Debian: New libtunepimp packages fix arbitrary code execution

    Date01 Aug 2006
    CategoryDebian
    3497
    Posted ByLinuxSecurity Advisories
    Updated package.
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 1135-1                    This email address is being protected from spambots. You need JavaScript enabled to view it.
    	
    http://www.debian.org/security/                             Martin Schulze
    August 2nd, 2006                        http://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : libtunepimp
    Vulnerability  : buffer overflow
    Problem type   : remote
    Debian-specific: no
    CVE ID         : CVE-2006-3600
    BugTraq ID     : 18961
    Debian Bug     : 378091
    
    Kevin Kofler discovered several stack-based buffer overflows in the
    LookupTRM::lookup function in libtunepimp, a MusicBrainz tagging
    library, which allows remote attacers to cause a denial of service or
    execute arbitrary code.
    
    For the stable distribution (sarge) these problems have been fixed in
    version 0.3.0-3sarge2.
    
    For the unstable distribution (sid) these problems have been fixed in
    version 0.4.2-4.
    
    We recommend that you upgrade your libtunepimp packages.
    
    
    Upgrade Instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given at the end of this advisory:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 3.1 alias sarge
    - --------------------------------
    
      Source archives:
    
        http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp_0.3.0-3sarge2.dsc
          Size/MD5 checksum:     1030 9a4920fa648987c785ca7a90389e26d2
        http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp_0.3.0-3sarge2.diff.gz
          Size/MD5 checksum:     6370 7398c09a7d071ae47a47d8cf439f98f4
        http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp_0.3.0.orig.tar.gz
          Size/MD5 checksum:   524889 f1f506914150c4917ec730f847ad4709
    
      Alpha architecture:
    
        http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-bin_0.3.0-3sarge2_alpha.deb
          Size/MD5 checksum:    24890 2978735432d84c89ae7298388469f45b
        http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-perl_0.3.0-3sarge2_alpha.deb
          Size/MD5 checksum:    69628 caebe7ed98abb9434b8271a6a60bbcf3
        http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2_0.3.0-3sarge2_alpha.deb
          Size/MD5 checksum:   183756 59e0e4beba76a472ab2871ff560e43db
        http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-3sarge2_alpha.deb
          Size/MD5 checksum:   400968 14a5497f7e5a29c7428051f9ac1197db
        http://security.debian.org/pool/updates/main/libt/libtunepimp/python-tunepimp_0.3.0-3sarge2_alpha.deb
          Size/MD5 checksum:     7514 ed92833051c36f1834d4c2e8431a995b
        http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.2-tunepimp_0.3.0-3sarge2_alpha.deb
          Size/MD5 checksum:    36986 3f20bf702c8afd5c515caedb3577d7c4
        http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.3-tunepimp_0.3.0-3sarge2_alpha.deb
          Size/MD5 checksum:    37012 b397a318bf98a9b8a66e92d813ec1417
    
      AMD64 architecture:
    
        http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-bin_0.3.0-3sarge2_amd64.deb
          Size/MD5 checksum:    22574 ab767e6a192e3435808cdc3c0f2eba10
        http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-perl_0.3.0-3sarge2_amd64.deb
          Size/MD5 checksum:    64662 2b13c0f10121799469f5918b9457816c
        http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2_0.3.0-3sarge2_amd64.deb
          Size/MD5 checksum:   167846 c8a9826ed526df5f0b3db91671e86ff8
        http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-3sarge2_amd64.deb
          Size/MD5 checksum:   309342 989a04b1b26449ccef4534d3b573da3f
        http://security.debian.org/pool/updates/main/libt/libtunepimp/python-tunepimp_0.3.0-3sarge2_amd64.deb
          Size/MD5 checksum:     7062 3f59546ad6171eb57027961425008dda
        http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.2-tunepimp_0.3.0-3sarge2_amd64.deb
          Size/MD5 checksum:    35350 85910d25472fd6cd765c5ec70eaec73a
        http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.3-tunepimp_0.3.0-3sarge2_amd64.deb
          Size/MD5 checksum:    35350 ac75587d5816b4b7f4a8c297960c58de
    
