Linux Security
    Linux Security
    Linux Security

    Ubuntu: libmusicbrainz vulnerability

    Date 16 Oct 2006
    4017
    Posted By LinuxSecurity Advisories
    Luigi Auriemma discovered multiple buffer overflows in libmusicbrainz. When a user made queries to MusicBrainz servers, it was possible for malicious servers, or man-in-the-middle systems posing as servers, to send a crafted reply to the client request and remotely gain access to the user's system with the user's privileges.
    =========================================================== 
    Ubuntu Security Notice USN-363-1           October 11, 2006
    libmusicbrainz-2.0, libmusicbrainz-2.1 vulnerability
    CVE-2006-4197
    ===========================================================
    
    A security issue affects the following Ubuntu releases:
    
    Ubuntu 5.04
    Ubuntu 5.10
    Ubuntu 6.06 LTS
    
    This advisory also applies to the corresponding versions of
    Kubuntu, Edubuntu, and Xubuntu.
    
    The problem can be corrected by upgrading your system to the
    following package versions:
    
    Ubuntu 5.04:
      libmusicbrainz2                          2.0.2-10ubuntu1.1
      libmusicbrainz4                          2.1.1-3ubuntu1.1
    
    Ubuntu 5.10:
      libmusicbrainz2c2                        2.0.2-10ubuntu2.1
      libmusicbrainz4c2                        2.1.1-3ubuntu3.1
    
    Ubuntu 6.06 LTS:
      libmusicbrainz4c2a                       2.1.2-2ubuntu3.1
    
    After a standard system upgrade you need to restart your session to 
    effect the necessary changes.
    
    Details follow:
    
    Luigi Auriemma discovered multiple buffer overflows in libmusicbrainz. 
    When a user made queries to MusicBrainz servers, it was possible for 
    malicious servers, or man-in-the-middle systems posing as servers, to 
    send a crafted reply to the client request and remotely gain access to 
    the user's system with the user's privileges.
    
    
    Updated packages for Ubuntu 5.04:
    
      Source archives:
    
        https://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.0/libmusicbrainz-2.0_2.0.2-10ubuntu1.1.diff.gz
          Size/MD5:   168870 b39d7c7a1912a6e3619da89175ad8056
        https://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.0/libmusicbrainz-2.0_2.0.2-10ubuntu1.1.dsc
          Size/MD5:      773 ff16d05dd42cd50e801637eb9de65146
        https://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.0/libmusicbrainz-2.0_2.0.2.orig.tar.gz
          Size/MD5:   583123 28226090a5bf5bc844634e1d4faf6334
        https://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.1/libmusicbrainz-2.1_2.1.1-3ubuntu1.1.diff.gz
          Size/MD5:     4538 2ddbf3ddd61228d37f4d3f240085ae31
        https://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.1/libmusicbrainz-2.1_2.1.1-3ubuntu1.1.dsc
          Size/MD5:      665 0735e7ca6fc54820abdd6811c64f116c
        https://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.1/libmusicbrainz-2.1_2.1.1.orig.tar.gz
          Size/MD5:   528162 4f753d93a85cf413e00f1394b8cbd269
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon)
    
        https://security.ubuntu.com/ubuntu/pool/universe/libm/libmusicbrainz-2.0/libmusicbrainz2-dev_2.0.2-10ubuntu1.1_amd64.deb
          Size/MD5:   151662 11a3cc0c08f3b603589016fcf74183cd
        https://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.0/libmusicbrainz2_2.0.2-10ubuntu1.1_amd64.deb
          Size/MD5:   106520 8551ca098d9d24759805d7e4ef817600
        https://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.1/libmusicbrainz4-dev_2.1.1-3ubuntu1.1_amd64.deb
          Size/MD5:   116038 7f005799f60ce18c4174e06266330094
        https://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.1/libmusicbrainz4_2.1.1-3ubuntu1.1_amd64.deb
          Size/MD5:    80294 b93244958f39ebd190726ce07071c616
        https://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.0/python-musicbrainz_2.0.2-10ubuntu1.1_amd64.deb
          Size/MD5:     4968 efc242400b66eb329a7c35d00f75b6bd
        https://security.ubuntu.com/ubuntu/pool/universe/libm/libmusicbrainz-2.0/python2.3-musicbrainz_2.0.2-10ubuntu1.1_amd64.deb
          Size/MD5:    23832 473051ed63ea5e977f3c96657bd69d7e
        https://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.0/python2.4-musicbrainz_2.0.2-10ubuntu1.1_amd64.deb
          Size/MD5:    23832 e9ea4ed17012d0a55955e6804005c700
    
      i386 architecture (x86 compatible Intel/AMD)
    
