[Bug 200370] Security Vulnerability: CVE-2006-3668

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.

Summary: Security Vulnerability: CVE-2006-3668


https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=200370


j.w.r.degoede@xxxxxx changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |ASSIGNED
           Severity|normal                      |high
           Priority|normal                      |high
                 CC|                            |fedora-security-
                   |                            |list@xxxxxxxxxx




------- Additional Comments From j.w.r.degoede@xxxxxx  2006-07-27 03:47 EST -------
Woops, hit enter too soon. Ah well.

This is mainly a tracker bug, since I (the reporter) am also the maintainer. The
subject says most, a security vulnerability in dumb has been found and
catagories as CVE-2006-3668.

Description from CVE:
Heap-based buffer overflow in the it_read_envelope function in Dynamic Universal
Music Bibliotheque (DUMB) 0.9.3 and earlier, and current CVS as of 20060716,
allows user-complicit attackers to execute arbitrary code via a ".it" (Impulse
Tracker) file with an enveloper with a large number of nodes.

Description from DSA:
Luigi Auriemma discovered that DUMB, a tracker music library, performs
insufficient sanitising of values parsed from IT music files, which might
lead to a buffer overflow and execution of arbitrary code if manipulated
files are read.

Debian has a fix, I'm currently test building a new version with this fix.


-- 
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

--
Fedora-security-list mailing list
Fedora-security-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-security-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Coolkey]

  Powered by Linux