Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Advisory Watch: March 27th, 2015
Linux Security Week: March 23rd, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Debian: New id3lib3.8.3 packages fix denial of service Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Debian Nikolaus Schulz discovered that a programming error in id3lib, an ID3 Tag Library, may lead to denial of service through symlink attacks.
- --------------------------------------------------------------------------
Debian Security Advisory DSA 1365-1                                   Moritz Muehlenhoff
September 1st, 2007           
- --------------------------------------------------------------------------

Package        : id3lib3.8.3
Vulnerability  : programming error
Problem-Type   : local
Debian-specific: no
CVE ID         : CVE-2007-4460
Debian Bug     : 438540

Nikolaus Schulz discovered that a programming error in id3lib, an ID3 Tag
Library, may lead to denial of service through symlink attacks.

For the oldstable distribution (sarge) this problem has been fixed in
version 3.8.3-4.1sarge1.

Due to a technical limitation in the archive management scripts the fix
for the stable distribution (etch) can only be released in a few days.

For the unstable distribution (sid) this problem has been fixed in
version 3.8.3-7.

We recommend that you upgrade your id3lib3.8.3 packages.

Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:
      Size/MD5 checksum:      655 94eda5191994c0dbe0146a85a9e94737
      Size/MD5 checksum:   134382 b45300bc3341dbedf90f4c593462794f
      Size/MD5 checksum:   950726 19f27ddd2dda4b2d26a559a4f0f402a7

  Alpha architecture:
      Size/MD5 checksum:   200738 a089ad12c4ddd30a4f6fdb340b3c9c26
      Size/MD5 checksum:   358668 6a3178d16f20a2a4228133a0f692d197

  AMD64 architecture:
      Size/MD5 checksum:   190378 90cfc4e6ab66afc0618946eda78ce66d
      Size/MD5 checksum:   295174 79e8d0882c54ffceabff4b4b527317cb

  ARM architecture:
      Size/MD5 checksum:   204106 ae12d537affbc35f82517dbba061b332
      Size/MD5 checksum:   322872 607fdb462573a9d022338c5f011363e0

  HP Precision architecture:
      Size/MD5 checksum:   213312 5279c3416cd3d0c301439a8de2b70ee7
      Size/MD5 checksum:   349392 28751fdfecf730380b111537646cac03

  Intel IA-32 architecture:
      Size/MD5 checksum:   180852 10afd005f77c934946d1bcaf04998d92
      Size/MD5 checksum:   258526 3bb1cb543f6b2ab1a4985dfa536dd3e5

  Intel IA-64 architecture:
      Size/MD5 checksum:   214970 eb496451fad3c40a54f55dd55ff0e4d9
      Size/MD5 checksum:   371532 2a339fa9b2d875dccf416dc648b5d11a

  Motorola 680x0 architecture:
      Size/MD5 checksum:   190796 9d8b6bb6f224470ea1ac92d92015ad95
      Size/MD5 checksum:   263074 a5747d036e6df6f1170e8c2607cb632d

  Big endian MIPS architecture:
      Size/MD5 checksum:   197400 144d3525c130676898f379e6ab26c804
      Size/MD5 checksum:   317716 31cde74a7a1328f63ce17907c539791a

  Little endian MIPS architecture:
      Size/MD5 checksum:   186678 2f8a8cdbf9a89b49fb43164b248d9196
      Size/MD5 checksum:   315966 eb8fd5f5e78b9a0537dca9b5eb5d0f27

  PowerPC architecture:
      Size/MD5 checksum:   189040 0eb109d6c6864a912de8396b2fb7be31
      Size/MD5 checksum:   296638 4c113a84cfe17cc506043e26e6b6f094

  IBM S/390 architecture:
      Size/MD5 checksum:   192592 d897e59ae0f1fe48a5e64bdb8c006416
      Size/MD5 checksum:   313664 84727122d6fae1d78f35ecdd3f2beefe

  Sun Sparc architecture:
      Size/MD5 checksum:   184716 52c13bfcb58b41b2ce0456c046194bf4
      Size/MD5 checksum:   279552 edc8e1d5d6f4f7d7beac85e81b29cdd3

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list:
< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Tech Companies, Privacy Advocates Call for NSA Reform
Google warns of unauthorized TLS certificates trusted by almost all OSes
How Kevin Mitnick hacked the audience at CeBIT 2015
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.