        https://security.ubuntu.com/ubuntu/pool/universe/libm/libmusicbrainz-2.0/libmusicbrainz2-dev_2.0.2-10ubuntu1.1_i386.deb
          Size/MD5:   144048 b3954219a2a25e12081bf701c9c7d262
        https://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.0/libmusicbrainz2_2.0.2-10ubuntu1.1_i386.deb
          Size/MD5:   107440 979e2695515ebff93ca8651f66c0b97d
        https://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.1/libmusicbrainz4-dev_2.1.1-3ubuntu1.1_i386.deb
          Size/MD5:   109176 471c3ab6d33af47f641c70bdde8b7367
        https://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.1/libmusicbrainz4_2.1.1-3ubuntu1.1_i386.deb
          Size/MD5:    81894 4fcf7b5e1cbfb6b22114ba2da84aba8f
        https://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.0/python-musicbrainz_2.0.2-10ubuntu1.1_i386.deb
          Size/MD5:     4966 3522899dea68ef3f32aab0af0487bf68
        https://security.ubuntu.com/ubuntu/pool/universe/libm/libmusicbrainz-2.0/python2.3-musicbrainz_2.0.2-10ubuntu1.1_i386.deb
          Size/MD5:    22534 82336abec98bfaf2ed8baa7ea354d7cf
        https://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.0/python2.4-musicbrainz_2.0.2-10ubuntu1.1_i386.deb
          Size/MD5:    22534 f10158279f2840c5d06c17eaee3e63cb
    
      powerpc architecture (Apple Macintosh G3/G4/G5)
    
        https://security.ubuntu.com/ubuntu/pool/universe/libm/libmusicbrainz-2.0/libmusicbrainz2-dev_2.0.2-10ubuntu1.1_powerpc.deb
          Size/MD5:   158040 51bdd73d1e8fb0b9c228b6d4bdfd010e
        https://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.0/libmusicbrainz2_2.0.2-10ubuntu1.1_powerpc.deb
          Size/MD5:   109394 2e132b1255942fbe39483d1a2aee94fc
        https://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.1/libmusicbrainz4-dev_2.1.1-3ubuntu1.1_powerpc.deb
          Size/MD5:   119924 cb7ac6b85efc94c069f67169b456b62a
        https://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.1/libmusicbrainz4_2.1.1-3ubuntu1.1_powerpc.deb
          Size/MD5:    82274 a3e711a3288ab7dd0ebd03e0da193ca5
        https://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.0/python-musicbrainz_2.0.2-10ubuntu1.1_powerpc.deb
          Size/MD5:     4974 6ab5ccd52d78f91a7694bc109f4ffe23
        https://security.ubuntu.com/ubuntu/pool/universe/libm/libmusicbrainz-2.0/python2.3-musicbrainz_2.0.2-10ubuntu1.1_powerpc.deb
          Size/MD5:    24240 a388e8a87c30c69d3a4342ee5eee0725
        https://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.0/python2.4-musicbrainz_2.0.2-10ubuntu1.1_powerpc.deb
          Size/MD5:    24244 a05936e73dff9d55191c3fb24822174a
    
    Updated packages for Ubuntu 5.10:
    
      Source archives:
    
        https://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.0/libmusicbrainz-2.0_2.0.2-10ubuntu2.1.diff.gz
          Size/MD5:   168947 301e4cfa379ea66dba7ad75256f20889
        https://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.0/libmusicbrainz-2.0_2.0.2-10ubuntu2.1.dsc
          Size/MD5:      775 07607b028e9a30e78dacad8ba622ee2b
        https://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.0/libmusicbrainz-2.0_2.0.2.orig.tar.gz
          Size/MD5:   583123 28226090a5bf5bc844634e1d4faf6334
        https://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.1/libmusicbrainz-2.1_2.1.1-3ubuntu3.1.diff.gz
          Size/MD5:     4853 2cefa371c36bb82d865e931f8e0d4777
        https://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.1/libmusicbrainz-2.1_2.1.1-3ubuntu3.1.dsc
          Size/MD5:      667 e92b8c31891b4c304a6e7eb08e107459
        https://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.1/libmusicbrainz-2.1_2.1.1.orig.tar.gz
          Size/MD5:   528162 4f753d93a85cf413e00f1394b8cbd269
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon)
    
