User: Password:
Subscribe / Log in / New account

Fedora alert FEDORA-EXTRAS-2006-003 (dumb)

From:  Hans de Goede <>
Subject:  Fedora Extras dump-package security update (CVE-2006-3668)
Date:  Mon, 31 Jul 2006 21:26:12 +0200

--------------------------------------------------------------------- Fedora Update Notification FEDORA-EXTRAS-2006-003 --------------------------------------------------------------------- Product: Fedora Extras [5 devel] Name: dumb Version: 0.9.3 Release: 4 Summary: IT, XM, S3M and MOD player library Description: IT, XM, S3M and MOD player library. Mainly targeted for use with the allegro game programming library, but it can be used without allegro. Faithful to the original trackers, especially IT. --------------------------------------------------------------------- Update Information: CVE ID: CVE-2006-3668 Luigi Auriemma discovered that DUMB, a tracker music library, performs insufficient sanitising of values parsed from IT music files. This could result in a heap-based buffer overflow in the it_read_envelope function in Dynamic Universal Music Bibliotheque (DUMB) 0.9.3 and earlier and current CVS as of 20060716, including libdumb, allows user-complicit attackers to execute arbitrary code via a ".it" (Impulse Tracker) file with an envelope with a large number of nodes. Fedora Extras versions 0.9.3-3 and earlier are vulnerable to this upgrade to 0.9.3-4 to fix this vulnerability. --------------------------------------------------------------------- This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at _______________________________________________ Fedora-package-announce mailing list

(Log in to post comments)

Copyright © 2018, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds