Stay Secure with the Latest Linux Advisories

security advisorymoderatebuffer overflow

Red Hat: RHSA-2005:304-01 Moderate: grip Buffer Overflow

A new grip package is available that fixes a remote buffer overflow. This update has been rated as having moderate security impact by the Red Hat Security Response Team.. - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: grip security update Advisory ID: RHSA-2005:304-01 Advisory URL: https://access.redhat.com/errata/RHSA-2005:304.html Issue date: 2005-03-28 Updated on: 2005-03-28 Product: Red Hat Enterprise Linux CVE Names: CAN-2005-0706 - ---------------------------------------------------------------------1. Summary: A new grip package is available that fixes a remote buffer overflow. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 3. Problem description: Grip is a GTK+ based front-end for CD rippers (such as cdparanoia and cdda2wav) and Ogg Vorbis encoders. Dean Brettle discovered a buffer overflow bug in the way grip handles data returned by CDDB servers. It is possible that if a user connects to a malicious CDDB server, an attacker could execute arbitrary code on the victim's machine. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0706 to this issue. Users of grip should upgrade to this updated package, which contains a backported patch, and is not vulnerable to this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how toinstall packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/10/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 150712 - CAN-2005-0706 Buffer overflow in grip 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: cf1dc608404752a9a5b61a422f3cb508 grip-2.96-1.3.src.rpm i386: 4bf449365661b5cadc1f0a9c6c0bc3a7 grip-2.96-1.3.i386.rpm ia64: 6d2c64d58783feb49c895c27a2e9e993 grip-2.96-1.3.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: cf1dc608404752a9a5b61a422f3cb508 grip-2.96-1.3.src.rpm ia64: 6d2c64d58783feb49c895c27a2e9e993 grip-2.96-1.3.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: cf1dc608404752a9a5b61a422f3cb508 grip-2.96-1.3.src.rpm i386: 4bf449365661b5cadc1f0a9c6c0bc3a7 grip-2.96-1.3.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: cf1dc608404752a9a5b61a422f3cb508 grip-2.96-1.3.src.rpm i386: 4bf449365661b5cadc1f0a9c6c0bc3a7 grip-2.96-1.3.i386.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://www.cve.org/CVERecord?id=CVE-CAN-2005-0706 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2005 Red Hat, Inc. . Patch for vulnerability addresses a local memory corruption impacting Ubuntu. Discover details in security bulletin USN-2023-1234.. Red Hat Security, Grip Update, Buffer Overflow Fix. . LinuxSecurity.com Team

Mar 28, 2005 Red Hat