USN-363-1: libmusicbrainz vulnerability
Posted on: 10/11/2006 05:55 PM

A new libmusicbrainz vulnerability update is available for Ubuntu Linux. Here the announcement:

Ubuntu Security Notice USN-363-1 October 11, 2006
libmusicbrainz-2.0, libmusicbrainz-2.1 vulnerability
CVE-2006-4197
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D

A security issue affects the following Ubuntu releases:

Ubuntu 5.04
Ubuntu 5.10
Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.04:
libmusicbrainz2 2.0.2-10ubuntu1.1
libmusicbrainz4 2.1.1-3ubuntu1.1

Ubuntu 5.10:
libmusicbrainz2c2 2.0.2-10ubuntu2.1
libmusicbrainz4c2 2.1.1-3ubuntu3.1

Ubuntu 6.06 LTS:
libmusicbrainz4c2a 2.1.2-2ubuntu3.1

After a standard system upgrade you need to restart your session to=20
effect the necessary changes.

Details follow:

Luigi Auriemma discovered multiple buffer overflows in libmusicbrainz.=20
When a user made queries to MusicBrainz servers, it was possible for=20
malicious servers, or man-in-the-middle systems posing as servers, to=20
send a crafted reply to the client request and remotely gain access to=20
the user's system with the user's privileges.


Updated packages for Ubuntu 5.04:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.0/lib=
musicbrainz-2.0_2.0.2-10ubuntu1.1.diff.gz
Size/MD5: 168870 b39d7c7a1912a6e3619da89175ad8056
http://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.0/lib=
musicbrainz-2.0_2.0.2-10ubuntu1.1.dsc
Size/MD5: 773 ff16d05dd42cd50e801637eb9de65146
http://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.0/lib=
musicbrainz-2.0_2.0.2.orig.tar.gz
Size/MD5: 583123 28226090a5bf5bc844634e1d4faf6334
http://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.1/lib=
musicbrainz-2.1_2.1.1-3ubuntu1.1.diff.gz
Size/MD5: 4538 2ddbf3ddd61228d37f4d3f240085ae31
http://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.1/lib=
musicbrainz-2.1_2.1.1-3ubuntu1.1.dsc
Size/MD5: 665 0735e7ca6fc54820abdd6811c64f116c
http://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.1/lib=
musicbrainz-2.1_2.1.1.orig.tar.gz
Size/MD5: 528162 4f753d93a85cf413e00f1394b8cbd269

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/universe/libm/libmusicbrainz-2.0=
/libmusicbrainz2-dev_2.0.2-10ubuntu1.1_amd64.deb
Size/MD5: 151662 11a3cc0c08f3b603589016fcf74183cd
http://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.0/lib=
musicbrainz2_2.0.2-10ubuntu1.1_amd64.deb
Size/MD5: 106520 8551ca098d9d24759805d7e4ef817600
http://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.1/lib=
musicbrainz4-dev_2.1.1-3ubuntu1.1_amd64.deb
Size/MD5: 116038 7f005799f60ce18c4174e06266330094
http://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.1/lib=
musicbrainz4_2.1.1-3ubuntu1.1_amd64.deb
Size/MD5: 80294 b93244958f39ebd190726ce07071c616
http://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.0/pyt=
hon-musicbrainz_2.0.2-10ubuntu1.1_amd64.deb
Size/MD5: 4968 efc242400b66eb329a7c35d00f75b6bd
http://security.ubuntu.com/ubuntu/pool/universe/libm/libmusicbrainz-2.0=
/python2.3-musicbrainz_2.0.2-10ubuntu1.1_amd64.deb
Size/MD5: 23832 473051ed63ea5e977f3c96657bd69d7e
http://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.0/pyt=
hon2.4-musicbrainz_2.0.2-10ubuntu1.1_amd64.deb
Size/MD5: 23832 e9ea4ed17012d0a55955e6804005c700

