=========================================================== 
Ubuntu Security Notice USN-363-1           October 11, 2006
libmusicbrainz-2.0, libmusicbrainz-2.1 vulnerability
CVE-2006-4197
==========================================================
A security issue affects the following Ubuntu releases:

Ubuntu 5.04
Ubuntu 5.10
Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.04:
  libmusicbrainz2                          2.0.2-10ubuntu1.1
  libmusicbrainz4                          2.1.1-3ubuntu1.1

Ubuntu 5.10:
  libmusicbrainz2c2                        2.0.2-10ubuntu2.1
  libmusicbrainz4c2                        2.1.1-3ubuntu3.1

Ubuntu 6.06 LTS:
  libmusicbrainz4c2a                       2.1.2-2ubuntu3.1

After a standard system upgrade you need to restart your session to 
effect the necessary changes.

Details follow:

Luigi Auriemma discovered multiple buffer overflows in libmusicbrainz. 
When a user made queries to MusicBrainz servers, it was possible for 
malicious servers, or man-in-the-middle systems posing as servers, to 
send a crafted reply to the client request and remotely gain access to 
the user's system with the user's privileges.


Updated packages for Ubuntu 5.04:

  Source archives:

          Size/MD5:   168870 b39d7c7a1912a6e3619da89175ad8056
          Size/MD5:      773 ff16d05dd42cd50e801637eb9de65146
          Size/MD5:   583123 28226090a5bf5bc844634e1d4faf6334
          Size/MD5:     4538 2ddbf3ddd61228d37f4d3f240085ae31
          Size/MD5:      665 0735e7ca6fc54820abdd6811c64f116c
          Size/MD5:   528162 4f753d93a85cf413e00f1394b8cbd269

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

          Size/MD5:   151662 11a3cc0c08f3b603589016fcf74183cd
          Size/MD5:   106520 8551ca098d9d24759805d7e4ef817600
          Size/MD5:   116038 7f005799f60ce18c4174e06266330094
          Size/MD5:    80294 b93244958f39ebd190726ce07071c616
          Size/MD5:     4968 efc242400b66eb329a7c35d00f75b6bd
          Size/MD5:    23832 473051ed63ea5e977f3c96657bd69d7e
          Size/MD5:    23832 e9ea4ed17012d0a55955e6804005c700

  i386 architecture (x86 compatible Intel/AMD)

          Size/MD5:   144048 b3954219a2a25e12081bf701c9c7d262
          Size/MD5:   107440 979e2695515ebff93ca8651f66c0b97d
          Size/MD5:   109176 471c3ab6d33af47f641c70bdde8b7367
          Size/MD5:    81894 4fcf7b5e1cbfb6b22114ba2da84aba8f
          Size/MD5:     4966 3522899dea68ef3f32aab0af0487bf68
          Size/MD5:    22534 82336abec98bfaf2ed8baa7ea354d7cf
          Size/MD5:    22534 f10158279f2840c5d06c17eaee3e63cb

  powerpc architecture (Apple Macintosh G3/G4/G5)

          Size/MD5:   158040 51bdd73d1e8fb0b9c228b6d4bdfd010e
          Size/MD5:   109394 2e132b1255942fbe39483d1a2aee94fc
          Size/MD5:   119924 cb7ac6b85efc94c069f67169b456b62a
          Size/MD5:    82274 a3e711a3288ab7dd0ebd03e0da193ca5
          Size/MD5:     4974 6ab5ccd52d78f91a7694bc109f4ffe23
          Size/MD5:    24240 a388e8a87c30c69d3a4342ee5eee0725
          Size/MD5:    24244 a05936e73dff9d55191c3fb24822174a

Updated packages for Ubuntu 5.10:

  Source archives:

          Size/MD5:   168947 301e4cfa379ea66dba7ad75256f20889
          Size/MD5:      775 07607b028e9a30e78dacad8ba622ee2b
          Size/MD5:   583123 28226090a5bf5bc844634e1d4faf6334
          Size/MD5:     4853 2cefa371c36bb82d865e931f8e0d4777
          Size/MD5:      667 e92b8c31891b4c304a6e7eb08e107459
          Size/MD5:   528162 4f753d93a85cf413e00f1394b8cbd269

