[Security Announce] [ MDKSA-2006:126 ] - Updated libtunepimp packages fixes buffer overflow vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2006:126
http://www.mandriva.com/security/
_______________________________________________________________________

Package : libtunepimp
Date : July 18, 2006
Affected: 2006.0
_______________________________________________________________________

Problem Description:

Kevin Kofler discovered multiple stack-based buffer overflows in the
LookupTRM::lookup function in libtunepimp 0.4.2 that allow remote
user-complicit attackers to cause a denial of service (application crash)
and possibly execute code via a long (1) Album release date
(MBE_ReleaseGetDate), (2) data, or (3) error strings.

Updated packages have been patched to correct this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3600
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2006.0:
fdb516cf3dea20bf1d88fdbfd14c6d5c 2006.0/RPMS/libtunepimp2-0.3.0-3.2.20060mdk.i586.rpm
5e10b7d6d6455c3b7be8a8cc21957f04 2006.0/RPMS/libtunepimp2-devel-0.3.0-3.2.20060mdk.i586.rpm
3eb6321a88393a9614346a7104eba2b5 2006.0/RPMS/libtunepimp2-static-devel-0.3.0-3.2.20060mdk.i586.rpm
5dbdeb4ee582712d8fc368d37b6a0174 2006.0/RPMS/libtunepimp2-utils-0.3.0-3.2.20060mdk.i586.rpm
05b7eb248b94c2782ae877304bdc09d2 2006.0/SRPMS/libtunepimp-0.3.0-3.2.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
bce87a055a585ea8591cfefe5da6c6cb x86_64/2006.0/RPMS/lib64tunepimp2-0.3.0-3.2.20060mdk.x86_64.rpm
20a641a6086e7a752b4f52be49dc743a x86_64/2006.0/RPMS/lib64tunepimp2-devel-0.3.0-3.2.20060mdk.x86_64.rpm
14cb96ff49c1607c6ddc58c097bce42f x86_64/2006.0/RPMS/lib64tunepimp2-static-devel-0.3.0-3.2.20060mdk.x86_64.rpm
b8910c32850f889d310cc66d7c03f99e x86_64/2006.0/RPMS/lib64tunepimp2-utils-0.3.0-3.2.20060mdk.x86_64.rpm
05b7eb248b94c2782ae877304bdc09d2 x86_64/2006.0/SRPMS/libtunepimp-0.3.0-3.2.20060mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
lt;security*mandriva.comgt;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEvVOqmqjQ0CJFipgRAmT/AJwN6lZ2N9vVrCTCfeu+P4GCqYrvWACfbQWw
ymaorFMK/yxskvkYtm/e7XI=
=AIkB
-----END PGP SIGNATURE-----