Stay Secure with the Latest Linux Advisories

security advisorybuffer overflowsoftware update

Fedora Extras 2006-003 Critical: DUMB Library Buffer Overflow Threat

Luigi Auriemma discovered that DUMB, a tracker music library, performs insufficient sanitising of values parsed from IT music files. This could result in a heap-based buffer overflow in the it_read_envelope function in Dynamic Universal Music Bibliotheque (DUMB) 0.9.3 and earlier and current CVS as of 20060716, including libdumb, allows user-complicit attackers to execute arbitrary code via a ".it" (Impulse Tracker) file with an envelope with a large number of nodes. . ---------------------------------------------------------------------Fedora Update Notification FEDORA-EXTRAS-2006-003 ---------------------------------------------------------------------Product: Fedora Extras [5 devel] Name: dumb Version: 0.9.3 Release: 4 Summary: IT, XM, S3M and MOD player library Description: IT, XM, S3M and MOD player library. Mainly targeted for use with the allegro game programming library, but it can be used without allegro. Faithful to the original trackers, especially IT. ---------------------------------------------------------------------Update Information: CVE ID: CVE-2006-3668 Luigi Auriemma discovered that DUMB, a tracker music library, performs insufficient sanitising of values parsed from IT music files. This could result in a heap-based buffer overflow in the it_read_envelope function in Dynamic Universal Music Bibliotheque (DUMB) 0.9.3 and earlier and current CVS as of 20060716, including libdumb, allows user-complicit attackers to execute arbitrary code via a ".it" (Impulse Tracker) file with an envelope with a large number of nodes. Fedora Extras versions 0.9.3-3 and earlier are vulnerable to this upgrade to 0.9.3-4 to fix this vulnerability. ---------------------------------------------------------------------This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' availableat _______________________________________________ Fedora-package-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ . Uncover essential security patches and precautionary measures related to the DUMB library within Fedora Extras, focusing on the prevention of execution vulnerabilities.. DUMB Library Security Update,Fedora Buffer Overflow Fix,Update Fedora Packages,Music Tracker Library Vulnerability. . Severity: Critical. LinuxSecurity.com Team

Jul 31, 2006 •Critical Fedora