      ARM architecture:
    
        http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-bin_0.3.0-3sarge2_arm.deb
          Size/MD5 checksum:    21328 f0edf637f04bc0569f7d817f7ac4c15f
        http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-perl_0.3.0-3sarge2_arm.deb
          Size/MD5 checksum:    60078 11945b07935b831ebc12850951da1814
        http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2_0.3.0-3sarge2_arm.deb
          Size/MD5 checksum:   252294 1dc8ce3cacbafd0e7724c25534e8c2ac
        http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-3sarge2_arm.deb
          Size/MD5 checksum:   429780 d4025de16da2eeba4daf3b8c373a1972
        http://security.debian.org/pool/updates/main/libt/libtunepimp/python-tunepimp_0.3.0-3sarge2_arm.deb
          Size/MD5 checksum:     7494 4bbe28e891a9bbcc4e45f7b0fcaf3a18
        http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.2-tunepimp_0.3.0-3sarge2_arm.deb
          Size/MD5 checksum:    30692 deec987c46ef0036daf8da7950250beb
        http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.3-tunepimp_0.3.0-3sarge2_arm.deb
          Size/MD5 checksum:    30704 e80752d9804d728e54cc21f213ebbc85
    
      Intel IA-32 architecture:
    
        http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-bin_0.3.0-3sarge2_i386.deb
          Size/MD5 checksum:    21680 0a120ab21f78a77bb59cb99ca1eb1b8f
        http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-perl_0.3.0-3sarge2_i386.deb
          Size/MD5 checksum:    64192 65733e6e2b007c958edddbaa2297ed8c
        http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2_0.3.0-3sarge2_i386.deb
          Size/MD5 checksum:   172848 aae66182b0509ed6e9b9ef8fc1efe8e9
        http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-3sarge2_i386.deb
          Size/MD5 checksum:   295464 bfab73e38dd99e38b6ed3ebc7872521c
        http://security.debian.org/pool/updates/main/libt/libtunepimp/python-tunepimp_0.3.0-3sarge2_i386.deb
          Size/MD5 checksum:     7384 6b0279cb428e28f0c25936f90c171e7e
        http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.2-tunepimp_0.3.0-3sarge2_i386.deb
          Size/MD5 checksum:    32342 815c12dc0d0bda96bcc3e9e667acdfb1
        http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.3-tunepimp_0.3.0-3sarge2_i386.deb
          Size/MD5 checksum:    32346 ead31d0b6cd458c681bee2d4fc894df0
    
      Intel IA-64 architecture:
    
        http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-bin_0.3.0-3sarge2_ia64.deb
          Size/MD5 checksum:    27032 4b4867843c38aec3e7d7cab211c50180
        http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-perl_0.3.0-3sarge2_ia64.deb
          Size/MD5 checksum:    70892 51a6fc495685aa15bca597ba5d49481d
        http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2_0.3.0-3sarge2_ia64.deb
          Size/MD5 checksum:   229114 30d7dd79ef08c59c3dccc707ed4c4149
        http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-3sarge2_ia64.deb
          Size/MD5 checksum:   404248 4417640aa53c74f2316f117788382668
        http://security.debian.org/pool/updates/main/libt/libtunepimp/python-tunepimp_0.3.0-3sarge2_ia64.deb
          Size/MD5 checksum:     7540 86e56a9b5ba5ebac8e1ce08415c81e5c
        http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.2-tunepimp_0.3.0-3sarge2_ia64.deb
          Size/MD5 checksum:    41274 5d65583580941d6267755c95bacd6041
        http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.3-tunepimp_0.3.0-3sarge2_ia64.deb
          Size/MD5 checksum:    41290 af3f7132986f4f4eea952b6bf48ab86b
    