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/universe/libm/libmusicbrainz-2.0=
/libmusicbrainz2-dev_2.0.2-10ubuntu1.1_i386.deb
Size/MD5: 144048 b3954219a2a25e12081bf701c9c7d262
http://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.0/lib=
musicbrainz2_2.0.2-10ubuntu1.1_i386.deb
Size/MD5: 107440 979e2695515ebff93ca8651f66c0b97d
http://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.1/lib=
musicbrainz4-dev_2.1.1-3ubuntu1.1_i386.deb
Size/MD5: 109176 471c3ab6d33af47f641c70bdde8b7367
http://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.1/lib=
musicbrainz4_2.1.1-3ubuntu1.1_i386.deb
Size/MD5: 81894 4fcf7b5e1cbfb6b22114ba2da84aba8f
http://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.0/pyt=
hon-musicbrainz_2.0.2-10ubuntu1.1_i386.deb
Size/MD5: 4966 3522899dea68ef3f32aab0af0487bf68
http://security.ubuntu.com/ubuntu/pool/universe/libm/libmusicbrainz-2.0=
/python2.3-musicbrainz_2.0.2-10ubuntu1.1_i386.deb
Size/MD5: 22534 82336abec98bfaf2ed8baa7ea354d7cf
http://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.0/pyt=
hon2.4-musicbrainz_2.0.2-10ubuntu1.1_i386.deb
Size/MD5: 22534 f10158279f2840c5d06c17eaee3e63cb

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/universe/libm/libmusicbrainz-2.0=
/libmusicbrainz2-dev_2.0.2-10ubuntu1.1_powerpc.deb
Size/MD5: 158040 51bdd73d1e8fb0b9c228b6d4bdfd010e
http://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.0/lib=
musicbrainz2_2.0.2-10ubuntu1.1_powerpc.deb
Size/MD5: 109394 2e132b1255942fbe39483d1a2aee94fc
http://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.1/lib=
musicbrainz4-dev_2.1.1-3ubuntu1.1_powerpc.deb
Size/MD5: 119924 cb7ac6b85efc94c069f67169b456b62a
http://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.1/lib=
musicbrainz4_2.1.1-3ubuntu1.1_powerpc.deb
Size/MD5: 82274 a3e711a3288ab7dd0ebd03e0da193ca5
http://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.0/pyt=
hon-musicbrainz_2.0.2-10ubuntu1.1_powerpc.deb
Size/MD5: 4974 6ab5ccd52d78f91a7694bc109f4ffe23
http://security.ubuntu.com/ubuntu/pool/universe/libm/libmusicbrainz-2.0=
/python2.3-musicbrainz_2.0.2-10ubuntu1.1_powerpc.deb
Size/MD5: 24240 a388e8a87c30c69d3a4342ee5eee0725
http://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.0/pyt=
hon2.4-musicbrainz_2.0.2-10ubuntu1.1_powerpc.deb
Size/MD5: 24244 a05936e73dff9d55191c3fb24822174a

Updated packages for Ubuntu 5.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.0/lib=
musicbrainz-2.0_2.0.2-10ubuntu2.1.diff.gz
Size/MD5: 168947 301e4cfa379ea66dba7ad75256f20889
http://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.0/lib=
musicbrainz-2.0_2.0.2-10ubuntu2.1.dsc
Size/MD5: 775 07607b028e9a30e78dacad8ba622ee2b
http://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.0/lib=
musicbrainz-2.0_2.0.2.orig.tar.gz
Size/MD5: 583123 28226090a5bf5bc844634e1d4faf6334
http://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.1/lib=
musicbrainz-2.1_2.1.1-3ubuntu3.1.diff.gz
Size/MD5: 4853 2cefa371c36bb82d865e931f8e0d4777
http://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.1/lib=
musicbrainz-2.1_2.1.1-3ubuntu3.1.dsc
Size/MD5: 667 e92b8c31891b4c304a6e7eb08e107459
http://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.1/lib=
musicbrainz-2.1_2.1.1.orig.tar.gz
Size/MD5: 528162 4f753d93a85cf413e00f1394b8cbd269