        https://security.ubuntu.com/ubuntu/pool/universe/libm/libmusicbrainz-2.0/libmusicbrainz2-dev_2.0.2-10ubuntu2.1_amd64.deb
          Size/MD5:   192246 b4dfd9372f0883cc3bae32724ee96057
        https://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.0/libmusicbrainz2c2_2.0.2-10ubuntu2.1_amd64.deb
          Size/MD5:   120796 b78832f039c5b7b78d3b713c5698eef2
        https://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.1/libmusicbrainz4-dev_2.1.1-3ubuntu3.1_amd64.deb
          Size/MD5:   152844 f48f3b6462fc0b3255072a02238bc780
        https://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.1/libmusicbrainz4c2_2.1.1-3ubuntu3.1_amd64.deb
          Size/MD5:    93126 5613b343111dc3b258659ff17d15a9ad
        https://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.0/python-musicbrainz_2.0.2-10ubuntu2.1_amd64.deb
          Size/MD5:     5016 8ca87e8500e99dbdee59130eb11541f7
        https://security.ubuntu.com/ubuntu/pool/universe/libm/libmusicbrainz-2.0/python2.3-musicbrainz_2.0.2-10ubuntu2.1_amd64.deb
          Size/MD5:    23874 1464ad12a7554aafbad3bce22409b610
        https://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.0/python2.4-musicbrainz_2.0.2-10ubuntu2.1_amd64.deb
          Size/MD5:    23882 e03e5970e6bb965504c3729bdd57674c
    
      i386 architecture (x86 compatible Intel/AMD)
    
        https://security.ubuntu.com/ubuntu/pool/universe/libm/libmusicbrainz-2.0/libmusicbrainz2-dev_2.0.2-10ubuntu2.1_i386.deb
          Size/MD5:   169122 8acd0cd0cc8f1a6d611a115c8e04ca70
        https://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.0/libmusicbrainz2c2_2.0.2-10ubuntu2.1_i386.deb
          Size/MD5:   113114 d57228b6da6623ebd35377d23218dbe7
        https://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.1/libmusicbrainz4-dev_2.1.1-3ubuntu3.1_i386.deb
          Size/MD5:   132278 388dacaabf2aa2222ef7c08c9ed9b3af
        https://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.1/libmusicbrainz4c2_2.1.1-3ubuntu3.1_i386.deb
          Size/MD5:    86676 04f176ea8fa687f19591e8fcbf376d89
        https://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.0/python-musicbrainz_2.0.2-10ubuntu2.1_i386.deb
          Size/MD5:     5014 6b920aa49b6d6b8d8c771122f1ac2b26
        https://security.ubuntu.com/ubuntu/pool/universe/libm/libmusicbrainz-2.0/python2.3-musicbrainz_2.0.2-10ubuntu2.1_i386.deb
          Size/MD5:    22084 f8415cb058689f4ff24fffaa680688fb
        https://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.0/python2.4-musicbrainz_2.0.2-10ubuntu2.1_i386.deb
          Size/MD5:    22082 6e516c82a755b72c59510ea34e02e4d9
    
      powerpc architecture (Apple Macintosh G3/G4/G5)
    
        https://security.ubuntu.com/ubuntu/pool/universe/libm/libmusicbrainz-2.0/libmusicbrainz2-dev_2.0.2-10ubuntu2.1_powerpc.deb
          Size/MD5:   180764 e03c7f8e114935a8fac7a33661c0b372
        https://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.0/libmusicbrainz2c2_2.0.2-10ubuntu2.1_powerpc.deb
          Size/MD5:   117868 b0302b5f2558b3c616e591ad06ad57c8
        https://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.1/libmusicbrainz4-dev_2.1.1-3ubuntu3.1_powerpc.deb
          Size/MD5:   142316 e321a117c60b47c03f5287ada70f118f
        https://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.1/libmusicbrainz4c2_2.1.1-3ubuntu3.1_powerpc.deb
          Size/MD5:    89666 98ebc39b9d19ed549d71af64aced626b
        https://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.0/python-musicbrainz_2.0.2-10ubuntu2.1_powerpc.deb
          Size/MD5:     5018 18ab8ea4435f05279ce876067e5acb63
        https://security.ubuntu.com/ubuntu/pool/universe/libm/libmusicbrainz-2.0/python2.3-musicbrainz_2.0.2-10ubuntu2.1_powerpc.deb
          Size/MD5:    24152 0f5f0daef10ce86cf6fa396ea7c13ae6
        https://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.0/python2.4-musicbrainz_2.0.2-10ubuntu2.1_powerpc.deb
          Size/MD5:    24152 7145c52167a4a48178b0d5f67d8f5bd4
    
      sparc architecture (Sun SPARC/UltraSPARC)
    
