Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

MDKSA-2004:100 - Updated mpg123 packages fix vulnerabilities

from [Mandrake Linux Security Team] Network Security [Permanent Link]
Subject: MDKSA-2004:100 - Updated mpg123 packages fix vulnerabilities
Date: 22 Sep 2004 21:15:02 -0000 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                 Mandrakelinux Security Update Advisory
 _______________________________________________________________________

 Package name:           mpg123
 Advisory ID:            MDKSA-2004:100
 Date:                   September 22nd, 2004

 Affected versions:      10.0, 9.2, Corporate Server 2.1
 ______________________________________________________________________

 Problem Description:

 A vulnerability in mpg123 was discovered by Davide Del Vecchio where
 certain malicious mpg3/2 files would cause mpg123 to fail header
 checks, which could in turn allow arbitrary code to be executed with
 the privileges of the user running mpg123 (CAN-2004-0805).
 
 As well, an older vulnerability in mpg123, where a response from a
 remote HTTP server could overflow a buffer allocated on the heap, is
 also fixed in these packages.  This vulnerability could also
 potentially permit the execution of arbitray code with the privileges
 of the user running mpg123 (CAN-2003-0865).
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0865
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0805
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 0b5270c11943064f9c0f7374f63cdc4c  10.0/RPMS/mpg123-0.59r-21.1.100mdk.i586.rpm
 8661f67e88ebc2821d4c5e212236465d  10.0/SRPMS/mpg123-0.59r-21.1.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 f6e601b01a3c8b24279b3465e784829a  
amd64/10.0/RPMS/mpg123-0.59r-21.1.100mdk.amd64.rpm
 8661f67e88ebc2821d4c5e212236465d  
amd64/10.0/SRPMS/mpg123-0.59r-21.1.100mdk.src.rpm

 Corporate Server 2.1:
 714d75b86c7a99c40f522cc45f69d136  
corporate/2.1/RPMS/mpg123-0.59r-21.1.C21mdk.i586.rpm
 cba666174f4117e7776c9baa04f8983a  
corporate/2.1/SRPMS/mpg123-0.59r-21.1.C21mdk.src.rpm

 Corporate Server 2.1/x86_64:
 f7279fee83461fa06a9bbcc904b0ead2  
x86_64/corporate/2.1/RPMS/mpg123-0.59r-21.1.C21mdk.x86_64.rpm
 cba666174f4117e7776c9baa04f8983a  
x86_64/corporate/2.1/SRPMS/mpg123-0.59r-21.1.C21mdk.src.rpm

 Mandrakelinux 9.2:
 afe98cf7c89affb136b7048b3f387583  9.2/RPMS/mpg123-0.59r-21.1.92mdk.i586.rpm
 21a4273e29d60f0e79a5092b7713301b  9.2/SRPMS/mpg123-0.59r-21.1.92mdk.src.rpm

 Mandrakelinux 9.2/AMD64:
 590153b9ca949f851903d6010ced9ae8  
amd64/9.2/RPMS/mpg123-0.59r-21.1.92mdk.amd64.rpm
 21a4273e29d60f0e79a5092b7713301b  
amd64/9.2/SRPMS/mpg123-0.59r-21.1.92mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandrakesoft for security.  You can obtain
 the GPG public key of the Mandrakelinux Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandrakelinux at:

  http://www.mandrakesoft.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFBUetWmqjQ0CJFipgRAlD8AJ9tY/3Soi6fKJqVRG7vRTDPhNBBuwCfYeXN
kX4V4dICCQtnTE2+3w4g03g=
=AKOr
-----END PGP SIGNATURE-----
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • MDKSA-2004:100 - Updated mpg123 packages fix vulnerabilities, Mandrake Linux Security Team <=
Previous by Date:  Re: ICMP spoofed source tunneling, Dave Paris
Next by Date:  RE: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, David Querin
Previous by Thread:  Multiple Vulnerabilities in Symantec Enterprise Firewall/Gateway Security Products, Mike Sues
Next by Thread:  [Full-Disclosure] Multiple vulnerabilities in ActivePost Standard 3.1, Luigi Auriemma
Indexes:  [Date] [Thread] [Top] [All Lists]