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/universe/libm/libmusicbrainz-2.0=
/libmusicbrainz2-dev_2.0.2-10ubuntu2.1_amd64.deb
Size/MD5: 192246 b4dfd9372f0883cc3bae32724ee96057
http://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.0/lib=
musicbrainz2c2_2.0.2-10ubuntu2.1_amd64.deb
Size/MD5: 120796 b78832f039c5b7b78d3b713c5698eef2
http://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.1/lib=
musicbrainz4-dev_2.1.1-3ubuntu3.1_amd64.deb
Size/MD5: 152844 f48f3b6462fc0b3255072a02238bc780
http://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.1/lib=
musicbrainz4c2_2.1.1-3ubuntu3.1_amd64.deb
Size/MD5: 93126 5613b343111dc3b258659ff17d15a9ad
http://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.0/pyt=
hon-musicbrainz_2.0.2-10ubuntu2.1_amd64.deb
Size/MD5: 5016 8ca87e8500e99dbdee59130eb11541f7
http://security.ubuntu.com/ubuntu/pool/universe/libm/libmusicbrainz-2.0=
/python2.3-musicbrainz_2.0.2-10ubuntu2.1_amd64.deb
Size/MD5: 23874 1464ad12a7554aafbad3bce22409b610
http://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.0/pyt=
hon2.4-musicbrainz_2.0.2-10ubuntu2.1_amd64.deb
Size/MD5: 23882 e03e5970e6bb965504c3729bdd57674c

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/universe/libm/libmusicbrainz-2.0=
/libmusicbrainz2-dev_2.0.2-10ubuntu2.1_i386.deb
Size/MD5: 169122 8acd0cd0cc8f1a6d611a115c8e04ca70
http://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.0/lib=
musicbrainz2c2_2.0.2-10ubuntu2.1_i386.deb
Size/MD5: 113114 d57228b6da6623ebd35377d23218dbe7
http://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.1/lib=
musicbrainz4-dev_2.1.1-3ubuntu3.1_i386.deb
Size/MD5: 132278 388dacaabf2aa2222ef7c08c9ed9b3af
http://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.1/lib=
musicbrainz4c2_2.1.1-3ubuntu3.1_i386.deb
Size/MD5: 86676 04f176ea8fa687f19591e8fcbf376d89
http://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.0/pyt=
hon-musicbrainz_2.0.2-10ubuntu2.1_i386.deb
Size/MD5: 5014 6b920aa49b6d6b8d8c771122f1ac2b26
http://security.ubuntu.com/ubuntu/pool/universe/libm/libmusicbrainz-2.0=
/python2.3-musicbrainz_2.0.2-10ubuntu2.1_i386.deb
Size/MD5: 22084 f8415cb058689f4ff24fffaa680688fb
http://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.0/pyt=
hon2.4-musicbrainz_2.0.2-10ubuntu2.1_i386.deb
Size/MD5: 22082 6e516c82a755b72c59510ea34e02e4d9

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/universe/libm/libmusicbrainz-2.0=
/libmusicbrainz2-dev_2.0.2-10ubuntu2.1_powerpc.deb
Size/MD5: 180764 e03c7f8e114935a8fac7a33661c0b372
http://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.0/lib=
musicbrainz2c2_2.0.2-10ubuntu2.1_powerpc.deb
Size/MD5: 117868 b0302b5f2558b3c616e591ad06ad57c8
http://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.1/lib=
musicbrainz4-dev_2.1.1-3ubuntu3.1_powerpc.deb
Size/MD5: 142316 e321a117c60b47c03f5287ada70f118f
http://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.1/lib=
musicbrainz4c2_2.1.1-3ubuntu3.1_powerpc.deb
Size/MD5: 89666 98ebc39b9d19ed549d71af64aced626b
http://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.0/pyt=
hon-musicbrainz_2.0.2-10ubuntu2.1_powerpc.deb
Size/MD5: 5018 18ab8ea4435f05279ce876067e5acb63
http://security.ubuntu.com/ubuntu/pool/universe/libm/libmusicbrainz-2.0=
/python2.3-musicbrainz_2.0.2-10ubuntu2.1_powerpc.deb
Size/MD5: 24152 0f5f0daef10ce86cf6fa396ea7c13ae6
http://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.0/pyt=
hon2.4-musicbrainz_2.0.2-10ubuntu2.1_powerpc.deb
Size/MD5: 24152 7145c52167a4a48178b0d5f67d8f5bd4

sparc architecture (Sun SPARC/UltraSPARC)

