To: [email protected]Subject: [ MDVSA-2009:093 ] mpg123
Date: Wed, 22 Apr 2009 10:06:00 +0200
From: [email protected]
Reply-To: <xsecurity@mandriva.com.>
Message-Id: <E1LwXSz-0001Kh-0S@titan.mandriva.com.>
X-Virus-Scanned: antivirus-gw at tyumen.ru
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2009:093
http://www.mandriva.com/security/
_______________________________________________________________________
Package : mpg123
Date : April 22, 2009
Affected: 2008.1, 2009.0
_______________________________________________________________________
Problem Description:
A vulnerability has been found and corrected in mpg123:
Integer signedness error in the store_id3_text function in the
ID3v2 code in mpg123 before 1.7.2 allows remote attackers to cause a
denial of service (out-of-bounds memory access) and possibly execute
arbitrary code via an ID3 tag with a negative encoding value. NOTE:
some of these details are obtained from third party information
(CVE-2009-1301).
The updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1301
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.1:
841bd47d2b98cea2d6599b06b8f37941 2008.1/i586/libmpg123_0-1.3.0-2.1mdv2008.1.i586.rpm
e12f7c088f18cd8bb23fbe020110c549 2008.1/i586/libmpg123-devel-1.3.0-2.1mdv2008.1.i586.rpm
b34bad8d5898df44ac1d0bec68e89177 2008.1/i586/mpg123-1.3.0-2.1mdv2008.1.i586.rpm
07e785c76d1966af59261e15444c7bd5 2008.1/i586/mpg123-arts-1.3.0-2.1mdv2008.1.i586.rpm
4062000a7af212ca1966207ffbe5801e 2008.1/i586/mpg123-esd-1.3.0-2.1mdv2008.1.i586.rpm
1bba6b00c83a8286d025af3610ca3aae 2008.1/i586/mpg123-jack-1.3.0-2.1mdv2008.1.i586.rpm
ca8cecc89792bb9a642eea1cb998b6ed 2008.1/i586/mpg123-nas-1.3.0-2.1mdv2008.1.i586.rpm
06d2112fd4e1ee796b58449344e68c62 2008.1/i586/mpg123-portaudio-1.3.0-2.1mdv2008.1.i586.rpm
6b59b19a0762c7758e95886ab0beee84 2008.1/i586/mpg123-pulse-1.3.0-2.1mdv2008.1.i586.rpm
e8a971e1baabaaa3b537bf09a41a60a9 2008.1/i586/mpg123-sdl-1.3.0-2.1mdv2008.1.i586.rpm
7f2b01f872bef312145e9457d40915e0 2008.1/SRPMS/mpg123-1.3.0-2.1mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64:
80de2daf3547f24a55b11eb4081d8764 2008.1/x86_64/lib64mpg123_0-1.3.0-2.1mdv2008.1.x86_64.rpm
f316f27f7c2649ab4a11d370fdd77a57 2008.1/x86_64/lib64mpg123-devel-1.3.0-2.1mdv2008.1.x86_64.rpm
fbf5a5cb6f12573a918cc65087aaf886 2008.1/x86_64/mpg123-1.3.0-2.1mdv2008.1.x86_64.rpm
ff1337fe890fd39ba17e78446d594501 2008.1/x86_64/mpg123-arts-1.3.0-2.1mdv2008.1.x86_64.rpm
45cbe7842f7ad497d5a199e1b0965682 2008.1/x86_64/mpg123-esd-1.3.0-2.1mdv2008.1.x86_64.rpm
603a552d7c630b8978976dd685cd26b5 2008.1/x86_64/mpg123-jack-1.3.0-2.1mdv2008.1.x86_64.rpm