      HP Precision architecture:
    
        http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-bin_0.3.0-3sarge2_hppa.deb
          Size/MD5 checksum:    23038 70f7ff16fa268b83ec8112ea0943eef7
        http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-perl_0.3.0-3sarge2_hppa.deb
          Size/MD5 checksum:    71002 d4b412a8e7367cbddde555e8bc12b5c4
        http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2_0.3.0-3sarge2_hppa.deb
          Size/MD5 checksum:   202392 b45edc22062afbc716299c70bbde5e62
        http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-3sarge2_hppa.deb
          Size/MD5 checksum:   372742 113319297131816655e0b4e9884c0512
        http://security.debian.org/pool/updates/main/libt/libtunepimp/python-tunepimp_0.3.0-3sarge2_hppa.deb
          Size/MD5 checksum:     7388 90e1630a60eebc1316185ad3f17ecfc2
        http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.2-tunepimp_0.3.0-3sarge2_hppa.deb
          Size/MD5 checksum:    37312 9a1702305b151cc90c33fd037d211c40
        http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.3-tunepimp_0.3.0-3sarge2_hppa.deb
          Size/MD5 checksum:    37322 e664954cc2797cb6b982234f36a947fc
    
      Motorola 680x0 architecture:
    
        http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-bin_0.3.0-3sarge2_m68k.deb
          Size/MD5 checksum:    21260 ad6086a9b25ca8d5fde4dbc23ce9c692
        http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-perl_0.3.0-3sarge2_m68k.deb
          Size/MD5 checksum:    65180 ecaf5f32f118c3bea03ee72feb3a706a
        http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2_0.3.0-3sarge2_m68k.deb
          Size/MD5 checksum:   173120 94856cac57d86e7a03e3809965f0e788
        http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-3sarge2_m68k.deb
          Size/MD5 checksum:   294810 7f8a76aabf519488b7e6f566a80cbac4
        http://security.debian.org/pool/updates/main/libt/libtunepimp/python-tunepimp_0.3.0-3sarge2_m68k.deb
          Size/MD5 checksum:     7362 b4328d4446b3ac504452637a6fe6bd08
        http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.2-tunepimp_0.3.0-3sarge2_m68k.deb
          Size/MD5 checksum:    33760 6fad71c1af6746f309fbe8ba2a6eebbe
        http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.3-tunepimp_0.3.0-3sarge2_m68k.deb
          Size/MD5 checksum:    33790 10d2cbfb58b42889a2c163851e99751b
    
      Big endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-bin_0.3.0-3sarge2_mips.deb
          Size/MD5 checksum:    23990 dcda0902f1c1124f03e9120ebfde0bfd
        http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-perl_0.3.0-3sarge2_mips.deb
          Size/MD5 checksum:    41350 f7f8f4a0b7c25c235c6b9d8dad1d9d9c
        http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2_0.3.0-3sarge2_mips.deb
          Size/MD5 checksum:   161176 b7d6241896195d7f314a439b372b127e
        http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-3sarge2_mips.deb
          Size/MD5 checksum:   327600 eafb77ad18b8856fe45476197067b8e2
        http://security.debian.org/pool/updates/main/libt/libtunepimp/python-tunepimp_0.3.0-3sarge2_mips.deb
          Size/MD5 checksum:     7488 b93b17c16646f9d2c43d3b713f0e414e
        http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.2-tunepimp_0.3.0-3sarge2_mips.deb
          Size/MD5 checksum:    30832 51f3c2b19ec9e12feca6094bfc1c234c
        http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.3-tunepimp_0.3.0-3sarge2_mips.deb
          Size/MD5 checksum:    30830 075f88566e8bd20c7035ccb6bd5c75c1
    
      Little endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-bin_0.3.0-3sarge2_mipsel.deb
          Size/MD5 checksum:    24010 948df50ac97f84a3e87915cf8e2e1227
        http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-perl_0.3.0-3sarge2_mipsel.deb
          Size/MD5 checksum:    41174 58740675d89c0d3790ec8911e465e101
        http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2_0.3.0-3sarge2_mipsel.deb
          Size/MD5 checksum:   159904 17004743326aa4116d39a51f71205d10
        http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-3sarge2_mipsel.deb
          Size/MD5 checksum:   327466 227c0388ec56c7d150d0155ae37c4e70
        http://security.debian.org/pool/updates/main/libt/libtunepimp/python-tunepimp_0.3.0-3sarge2_mipsel.deb
          Size/MD5 checksum:     7506 bee85b2381fb78193452dd0b59a6ecae
        http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.2-tunepimp_0.3.0-3sarge2_mipsel.deb
          Size/MD5 checksum:    30530 061f243e1eca9e6f26ef812964907a74
        http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.3-tunepimp_0.3.0-3sarge2_mipsel.deb
          Size/MD5 checksum:    30550 d3e03c3944ecc11589d63c9f9cfed9f2
    
