LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: September 19th, 2014
Linux Security Week: September 15th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Debian: New id3lib3.8.3 packages fix denial of service Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Debian Nikolaus Schulz discovered that a programming error in id3lib, an ID3 Tag Library, may lead to denial of service through symlink attacks.
- --------------------------------------------------------------------------
Debian Security Advisory DSA 1365-1                    security@debian.org
http://www.debian.org/security/                         Moritz Muehlenhoff
September 1st, 2007                     http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : id3lib3.8.3
Vulnerability  : programming error
Problem-Type   : local
Debian-specific: no
CVE ID         : CVE-2007-4460
Debian Bug     : 438540

Nikolaus Schulz discovered that a programming error in id3lib, an ID3 Tag
Library, may lead to denial of service through symlink attacks.

For the oldstable distribution (sarge) this problem has been fixed in
version 3.8.3-4.1sarge1.

Due to a technical limitation in the archive management scripts the fix
for the stable distribution (etch) can only be released in a few days.

For the unstable distribution (sid) this problem has been fixed in
version 3.8.3-7.

We recommend that you upgrade your id3lib3.8.3 packages.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/i/id3lib3.8.3/id3lib3.8.3_3.8.3-4.1sarge1.dsc
      Size/MD5 checksum:      655 94eda5191994c0dbe0146a85a9e94737
    http://security.debian.org/pool/updates/main/i/id3lib3.8.3/id3lib3.8.3_3.8.3-4.1sarge1.diff.gz
      Size/MD5 checksum:   134382 b45300bc3341dbedf90f4c593462794f
    http://security.debian.org/pool/updates/main/i/id3lib3.8.3/id3lib3.8.3_3.8.3.orig.tar.gz
      Size/MD5 checksum:   950726 19f27ddd2dda4b2d26a559a4f0f402a7

  Alpha architecture:

    http://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3_3.8.3-4.1sarge1_alpha.deb
      Size/MD5 checksum:   200738 a089ad12c4ddd30a4f6fdb340b3c9c26
    http://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3-dev_3.8.3-4.1sarge1_alpha.deb
      Size/MD5 checksum:   358668 6a3178d16f20a2a4228133a0f692d197

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3_3.8.3-4.1sarge1_amd64.deb
      Size/MD5 checksum:   190378 90cfc4e6ab66afc0618946eda78ce66d
    http://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3-dev_3.8.3-4.1sarge1_amd64.deb
      Size/MD5 checksum:   295174 79e8d0882c54ffceabff4b4b527317cb

  ARM architecture:

    http://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3_3.8.3-4.1sarge1_arm.deb
      Size/MD5 checksum:   204106 ae12d537affbc35f82517dbba061b332
    http://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3-dev_3.8.3-4.1sarge1_arm.deb
      Size/MD5 checksum:   322872 607fdb462573a9d022338c5f011363e0

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3_3.8.3-4.1sarge1_hppa.deb
      Size/MD5 checksum:   213312 5279c3416cd3d0c301439a8de2b70ee7
    http://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3-dev_3.8.3-4.1sarge1_hppa.deb
      Size/MD5 checksum:   349392 28751fdfecf730380b111537646cac03

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3_3.8.3-4.1sarge1_i386.deb
      Size/MD5 checksum:   180852 10afd005f77c934946d1bcaf04998d92
    http://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3-dev_3.8.3-4.1sarge1_i386.deb
      Size/MD5 checksum:   258526 3bb1cb543f6b2ab1a4985dfa536dd3e5

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3_3.8.3-4.1sarge1_ia64.deb
      Size/MD5 checksum:   214970 eb496451fad3c40a54f55dd55ff0e4d9
    http://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3-dev_3.8.3-4.1sarge1_ia64.deb
      Size/MD5 checksum:   371532 2a339fa9b2d875dccf416dc648b5d11a

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3_3.8.3-4.1sarge1_m68k.deb
      Size/MD5 checksum:   190796 9d8b6bb6f224470ea1ac92d92015ad95
    http://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3-dev_3.8.3-4.1sarge1_m68k.deb
      Size/MD5 checksum:   263074 a5747d036e6df6f1170e8c2607cb632d

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3_3.8.3-4.1sarge1_mips.deb
      Size/MD5 checksum:   197400 144d3525c130676898f379e6ab26c804
    http://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3-dev_3.8.3-4.1sarge1_mips.deb
      Size/MD5 checksum:   317716 31cde74a7a1328f63ce17907c539791a

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3_3.8.3-4.1sarge1_mipsel.deb
      Size/MD5 checksum:   186678 2f8a8cdbf9a89b49fb43164b248d9196
    http://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3-dev_3.8.3-4.1sarge1_mipsel.deb
      Size/MD5 checksum:   315966 eb8fd5f5e78b9a0537dca9b5eb5d0f27

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3_3.8.3-4.1sarge1_powerpc.deb
      Size/MD5 checksum:   189040 0eb109d6c6864a912de8396b2fb7be31
    http://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3-dev_3.8.3-4.1sarge1_powerpc.deb
      Size/MD5 checksum:   296638 4c113a84cfe17cc506043e26e6b6f094

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3_3.8.3-4.1sarge1_s390.deb
      Size/MD5 checksum:   192592 d897e59ae0f1fe48a5e64bdb8c006416
    http://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3-dev_3.8.3-4.1sarge1_s390.deb
      Size/MD5 checksum:   313664 84727122d6fae1d78f35ecdd3f2beefe

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3_3.8.3-4.1sarge1_sparc.deb
      Size/MD5 checksum:   184716 52c13bfcb58b41b2ce0456c046194bf4
    http://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3-dev_3.8.3-4.1sarge1_sparc.deb
      Size/MD5 checksum:   279552 edc8e1d5d6f4f7d7beac85e81b29cdd3

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.