9921ffe979eabac108a1a36e4b0d5dd2 2008.1/x86_64/mpg123-nas-1.3.0-2.1mdv2008.1.x86_64.rpm
68a74b613c67555f17784d5c4713648c 2008.1/x86_64/mpg123-portaudio-1.3.0-2.1mdv2008.1.x86_64.rpm
72a05a1eebcc661707399d8d6f331ba1 2008.1/x86_64/mpg123-pulse-1.3.0-2.1mdv2008.1.x86_64.rpm
c8c753e156be443afba158363dd3e39a 2008.1/x86_64/mpg123-sdl-1.3.0-2.1mdv2008.1.x86_64.rpm
7f2b01f872bef312145e9457d40915e0 2008.1/SRPMS/mpg123-1.3.0-2.1mdv2008.1.src.rpm
Mandriva Linux 2009.0:
55d2e58aac27199d56fafa090f304e1d 2009.0/i586/libmpg123_0-1.5.1-1.1mdv2009.0.i586.rpm
12c5fd3ed53e3acde2fd864adb71f3a2 2009.0/i586/libmpg123-devel-1.5.1-1.1mdv2009.0.i586.rpm
bdd8379acaf7ee7ae7cab0f33171894e 2009.0/i586/mpg123-1.5.1-1.1mdv2009.0.i586.rpm
1cf33578ede2faf231beb65ba87d44f6 2009.0/i586/mpg123-arts-1.5.1-1.1mdv2009.0.i586.rpm
fb3a2408082c979e8c0113f4f75bd2ae 2009.0/i586/mpg123-esd-1.5.1-1.1mdv2009.0.i586.rpm
6cf812ce20e713b3348da94148591531 2009.0/i586/mpg123-jack-1.5.1-1.1mdv2009.0.i586.rpm
cf104d9c646ad25aa3f8fdfe2397d7a1 2009.0/i586/mpg123-nas-1.5.1-1.1mdv2009.0.i586.rpm
25deb84bde82e41deb31bfa2baaa081a 2009.0/i586/mpg123-portaudio-1.5.1-1.1mdv2009.0.i586.rpm
278145ef704f391efa4d47b1b6560797 2009.0/i586/mpg123-pulse-1.5.1-1.1mdv2009.0.i586.rpm
12249c606e9091db23e7e8679cc62a59 2009.0/i586/mpg123-sdl-1.5.1-1.1mdv2009.0.i586.rpm
33c0c1eca9214ae675ee64e5f60a5680 2009.0/SRPMS/mpg123-1.5.1-1.1mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
55456399081d421116e15fb5c6142047 2009.0/x86_64/lib64mpg123_0-1.5.1-1.1mdv2009.0.x86_64.rpm
61ee85441821a474afc3c5bbc078fe3a 2009.0/x86_64/lib64mpg123-devel-1.5.1-1.1mdv2009.0.x86_64.rpm
a6862814757d750351cf2e5ae2a63513 2009.0/x86_64/mpg123-1.5.1-1.1mdv2009.0.x86_64.rpm
9dd1fe35d257e3b572f62a1b84973539 2009.0/x86_64/mpg123-arts-1.5.1-1.1mdv2009.0.x86_64.rpm
9c3352756eb2d47674b78c06d64af245 2009.0/x86_64/mpg123-esd-1.5.1-1.1mdv2009.0.x86_64.rpm
6861a571d67491f5f682f28ba20791b0 2009.0/x86_64/mpg123-jack-1.5.1-1.1mdv2009.0.x86_64.rpm
d68a98de48576e1ae59ff7416310722d 2009.0/x86_64/mpg123-nas-1.5.1-1.1mdv2009.0.x86_64.rpm
41300cdbaecbb9076be86523c02fcd02 2009.0/x86_64/mpg123-portaudio-1.5.1-1.1mdv2009.0.x86_64.rpm
f5cfbb7a0924144907727d3243dc36bb 2009.0/x86_64/mpg123-pulse-1.5.1-1.1mdv2009.0.x86_64.rpm
7a4befb77ac872c102d62b479729c4bf 2009.0/x86_64/mpg123-sdl-1.5.1-1.1mdv2009.0.x86_64.rpm
33c0c1eca9214ae675ee64e5f60a5680 2009.0/SRPMS/mpg123-1.5.1-1.1mdv2009.0.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFJ7qQEmqjQ0CJFipgRAnQaAJ9IYBt9io4Hoyc6DgGQU5JeISRAcACgq5I0
uYhyYA9o/xPZaC6JwH9irQQ=
=st9Z
-----END PGP SIGNATURE-----