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

          Size/MD5:   192246 b4dfd9372f0883cc3bae32724ee96057
          Size/MD5:   120796 b78832f039c5b7b78d3b713c5698eef2
          Size/MD5:   152844 f48f3b6462fc0b3255072a02238bc780
          Size/MD5:    93126 5613b343111dc3b258659ff17d15a9ad
          Size/MD5:     5016 8ca87e8500e99dbdee59130eb11541f7
          Size/MD5:    23874 1464ad12a7554aafbad3bce22409b610
          Size/MD5:    23882 e03e5970e6bb965504c3729bdd57674c

  i386 architecture (x86 compatible Intel/AMD)

          Size/MD5:   169122 8acd0cd0cc8f1a6d611a115c8e04ca70
          Size/MD5:   113114 d57228b6da6623ebd35377d23218dbe7
          Size/MD5:   132278 388dacaabf2aa2222ef7c08c9ed9b3af
          Size/MD5:    86676 04f176ea8fa687f19591e8fcbf376d89
          Size/MD5:     5014 6b920aa49b6d6b8d8c771122f1ac2b26
          Size/MD5:    22084 f8415cb058689f4ff24fffaa680688fb
          Size/MD5:    22082 6e516c82a755b72c59510ea34e02e4d9

  powerpc architecture (Apple Macintosh G3/G4/G5)

          Size/MD5:   180764 e03c7f8e114935a8fac7a33661c0b372
          Size/MD5:   117868 b0302b5f2558b3c616e591ad06ad57c8
          Size/MD5:   142316 e321a117c60b47c03f5287ada70f118f
          Size/MD5:    89666 98ebc39b9d19ed549d71af64aced626b
          Size/MD5:     5018 18ab8ea4435f05279ce876067e5acb63
          Size/MD5:    24152 0f5f0daef10ce86cf6fa396ea7c13ae6
          Size/MD5:    24152 7145c52167a4a48178b0d5f67d8f5bd4

  sparc architecture (Sun SPARC/UltraSPARC)

          Size/MD5:   166434 98b9dd0c1202bca21bcdfd3e60b35677
          Size/MD5:   109348 cec623045b25b16d6dd0eea7e13a1855
          Size/MD5:   127836 ac1d658976791c435caa55c4348a204c
          Size/MD5:    82154 5f8a5e03173e84876aa4bf3f82792a23
          Size/MD5:     5018 98a0dd92524409b675b0d83df6ccfc77
          Size/MD5:    22030 4404e3655dd3bcf36faf50876f8d2626
          Size/MD5:    22030 822c4fdc6d61210a6fa5521c79ba72c1

Updated packages for Ubuntu 6.06 LTS:

  Source archives:

          Size/MD5:   124892 882c932b9256f64665b1d3235ef9478a
          Size/MD5:      673 1c48d04024553e1465ba29b473805d94
          Size/MD5:   481243 fb0ee09c74381fe9403277854bbc5cef

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

          Size/MD5:   124778 e56776aa602a8604cf9719b81cc4fd1b
          Size/MD5:    89400 25409403b244c8d42e1d5870f2d4ffe0

  i386 architecture (x86 compatible Intel/AMD)

          Size/MD5:   113336 58e35258895c157e9e4041d364c8cd18
          Size/MD5:    85798 ad6b8f6af72f2b25e6f793e02d125598

  powerpc architecture (Apple Macintosh G3/G4/G5)

          Size/MD5:   126426 661e5a16c4584bc6b44acd2600be4f47
          Size/MD5:    89094 82e2cf74de961de6749fcacca8fd5684

  sparc architecture (Sun SPARC/UltraSPARC)

          Size/MD5:   115240 6d83140bab78a81bc792e0c34f1a5f7a
          Size/MD5:    81790 8e9104c8d33b135fe87fb0770443258b



--gDGSpKKIBgtShtf+
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFFLR5iH/9LqRcGPm0RAqBcAJ9NxLY2FsvxXlBoL29GVWtrsfIAhwCfaRyy
t/ogzW8WVaY1n0XxCgTZL+0=qMnx
-----END PGP SIGNATURE-------gDGSpKKIBgtShtf+--
--==============!04720042=Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--==============!04720042==--

Ubuntu: libmusicbrainz vulnerability

October 16, 2006
Luigi Auriemma discovered multiple buffer overflows in libmusicbrainz

Summary

Update Instructions

References

Severity
Ubuntu Security Notice USN-363-1 October 11, 2006

Package Information

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved