[PLSN-0007] new libcdaudio package available [LWN.net]

From:		Peachtree Linux Security Team <security-AT-peachtree.burdell.org>
To:		peachlnx-security-AT-lists.sourceforge.net, bugtraq-AT-securityfocus.com
Subject:		[PLSN-0007] new libcdaudio package available
Date:		Mon, 25 Apr 2005 22:14:11 -0400

---------------------------------------------------------------------------
Peachtree Linux Security Notice PLSN-0007
April 22, 2005

Remote DoS and possible code execution in libcdaudio
CAN-2005-0706
---------------------------------------------------------------------------

The following Peachtree Linux releases are affected:

   Peachtree Linux release 1 ("Atlanta")

Description:

   CAN-2005-0706:  Buffer overflow in CDDB result handling allows
   attackers to cause a denial of service (crash) and possible execute
   arbitrary code by causing the cddb lookup to return more matches than
   expected.

   (NOTE: This vulnerability was originally found to affect grip.  We do
   not ship grip, but Mandriva found that the vulnerability affected
   libcdaudio and gnome-vfs.)

Packages:

   alpha
      7087c543031ed7c2799b047b4d8b2c24  libcdaudio-0.99.4.alpha.dist

   i386
      ca2ca9a7677148641f5c598be1d330b1  libcdaudio-0.99.4.i686.dist

   ppc
      f22c18b50e37e31437ba3ad44fc09d1e  libcdaudio-0.99.4.ppc.dist

Solution:

   Download the appropriate package for your release of Peachtree linux.
   Upgrade your system to the new package:

      distadd -u packagename

   Where package name is the name of the package file from the list above.

-- 
Peachtree Linux Security Team
http://peachtree.burdell.org/

(Log in to post comments)