Home > Security > Advisories

Advisories

Mandriva Advisories

Package name playmidi
Date January 19th, 2005
Advisory ID MDKSA-2005:010
Affected versions 10.0, 10.1, CS3.0
Synopsis Updated playmidi packages fix buffer overflow vulnerability

Problem Description

Erik Sjolund discovered a buffer overflow in playmidi that could be
exploited by a local attacker if installed setuid root. Note that by
default Mandrakelinux does not ship playmidi installed setuid root.

Updated Packages

Mandrakelinux 10.0

 11b39014c3c354c549f4b510d0e59ad5  10.0/RPMS/playmidi-2.5-3.1.100mdk.i586.rpm
930ad98832bc68b4f2d97cde16fbb589  10.0/RPMS/playmidi-X11-2.5-3.1.100mdk.i586.rpm
ac2bef9ddcba160bf52f9a883c759fdf  10.0/SRPMS/playmidi-2.5-3.1.100mdk.src.rpm

Mandrakelinux 10.0/AMD64

 629089b1281e17784bd3fc4d69d8424a  amd64/10.0/RPMS/playmidi-2.5-3.1.100mdk.amd64.rpm
d8cf76271cfab47e597090400c32ca4a  amd64/10.0/RPMS/playmidi-X11-2.5-3.1.100mdk.amd64.rpm
ac2bef9ddcba160bf52f9a883c759fdf  amd64/10.0/SRPMS/playmidi-2.5-3.1.100mdk.src.rpm

Mandrakelinux 10.1

 1be61eeb85b0c916771fc5a834691835  10.1/RPMS/playmidi-2.5-3.1.101mdk.i586.rpm
e43429abba5378ab18d5d8cb1b61c345  10.1/RPMS/playmidi-X11-2.5-3.1.101mdk.i586.rpm
c1958aeb4fe6a620b43c90581c5cbef8  10.1/SRPMS/playmidi-2.5-3.1.101mdk.src.rpm

Mandrakelinux 10.1/X86_64

 acbe49ee3b86227a0757cd8ebf7b1d08  x86_64/10.1/RPMS/playmidi-2.5-3.1.101mdk.x86_64.rpm
3f1bd829359d1d5b26d879ca3ed20c8b  x86_64/10.1/RPMS/playmidi-X11-2.5-3.1.101mdk.x86_64.rpm
c1958aeb4fe6a620b43c90581c5cbef8  x86_64/10.1/SRPMS/playmidi-2.5-3.1.101mdk.src.rpm

Corporate Server 3.0

 ee62926bf969895976b99bafb79d12a6  corporate/3.0/RPMS/playmidi-2.5-3.1.C30mdk.i586.rpm
983da3f98fd776bdeb484ce6228e8a8d  corporate/3.0/RPMS/playmidi-X11-2.5-3.1.C30mdk.i586.rpm
70a3be81e9afce9341faf9ce61e7e60a  corporate/3.0/SRPMS/playmidi-2.5-3.1.C30mdk.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0020

Upgrade

To upgrade automatically, use MandrivaUpdate.


Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm
                

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.