Fedora 7 Update: id3lib-3.8.3-17.fc7 - The Community's Center for Security


The central voice for Linux and Open Source security news

Welcome!

Sign up!

EnGarde Community

Polls

How strictly do your users obey your security policies?

	To the letter.
	For the most part.
	When it suits them.
	By chance.
	Not at all.

Advisories

Community

Linux Events

Linux User Groups

Link to Us

Security Center

Book Reviews

Security Dictionary

Security Tips

SELinux

White Papers

Featured Blogs

Emily Ratliff: OS Security

DanWalsh LiveJournal

Security Bloggers Network

Latest Newsletters

Linux Security Week: December 1st, 2008

Linux Advisory Watch: November 28th, 2008

LinuxSecurity Newsletters

RSS Feeds

Get the LinuxSecurity news you want faster with RSS

Fedora 7 Update: id3lib-3.8.3-17.fc7

User Rating:

How can I rate this item?

Posted by Benjamin D. Thomas

This security update fixes a (minor) tempfile creation security issue (CVE-2007-4460) by using mkstemp (bugzilla 253553)

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2007-1774
2007-08-23 22:40:53.379091
--------------------------------------------------------------------------------

Name        : id3lib
Product     : Fedora 7
Version     : 3.8.3
Release     : 17.fc7
Summary     : Library for manipulating ID3v1 and ID3v2 tags
Description :
This package provides a software library for manipulating ID3v1 and
ID3v2 tags. It provides a convenient interface for software developers
to include standards-compliant ID3v1/2 tagging capabilities in their
applications. Features include identification of valid tags, automatic
size conversions, (re)synchronisation of tag frames, seamless tag
(de)compression, and optional padding facilities. Additionally, it can
tell mp3 header info, like bitrate etc.

--------------------------------------------------------------------------------
Update Information:

This security update fixes a (minor) tempfile creation security issue (CVE-2007-4460) by using mkstemp (bugzilla 253553)

--------------------------------------------------------------------------------
ChangeLog:

* Mon Aug 20 2007 Hans de Goede  3.8.3-17
- Use mkstemp instead of insecure tempfile creation (bz 253553)
* Mon Aug 13 2007 Hans de Goede  3.8.3-16
- Update License tag for new Licensing Guidelines compliance
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #253553
        https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=253553
  [ 2 ] CVE-2007-4460
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4460
--------------------------------------------------------------------------------
Updated packages:

e6b3087e4bbf2dfa8dd88f41b6ea9877992e386f id3lib-3.8.3-17.fc7.ppc64.rpm
5dbd4f22a208836933133c1c0fb241c939394dc0 id3lib-debuginfo-3.8.3-17.fc7.ppc64.rpm
6be196648013797251adfeaae6b52720c25f94d4 id3lib-devel-3.8.3-17.fc7.ppc64.rpm
c4cc4c16f97561fae3a5f70330ab7964c1640969 id3lib-3.8.3-17.fc7.i386.rpm
2b5ae4415358b2c59247b264b3b1d1a99cbd2b9a id3lib-devel-3.8.3-17.fc7.i386.rpm
0f2544b47b544b9e8ca54e19c21ed2b2b3a210d4 id3lib-debuginfo-3.8.3-17.fc7.i386.rpm
037f38b2988545ad440c5174a7313c4fec58f0f1 id3lib-debuginfo-3.8.3-17.fc7.x86_64.rpm
ab54ab72585de3a83ef4b7502e04e57dfe6e4ab7 id3lib-3.8.3-17.fc7.x86_64.rpm
e167543feb1561e259edbcc0e49cf63487ed2eb1 id3lib-devel-3.8.3-17.fc7.x86_64.rpm
f836a7b9b33c183fc6009d611c1efd1dee4a0876 id3lib-3.8.3-17.fc7.ppc.rpm
7e2badfdca50550fdf15d0f467d4c5e4843a7e7b id3lib-debuginfo-3.8.3-17.fc7.ppc.rpm
cdfa2d1d118b41d394278f4330a63f7b47bf46ea id3lib-devel-3.8.3-17.fc7.ppc.rpm
3a9864090c09df3d7aa82eeacb6adaff2ec19592 id3lib-3.8.3-17.fc7.src.rpm

This update can be installed with the 'yum' update program.  Use 'yum update
package-name' at the command line.  For more information, refer to 'Managing
Software with yum,' available at http://docs.fedoraproject.org/yum/.
--------------------------------------------------------------------------------

_______________________________________________
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-announce

< Prev		Next >

Partner:

Latest Features

A Secure Nagios Server

Never Installed a Firewall on Ubuntu? Try Firestarter

Review: Hacking Exposed Linux, Third Edition

Security Features of Firefox 3.0

Review: The Book of Wireless

April 2008 Open Source Tool of the Month: sudo

Open Source Tool of March: ZoneMinder

Yesterday's Edition

Linux Role in Botnets Studied

10 Mistakes New Linux Administrators Make

QuickLinks: Comunity , HOWTOs , Blogs , Features , Book Reviews , Networking ,
Security Projects , Latest News , Newsletters , SELinux , Privacy , Home,
Hardening , About Us, Advertise, Legal Notice, RSS, Guardian Digital