Size/MD5 checksum:    41290 af3f7132986f4f4eea952b6bf48ab86b

  HP Precision architecture:

    https://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-bin_0.3.0-3sarge2_hppa.deb
      Size/MD5 checksum:    23038 70f7ff16fa268b83ec8112ea0943eef7
    https://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-perl_0.3.0-3sarge2_hppa.deb
      Size/MD5 checksum:    71002 d4b412a8e7367cbddde555e8bc12b5c4
    https://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2_0.3.0-3sarge2_hppa.deb
      Size/MD5 checksum:   202392 b45edc22062afbc716299c70bbde5e62
    https://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-3sarge2_hppa.deb
      Size/MD5 checksum:   372742 113319297131816655e0b4e9884c0512
    https://security.debian.org/pool/updates/main/libt/libtunepimp/python-tunepimp_0.3.0-3sarge2_hppa.deb
      Size/MD5 checksum:     7388 90e1630a60eebc1316185ad3f17ecfc2
    https://security.debian.org/pool/updates/main/libt/libtunepimp/python2.2-tunepimp_0.3.0-3sarge2_hppa.deb
      Size/MD5 checksum:    37312 9a1702305b151cc90c33fd037d211c40
    https://security.debian.org/pool/updates/main/libt/libtunepimp/python2.3-tunepimp_0.3.0-3sarge2_hppa.deb
      Size/MD5 checksum:    37322 e664954cc2797cb6b982234f36a947fc

  Motorola 680x0 architecture:

    https://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-bin_0.3.0-3sarge2_m68k.deb
      Size/MD5 checksum:    21260 ad6086a9b25ca8d5fde4dbc23ce9c692
    https://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-perl_0.3.0-3sarge2_m68k.deb
      Size/MD5 checksum:    65180 ecaf5f32f118c3bea03ee72feb3a706a
    https://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2_0.3.0-3sarge2_m68k.deb
      Size/MD5 checksum:   173120 94856cac57d86e7a03e3809965f0e788
    https://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-3sarge2_m68k.deb
      Size/MD5 checksum:   294810 7f8a76aabf519488b7e6f566a80cbac4
    https://security.debian.org/pool/updates/main/libt/libtunepimp/python-tunepimp_0.3.0-3sarge2_m68k.deb
      Size/MD5 checksum:     7362 b4328d4446b3ac504452637a6fe6bd08
    https://security.debian.org/pool/updates/main/libt/libtunepimp/python2.2-tunepimp_0.3.0-3sarge2_m68k.deb
      Size/MD5 checksum:    33760 6fad71c1af6746f309fbe8ba2a6eebbe
    https://security.debian.org/pool/updates/main/libt/libtunepimp/python2.3-tunepimp_0.3.0-3sarge2_m68k.deb
      Size/MD5 checksum:    33790 10d2cbfb58b42889a2c163851e99751b

  Big endian MIPS architecture:

    https://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-bin_0.3.0-3sarge2_mips.deb
      Size/MD5 checksum:    23990 dcda0902f1c1124f03e9120ebfde0bfd
    https://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-perl_0.3.0-3sarge2_mips.deb
      Size/MD5 checksum:    41350 f7f8f4a0b7c25c235c6b9d8dad1d9d9c
    https://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2_0.3.0-3sarge2_mips.deb
      Size/MD5 checksum:   161176 b7d6241896195d7f314a439b372b127e
    https://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-3sarge2_mips.deb
      Size/MD5 checksum:   327600 eafb77ad18b8856fe45476197067b8e2
    https://security.debian.org/pool/updates/main/libt/libtunepimp/python-tunepimp_0.3.0-3sarge2_mips.deb
      Size/MD5 checksum:     7488 b93b17c16646f9d2c43d3b713f0e414e
    https://security.debian.org/pool/updates/main/libt/libtunepimp/python2.2-tunepimp_0.3.0-3sarge2_mips.deb
      Size/MD5 checksum:    30832 51f3c2b19ec9e12feca6094bfc1c234c
    https://security.debian.org/pool/updates/main/libt/libtunepimp/python2.3-tunepimp_0.3.0-3sarge2_mips.deb
      Size/MD5 checksum:    30830 075f88566e8bd20c7035ccb6bd5c75c1

  Little endian MIPS architecture:

    https://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-bin_0.3.0-3sarge2_mipsel.deb
      Size/MD5 checksum:    24010 948df50ac97f84a3e87915cf8e2e1227
    https://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-perl_0.3.0-3sarge2_mipsel.deb
      Size/MD5 checksum:    41174 58740675d89c0d3790ec8911e465e101
    https://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2_0.3.0-3sarge2_mipsel.deb
      Size/MD5 checksum:   159904 17004743326aa4116d39a51f71205d10
    https://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-3sarge2_mipsel.deb
      Size/MD5 checksum:   327466 227c0388ec56c7d150d0155ae37c4e70
    https://security.debian.org/pool/updates/main/libt/libtunepimp/python-tunepimp_0.3.0-3sarge2_mipsel.deb
      Size/MD5 checksum:     7506 bee85b2381fb78193452dd0b59a6ecae
    https://security.debian.org/pool/updates/main/libt/libtunepimp/python2.2-tunepimp_0.3.0-3sarge2_mipsel.deb
      Size/MD5 checksum:    30530 061f243e1eca9e6f26ef812964907a74
    https://security.debian.org/pool/updates/main/libt/libtunepimp/python2.3-tunepimp_0.3.0-3sarge2_mipsel.deb
      Size/MD5 checksum:    30550 d3e03c3944ecc11589d63c9f9cfed9f2