http://security.ubuntu.com/ubuntu/pool/universe/libm/libmusicbrainz-2.0=
/libmusicbrainz2-dev_2.0.2-10ubuntu2.1_sparc.deb
Size/MD5: 166434 98b9dd0c1202bca21bcdfd3e60b35677
http://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.0/lib=
musicbrainz2c2_2.0.2-10ubuntu2.1_sparc.deb
Size/MD5: 109348 cec623045b25b16d6dd0eea7e13a1855
http://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.1/lib=
musicbrainz4-dev_2.1.1-3ubuntu3.1_sparc.deb
Size/MD5: 127836 ac1d658976791c435caa55c4348a204c
http://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.1/lib=
musicbrainz4c2_2.1.1-3ubuntu3.1_sparc.deb
Size/MD5: 82154 5f8a5e03173e84876aa4bf3f82792a23
http://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.0/pyt=
hon-musicbrainz_2.0.2-10ubuntu2.1_sparc.deb
Size/MD5: 5018 98a0dd92524409b675b0d83df6ccfc77
http://security.ubuntu.com/ubuntu/pool/universe/libm/libmusicbrainz-2.0=
/python2.3-musicbrainz_2.0.2-10ubuntu2.1_sparc.deb
Size/MD5: 22030 4404e3655dd3bcf36faf50876f8d2626
http://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.0/pyt=
hon2.4-musicbrainz_2.0.2-10ubuntu2.1_sparc.deb
Size/MD5: 22030 822c4fdc6d61210a6fa5521c79ba72c1

Updated packages for Ubuntu 6.06 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.1/lib=
musicbrainz-2.1_2.1.2-2ubuntu3.1.diff.gz
Size/MD5: 124892 882c932b9256f64665b1d3235ef9478a
http://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.1/lib=
musicbrainz-2.1_2.1.2-2ubuntu3.1.dsc
Size/MD5: 673 1c48d04024553e1465ba29b473805d94
http://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.1/lib=
musicbrainz-2.1_2.1.2.orig.tar.gz
Size/MD5: 481243 fb0ee09c74381fe9403277854bbc5cef

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.1/lib=
musicbrainz4-dev_2.1.2-2ubuntu3.1_amd64.deb
Size/MD5: 124778 e56776aa602a8604cf9719b81cc4fd1b
http://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.1/lib=
musicbrainz4c2a_2.1.2-2ubuntu3.1_amd64.deb
Size/MD5: 89400 25409403b244c8d42e1d5870f2d4ffe0

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.1/lib=
musicbrainz4-dev_2.1.2-2ubuntu3.1_i386.deb
Size/MD5: 113336 58e35258895c157e9e4041d364c8cd18
http://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.1/lib=
musicbrainz4c2a_2.1.2-2ubuntu3.1_i386.deb
Size/MD5: 85798 ad6b8f6af72f2b25e6f793e02d125598

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.1/lib=
musicbrainz4-dev_2.1.2-2ubuntu3.1_powerpc.deb
Size/MD5: 126426 661e5a16c4584bc6b44acd2600be4f47
http://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.1/lib=
musicbrainz4c2a_2.1.2-2ubuntu3.1_powerpc.deb
Size/MD5: 89094 82e2cf74de961de6749fcacca8fd5684

sparc architecture (Sun SPARC/UltraSPARC)

http://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.1/lib=
musicbrainz4-dev_2.1.2-2ubuntu3.1_sparc.deb
Size/MD5: 115240 6d83140bab78a81bc792e0c34f1a5f7a
http://security.ubuntu.com/ubuntu/pool/main/libm/libmusicbrainz-2.1/lib=
musicbrainz4c2a_2.1.2-2ubuntu3.1_sparc.deb
Size/MD5: 81790 8e9104c8d33b135fe87fb0770443258b



--gDGSpKKIBgtShtf+
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFFLR5iH/9LqRcGPm0RAqBcAJ9NxLY2FsvxXlBoL29GVWtrsfIAhwCfaRyy
t/ogzW8WVaY1n0XxCgTZL+0=
=qMnx
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/usn_363_1_libmusicbrainz_vulnerability.html)