Fedora Extras dump-package security update (CVE-2006-3668)
Summary
FEDORA-EXTRAS-2006-003 Name: dumb Version: 0.9.3 Release: 4 Summary: IT, XM, S3M and MOD player library Description: IT, XM, S3M and MOD player library. Mainly targeted for use with the allegro game programming library, but it can be used without allegro. Faithful to the original trackers, especially IT. CVE ID: CVE-2006-3668 Luigi Auriemma discovered that DUMB, a tracker music library, performs insufficient sanitising of values parsed from IT music files. This could result in a heap-based buffer overflow in the it_read_envelope function in Dynamic Universal Music Bibliotheque (DUMB) 0.9.3 and earlier and current CVS as of 20060716, including libdumb, allows user-complicit attackers to execute arbitrary code via a ".it" (Impulse Tracker) file with an envelope with a large number of nodes. Fedora Extras versions 0.9.3-3 and earlier are vulnerable to this upgrade to 0.9.3-4 to fix this vulnerability. update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at
Change Log
References