  PowerPC architecture:

    https://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-bin_0.3.0-3sarge2_powerpc.deb
      Size/MD5 checksum:    24732 c9c38d154af36ad28637c763f8dcd117
    https://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-perl_0.3.0-3sarge2_powerpc.deb
      Size/MD5 checksum:    65578 99ab71a5594f3f69c3e375da379dc530
    https://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2_0.3.0-3sarge2_powerpc.deb
      Size/MD5 checksum:   163704 8f7a6aa6a353144c23a8eed9d364251e
    https://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-3sarge2_powerpc.deb
      Size/MD5 checksum:   313058 e4b4d41dcea114933b79a2f0acf1e933
    https://security.debian.org/pool/updates/main/libt/libtunepimp/python-tunepimp_0.3.0-3sarge2_powerpc.deb
      Size/MD5 checksum:     7540 0a87f9037368c2326618c4fca8420823
    https://security.debian.org/pool/updates/main/libt/libtunepimp/python2.2-tunepimp_0.3.0-3sarge2_powerpc.deb
      Size/MD5 checksum:    34964 2a29738183724ddf8088457795a57044
    https://security.debian.org/pool/updates/main/libt/libtunepimp/python2.3-tunepimp_0.3.0-3sarge2_powerpc.deb
      Size/MD5 checksum:    34974 195aaf1a53f0419a6333e49e91b0b2cc

  IBM S/390 architecture:

    https://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-bin_0.3.0-3sarge2_s390.deb
      Size/MD5 checksum:    22526 1193ac69323d7c312cd75793087c91b9
    https://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-perl_0.3.0-3sarge2_s390.deb
      Size/MD5 checksum:    47592 e072c4b460e330972eecc8056ffdf62e
    https://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2_0.3.0-3sarge2_s390.deb
      Size/MD5 checksum:   164408 bacc4965dccb7825f71a52bf61216168
    https://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-3sarge2_s390.deb
      Size/MD5 checksum:   293254 68deddeeff41080b0e13a8cab173dad0
    https://security.debian.org/pool/updates/main/libt/libtunepimp/python-tunepimp_0.3.0-3sarge2_s390.deb
      Size/MD5 checksum:     7492 1d23ac5ea74763a38833f933141dd0fa
    https://security.debian.org/pool/updates/main/libt/libtunepimp/python2.2-tunepimp_0.3.0-3sarge2_s390.deb
      Size/MD5 checksum:    37268 2cf940107c56c3864fa97013bd21598b
    https://security.debian.org/pool/updates/main/libt/libtunepimp/python2.3-tunepimp_0.3.0-3sarge2_s390.deb
      Size/MD5 checksum:    37252 ac915f3997f66e4c6a94ecee7c6cca37

  Sun Sparc architecture:

    https://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-bin_0.3.0-3sarge2_sparc.deb
      Size/MD5 checksum:    21478 93b66545509e935ce3a8be05e71a93c5
    https://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-perl_0.3.0-3sarge2_sparc.deb
      Size/MD5 checksum:    64890 2bfba94ca4422855510dfd2cbdc6ce02
    https://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2_0.3.0-3sarge2_sparc.deb
      Size/MD5 checksum:   163392 a65569a7c43e112ab422e0624a1e4bcb
    https://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-3sarge2_sparc.deb
      Size/MD5 checksum:   299368 c2075aa76dac67ab7c82196ae30a63c4
    https://security.debian.org/pool/updates/main/libt/libtunepimp/python-tunepimp_0.3.0-3sarge2_sparc.deb
      Size/MD5 checksum:     7518 9d9f6ecf4323f7416adb06ccc22c5533
    https://security.debian.org/pool/updates/main/libt/libtunepimp/python2.2-tunepimp_0.3.0-3sarge2_sparc.deb
      Size/MD5 checksum:    33272 a604ebd85536a7de80d1015114047451
    https://security.debian.org/pool/updates/main/libt/libtunepimp/python2.3-tunepimp_0.3.0-3sarge2_sparc.deb
      Size/MD5 checksum:    33280 3d50a7091fb5ed0038956a81c0bfd828


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb https://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.

LinuxSecurity Poll

How frequently do you patch/update your system?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum 0 answer(s) and maximum 3 answer(s).
/main-polls/52-how-frequently-do-you-patch-update-your-system?task=poll.vote&format=json
52
radio
[{"id":"179","title":"As soon as patches\/updates are released - I track advisories for my distro(s) diligently","votes":"44","type":"x","order":"1","pct":81.48,"resources":[]},{"id":"180","title":"Every so often, when I think of it","votes":"5","type":"x","order":"2","pct":9.26,"resources":[]},{"id":"181","title":"Hardly ever","votes":"5","type":"x","order":"3","pct":9.26,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

Please vote first in order to view vote results.

VOTE ON THE POLL PAGE


VIEW MORE POLLS

bottom 200

Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.