From security@peachtree.burdell.org Tue Apr 26 16:01:12 2005 From: Peachtree Linux Security Team To: peachlnx-security@lists.sourceforge.net, bugtraq@securityfocus.com Date: Mon, 25 Apr 2005 22:14:11 -0400 Subject: [PLSN-0007] new libcdaudio package available --------------------------------------------------------------------------- Peachtree Linux Security Notice PLSN-0007 April 22, 2005 Remote DoS and possible code execution in libcdaudio CAN-2005-0706 --------------------------------------------------------------------------- The following Peachtree Linux releases are affected: Peachtree Linux release 1 ("Atlanta") Description: CAN-2005-0706: Buffer overflow in CDDB result handling allows attackers to cause a denial of service (crash) and possible execute arbitrary code by causing the cddb lookup to return more matches than expected. (NOTE: This vulnerability was originally found to affect grip. We do not ship grip, but Mandriva found that the vulnerability affected libcdaudio and gnome-vfs.) Packages: alpha 7087c543031ed7c2799b047b4d8b2c24 libcdaudio-0.99.4.alpha.dist i386 ca2ca9a7677148641f5c598be1d330b1 libcdaudio-0.99.4.i686.dist ppc f22c18b50e37e31437ba3ad44fc09d1e libcdaudio-0.99.4.ppc.dist Solution: Download the appropriate package for your release of Peachtree linux. Upgrade your system to the new package: distadd -u packagename Where package name is the name of the package file from the list above. -- Peachtree Linux Security Team http://peachtree.burdell.org/ [ Part 2, Application/PGP-SIGNATURE 196bytes. ] [ Unable to print this part. ]