        https://security.ubuntu.com/ubuntu/pool/universe/libm/libmusicbrainz-2.0/libmusicbrainz2-dev_2.0.2-10ubuntu2.1_sparc.deb
          Size/MD5:   166434 98b9dd0c1202bca21bcdfd3e60b35677
        https://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.0/libmusicbrainz2c2_2.0.2-10ubuntu2.1_sparc.deb
          Size/MD5:   109348 cec623045b25b16d6dd0eea7e13a1855
        https://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.1/libmusicbrainz4-dev_2.1.1-3ubuntu3.1_sparc.deb
          Size/MD5:   127836 ac1d658976791c435caa55c4348a204c
        https://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.1/libmusicbrainz4c2_2.1.1-3ubuntu3.1_sparc.deb
          Size/MD5:    82154 5f8a5e03173e84876aa4bf3f82792a23
        https://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.0/python-musicbrainz_2.0.2-10ubuntu2.1_sparc.deb
          Size/MD5:     5018 98a0dd92524409b675b0d83df6ccfc77
        https://security.ubuntu.com/ubuntu/pool/universe/libm/libmusicbrainz-2.0/python2.3-musicbrainz_2.0.2-10ubuntu2.1_sparc.deb
          Size/MD5:    22030 4404e3655dd3bcf36faf50876f8d2626
        https://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.0/python2.4-musicbrainz_2.0.2-10ubuntu2.1_sparc.deb
          Size/MD5:    22030 822c4fdc6d61210a6fa5521c79ba72c1
    
    Updated packages for Ubuntu 6.06 LTS:
    
      Source archives:
    
        https://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.1/libmusicbrainz-2.1_2.1.2-2ubuntu3.1.diff.gz
          Size/MD5:   124892 882c932b9256f64665b1d3235ef9478a
        https://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.1/libmusicbrainz-2.1_2.1.2-2ubuntu3.1.dsc
          Size/MD5:      673 1c48d04024553e1465ba29b473805d94
        https://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.1/libmusicbrainz-2.1_2.1.2.orig.tar.gz
          Size/MD5:   481243 fb0ee09c74381fe9403277854bbc5cef
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon)
    
        https://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.1/libmusicbrainz4-dev_2.1.2-2ubuntu3.1_amd64.deb
          Size/MD5:   124778 e56776aa602a8604cf9719b81cc4fd1b
        https://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.1/libmusicbrainz4c2a_2.1.2-2ubuntu3.1_amd64.deb
          Size/MD5:    89400 25409403b244c8d42e1d5870f2d4ffe0
    
      i386 architecture (x86 compatible Intel/AMD)
    
        https://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.1/libmusicbrainz4-dev_2.1.2-2ubuntu3.1_i386.deb
          Size/MD5:   113336 58e35258895c157e9e4041d364c8cd18
        https://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.1/libmusicbrainz4c2a_2.1.2-2ubuntu3.1_i386.deb
          Size/MD5:    85798 ad6b8f6af72f2b25e6f793e02d125598
    
      powerpc architecture (Apple Macintosh G3/G4/G5)
    
        https://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.1/libmusicbrainz4-dev_2.1.2-2ubuntu3.1_powerpc.deb
          Size/MD5:   126426 661e5a16c4584bc6b44acd2600be4f47
        https://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.1/libmusicbrainz4c2a_2.1.2-2ubuntu3.1_powerpc.deb
          Size/MD5:    89094 82e2cf74de961de6749fcacca8fd5684
    
      sparc architecture (Sun SPARC/UltraSPARC)
    
        https://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.1/libmusicbrainz4-dev_2.1.2-2ubuntu3.1_sparc.deb
          Size/MD5:   115240 6d83140bab78a81bc792e0c34f1a5f7a
        https://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.1/libmusicbrainz4c2a_2.1.2-2ubuntu3.1_sparc.deb
          Size/MD5:    81790 8e9104c8d33b135fe87fb0770443258b
    
    
    
    --gDGSpKKIBgtShtf+
    Content-Type: application/pgp-signature; name="signature.asc"
    Content-Description: Digital signature
    Content-Disposition: inline
    
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.3 (GNU/Linux)
    
    iD8DBQFFLR5iH/9LqRcGPm0RAqBcAJ9NxLY2FsvxXlBoL29GVWtrsfIAhwCfaRyy
    t/ogzW8WVaY1n0XxCgTZL+0=qMnx
    -----END PGP SIGNATURE-----
    
    --gDGSpKKIBgtShtf+--
    
    
    --==============!04720042=Content-Type: text/plain; charset="us-ascii"
    MIME-Version: 1.0
    Content-Transfer-Encoding: 7bit
    Content-Disposition: inline
    
    --
    ubuntu-security-announce mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
    
    --==============!04720042==--
    

    Advisories

    LinuxSecurity Poll

    'Tis the season of giving! How have you given back to the open-source community?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/49-tis-the-season-of-giving-how-have-you-given-back-to-the-open-source-community?task=poll.vote&format=json
    49
    radio
    [{"id":"171","title":"I've contributed to the development of an open-source project.","votes":"8","type":"x","order":"1","pct":27.59,"resources":[]},{"id":"172","title":"I've reviewed open-source code for security bugs.","votes":"6","type":"x","order":"2","pct":20.69,"resources":[]},{"id":"173","title":"I've made a donation to an open-source project.","votes":"15","type":"x","order":"3","pct":51.72,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.