Advisories

Mandriva Advisories

Package name	libcdaudio1
Date	April 20th, 2005
Advisory ID	MDKSA-2005:075
Affected versions	10.1, CS3.0, 10.2
Synopsis	Updated libcdaudio1 packages fix vulnerability

Problem Description

A buffer overflow bug was found by Joseph VanAndel in the way that grip
handles data returned by CDDB servers. If a user connected to a
malicious CDDB server, an attacker could execute arbitrary code on the
user's machine. This same vulnerability is present in the libcdaudio1
code.

The updated packages have been patched to correct these issues.

Updated Packages

Mandrakelinux 10.1

 6b6b43013c8594c16da0cf2a9ec2f2fd  10.1/RPMS/libcdaudio1-0.99.10-1.1.101mdk.i586.rpm
229ee3bc3f3ebfb85a482380d32a63c7  10.1/RPMS/libcdaudio1-devel-0.99.10-1.1.101mdk.i586.rpm
b4986769b509c34bbf80a465cd628261  10.1/SRPMS/libcdaudio1-0.99.10-1.1.101mdk.src.rpm

Mandrakelinux 10.1/X86_64

 e7cb79b96945b05b6d65f7dc1f0823aa  x86_64/10.1/RPMS/lib64cdaudio1-0.99.10-1.1.101mdk.x86_64.rpm
434e689a7ced3a5592f1c519e6f3e3ad  x86_64/10.1/RPMS/lib64cdaudio1-devel-0.99.10-1.1.101mdk.x86_64.rpm
b4986769b509c34bbf80a465cd628261  x86_64/10.1/SRPMS/libcdaudio1-0.99.10-1.1.101mdk.src.rpm

Corporate Server 3.0

 49fa757ff390c91bbe7a4e0b7a680896  corporate/3.0/RPMS/libcdaudio1-0.99.9-1.1.C30mdk.i586.rpm
fd66c86e5c78d3f62972ade197ee853f  corporate/3.0/RPMS/libcdaudio1-devel-0.99.9-1.1.C30mdk.i586.rpm
cbfab4f961b261dfed335d754e2d29d3  corporate/3.0/SRPMS/libcdaudio1-0.99.9-1.1.C30mdk.src.rpm

Corporate Server 3.0/X86_64

 f0898885e18312e1b7fb7db408543a76  x86_64/corporate/3.0/RPMS/libcdaudio1-0.99.9-1.1.C30mdk.x86_64.rpm
211e09953905bb39582e80f73f26863e  x86_64/corporate/3.0/RPMS/libcdaudio1-devel-0.99.9-1.1.C30mdk.x86_64.rpm
cbfab4f961b261dfed335d754e2d29d3  x86_64/corporate/3.0/SRPMS/libcdaudio1-0.99.9-1.1.C30mdk.src.rpm

Mandriva Linux LE2005

 ee21e09a1917573c3af0cd27dd5a4dbd  10.2/RPMS/libcdaudio1-0.99.10-2.1.102mdk.i586.rpm
f045fee3533042555b6f59a813f345de  10.2/RPMS/libcdaudio1-devel-0.99.10-2.1.102mdk.i586.rpm
b7d2b5021a3d5a86a65f46590107461c  10.2/SRPMS/libcdaudio1-0.99.10-2.1.102mdk.src.rpm

Mandriva Linux LE2005/X86_64

 febb2d2983baf1fd010c366ea6d9eba8  x86_64/10.2/RPMS/lib64cdaudio1-0.99.10-2.1.102mdk.x86_64.rpm
b6fa99c0e8ad0352200b8294215193ef  x86_64/10.2/RPMS/lib64cdaudio1-devel-0.99.10-2.1.102mdk.x86_64.rpm
b7d2b5021a3d5a86a65f46590107461c  x86_64/10.2/SRPMS/libcdaudio1-0.99.10-2.1.102mdk.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0706

Upgrade

To upgrade automatically, use MandrivaUpdate.

Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.

URL:

https://mandriva.com/security/advisories

Short link:

https://mandriva.com/content/view/full/1075

Intersites Menu

Mandriva

Tools

Top menu

Advisories

Footer