      PowerPC architecture:
    
        http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-bin_0.3.0-3sarge2_powerpc.deb
          Size/MD5 checksum:    24732 c9c38d154af36ad28637c763f8dcd117
        http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-perl_0.3.0-3sarge2_powerpc.deb
          Size/MD5 checksum:    65578 99ab71a5594f3f69c3e375da379dc530
        http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2_0.3.0-3sarge2_powerpc.deb
          Size/MD5 checksum:   163704 8f7a6aa6a353144c23a8eed9d364251e
        http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-3sarge2_powerpc.deb
          Size/MD5 checksum:   313058 e4b4d41dcea114933b79a2f0acf1e933
        http://security.debian.org/pool/updates/main/libt/libtunepimp/python-tunepimp_0.3.0-3sarge2_powerpc.deb
          Size/MD5 checksum:     7540 0a87f9037368c2326618c4fca8420823
        http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.2-tunepimp_0.3.0-3sarge2_powerpc.deb
          Size/MD5 checksum:    34964 2a29738183724ddf8088457795a57044
        http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.3-tunepimp_0.3.0-3sarge2_powerpc.deb
          Size/MD5 checksum:    34974 195aaf1a53f0419a6333e49e91b0b2cc
    
      IBM S/390 architecture:
    
        http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-bin_0.3.0-3sarge2_s390.deb
          Size/MD5 checksum:    22526 1193ac69323d7c312cd75793087c91b9
        http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-perl_0.3.0-3sarge2_s390.deb
          Size/MD5 checksum:    47592 e072c4b460e330972eecc8056ffdf62e
        http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2_0.3.0-3sarge2_s390.deb
          Size/MD5 checksum:   164408 bacc4965dccb7825f71a52bf61216168
        http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-3sarge2_s390.deb
          Size/MD5 checksum:   293254 68deddeeff41080b0e13a8cab173dad0
        http://security.debian.org/pool/updates/main/libt/libtunepimp/python-tunepimp_0.3.0-3sarge2_s390.deb
          Size/MD5 checksum:     7492 1d23ac5ea74763a38833f933141dd0fa
        http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.2-tunepimp_0.3.0-3sarge2_s390.deb
          Size/MD5 checksum:    37268 2cf940107c56c3864fa97013bd21598b
        http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.3-tunepimp_0.3.0-3sarge2_s390.deb
          Size/MD5 checksum:    37252 ac915f3997f66e4c6a94ecee7c6cca37
    
      Sun Sparc architecture:
    
        http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-bin_0.3.0-3sarge2_sparc.deb
          Size/MD5 checksum:    21478 93b66545509e935ce3a8be05e71a93c5
        http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-perl_0.3.0-3sarge2_sparc.deb
          Size/MD5 checksum:    64890 2bfba94ca4422855510dfd2cbdc6ce02
        http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2_0.3.0-3sarge2_sparc.deb
          Size/MD5 checksum:   163392 a65569a7c43e112ab422e0624a1e4bcb
        http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-3sarge2_sparc.deb
          Size/MD5 checksum:   299368 c2075aa76dac67ab7c82196ae30a63c4
        http://security.debian.org/pool/updates/main/libt/libtunepimp/python-tunepimp_0.3.0-3sarge2_sparc.deb
          Size/MD5 checksum:     7518 9d9f6ecf4323f7416adb06ccc22c5533
        http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.2-tunepimp_0.3.0-3sarge2_sparc.deb
          Size/MD5 checksum:    33272 a604ebd85536a7de80d1015114047451
        http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.3-tunepimp_0.3.0-3sarge2_sparc.deb
          Size/MD5 checksum:    33280 3d50a7091fb5ed0038956a81c0bfd828
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"37","type":"x","order":"1","pct":51.39,"resources":[]},{"id":"88","title":"Should be more technical","votes":"10","type":"x","order":"2","pct":13.89,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"25","type":"x","order":"3","pct":34.72,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.