Debians sikkerhedsbulletin

DSA-1665-1 libcdaudio -- heap-overløb

Rapporteret den:
12. nov 2008
Berørte pakker:
libcdaudio
Sårbar:
Ja
Referencer i sikkerhedsdatabaser:
I Mitres CVE-ordbog: CVE-2008-5030.
Yderligere oplysninger:

Man har opdaget, at et heap-overløb i CDDB-hentningskoden i libcdaudio, et bibliotek til kontrol af et cd-rom-drev ved afspilning af lyd-cd'er, kunne medføre udførelse af vilkårlig kode.

I den stabile distribution (etch), er dette problem rettet i version 0.99.12p2-2+etch1. En pakke til hppa vil senere blive stillet til rådighed.

I den kommende stabile distribution (lenny) og i den ustabile distribution (sid), er dette problem rettet i version 0.99.12p2-7.

Vi anbefaler at du opgraderer dine libcdaudio-pakker.

Rettet i:

Debian GNU/Linux 4.0 (etch)

Kildekode:
http://security.debian.org/pool/updates/main/libc/libcdaudio/libcdaudio_0.99.12p2-2+etch1.dsc
http://security.debian.org/pool/updates/main/libc/libcdaudio/libcdaudio_0.99.12p2-2+etch1.diff.gz
http://security.debian.org/pool/updates/main/libc/libcdaudio/libcdaudio_0.99.12p2.orig.tar.gz
Alpha:
http://security.debian.org/pool/updates/main/libc/libcdaudio/libcdaudio1_0.99.12p2-2+etch1_alpha.deb
http://security.debian.org/pool/updates/main/libc/libcdaudio/libcdaudio-dev_0.99.12p2-2+etch1_alpha.deb
AMD64:
http://security.debian.org/pool/updates/main/libc/libcdaudio/libcdaudio1_0.99.12p2-2+etch1_amd64.deb
http://security.debian.org/pool/updates/main/libc/libcdaudio/libcdaudio-dev_0.99.12p2-2+etch1_amd64.deb
ARM:
http://security.debian.org/pool/updates/main/libc/libcdaudio/libcdaudio1_0.99.12p2-2+etch1_arm.deb
http://security.debian.org/pool/updates/main/libc/libcdaudio/libcdaudio-dev_0.99.12p2-2+etch1_arm.deb
Intel IA-32:
http://security.debian.org/pool/updates/main/libc/libcdaudio/libcdaudio1_0.99.12p2-2+etch1_i386.deb
http://security.debian.org/pool/updates/main/libc/libcdaudio/libcdaudio-dev_0.99.12p2-2+etch1_i386.deb
Intel IA-64:
http://security.debian.org/pool/updates/main/libc/libcdaudio/libcdaudio1_0.99.12p2-2+etch1_ia64.deb
http://security.debian.org/pool/updates/main/libc/libcdaudio/libcdaudio-dev_0.99.12p2-2+etch1_ia64.deb
Big-endian MIPS:
http://security.debian.org/pool/updates/main/libc/libcdaudio/libcdaudio-dev_0.99.12p2-2+etch1_mips.deb
http://security.debian.org/pool/updates/main/libc/libcdaudio/libcdaudio1_0.99.12p2-2+etch1_mips.deb
Little-endian MIPS:
http://security.debian.org/pool/updates/main/libc/libcdaudio/libcdaudio-dev_0.99.12p2-2+etch1_mipsel.deb
http://security.debian.org/pool/updates/main/libc/libcdaudio/libcdaudio1_0.99.12p2-2+etch1_mipsel.deb
PowerPC:
http://security.debian.org/pool/updates/main/libc/libcdaudio/libcdaudio-dev_0.99.12p2-2+etch1_powerpc.deb
http://security.debian.org/pool/updates/main/libc/libcdaudio/libcdaudio1_0.99.12p2-2+etch1_powerpc.deb
IBM S/390:
http://security.debian.org/pool/updates/main/libc/libcdaudio/libcdaudio-dev_0.99.12p2-2+etch1_s390.deb
http://security.debian.org/pool/updates/main/libc/libcdaudio/libcdaudio1_0.99.12p2-2+etch1_s390.deb
Sun Sparc:
http://security.debian.org/pool/updates/main/libc/libcdaudio/libcdaudio-dev_0.99.12p2-2+etch1_sparc.deb
http://security.debian.org/pool/updates/main/libc/libcdaudio/libcdaudio1_0.99.12p2-2+etch1_sparc.deb

MD5-kontrolsummer for de listede filer findes i den originale sikkerhedsbulletin.