Jump to content
Compatible Support Forums
Sign in to follow this  
Followers 0
news

=?UTF-8?Q?HEXUS.channel_-_analysis_::_AMD_and_Havok_=E2=80=93_Jon_Peddie_?= =?UTF-8?Q?speaks?=

By news, in Upcoming News

Recommended Posts

news    28

news
Posted

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

 

- ------------------------------------------------------------------------

Debian Security Advisory DSA-1597-1 security ( -at -) debian.org

http://www.debian.org/security/ Devin Carraway

June 12, 2008 http://www.debian.org/security/faq

- ------------------------------------------------------------------------

 

Package : mt-daapd

Vulnerability : multiple vulnerabilities

Problem type : remote

Debian-specific: no

CVE Id(s) : CVE-2007-5824 CVE-2007-5825 CVE-2008-1771

Debian Bug : 459961 476241

 

Three vulnerabilities have been discovered in the mt-daapd DAAP audio

server (also known as the Firefly Media Server). The Common

Vulnerabilities and Exposures project identifies the following three

problems:

 

CVE-2007-5824

 

Insufficient validation and bounds checking of the Authorization:

HTTP header enables a heap buffer overflow, potentially enabling

the execution of arbitrary code.

 

CVE-2007-5825

 

Format string vulnerabilities in debug logging within the

authentication of XML-RPC requests could enable the execution of

arbitrary code.

 

CVE-2008-1771

 

An integer overflow weakness in the handling of HTTP POST

variables could allow a heap buffer overflow and potentially

arbitrary code execution.

 

For the stable distribution (etch), these problems have been fixed in

version 0.2.4+r1376-1.1+etch1.

 

For the unstable distribution (sid), these problems have been fixed in

version 0.9~r1696-1.3.

 

We recommend that you upgrade your mt-daapd package.

 

Upgrade instructions

- --------------------

 

wget url

will fetch the file for you

dpkg -i file.deb

will install the referenced file.

 

If you are using the apt-get package manager, use the line for

sources.list as given below:

 

apt-get update

will update the internal database

apt-get upgrade

will install corrected packages

 

You may use an automated update by adding the resources from the

footer to the proper configuration.

 

 

Debian GNU/Linux 4.0 alias etch

- -------------------------------

 

Source archives:

 

http://security.debian.org/pool/updates/main/m/mt-daapd/mt-daapd_0.2.4+r1376-1.1+etch1.dsc

Size/MD5 checksum: 765 a303c40811df75fd395c28485d038ceb

http://security.debian.org/pool/updates/main/m/mt-daapd/mt-daapd_0.2.4+r1376-1.1+etch1.diff.gz

Size/MD5 checksum: 8929 a565dacb5773182a44b367b6c78a0da8

http://security.debian.org/pool/updates/main/m/mt-daapd/mt-daapd_0.2.4+r1376.orig.tar.gz

Size/MD5 checksum: 995301 c427c26e93914290b7cd615835ea333a

 

alpha architecture (DEC Alpha)

 

http://security.debian.org/pool/updates/main/m/mt-daapd/mt-daapd_0.2.4+r1376-1.1+etch1_alpha.deb

Size/MD5 checksum: 637280 653700658a98af964ca5fabf5ff4086b

 

amd64 architecture (AMD x86_64 (AMD64))

 

http://security.debian.org/pool/updates/main/m/mt-daapd/mt-daapd_0.2.4+r1376-1.1+etch1_amd64.deb

Size/MD5 checksum: 610844 9297976354240c5a75b2c3636fe0746d

 

arm architecture (ARM)

 

http://security.debian.org/pool/updates/main/m/mt-daapd/mt-daapd_0.2.4+r1376-1.1+etch1_arm.deb

Size/MD5 checksum: 593834 58ccb78ac69ba94fff63580d19abec49

 

hppa architecture (HP PA RISC)

 

http://security.debian.org/pool/updates/main/m/mt-daapd/mt-daapd_0.2.4+r1376-1.1+etch1_hppa.deb

Size/MD5 checksum: 628712 9424c2f2edb35321b05a59d7ef37b0d8

 

i386 architecture (Intel ia32)

 

http://security.debian.org/pool/updates/main/m/mt-daapd/mt-daapd_0.2.4+r1376-1.1+etch1_i386.deb

Size/MD5 checksum: 598872 3ffa9c84c8fac6542b0ee05ff0bb26a0

 

ia64 architecture (Intel ia64)

 

http://security.debian.org/pool/updates/main/m/mt-daapd/mt-daapd_0.2.4+r1376-1.1+etch1_ia64.deb

Size/MD5 checksum: 680088 e8135a0ad1e70a95e4d0d6eafe475303

 

mips architecture (MIPS (Big Endian))

 

http://security.debian.org/pool/updates/main/m/mt-daapd/mt-daapd_0.2.4+r1376-1.1+etch1_mips.deb

Size/MD5 checksum: 620220 156fd7841ebbf48977ffbc5dd1df35e6

 

mipsel architecture (MIPS (Little Endian))

 

http://security.debian.org/pool/updates/main/m/mt-daapd/mt-daapd_0.2.4+r1376-1.1+etch1_mipsel.deb

Size/MD5 checksum: 615246 fcc02299e63b17c6d29621769a79efd8

 

powerpc architecture (PowerPC)

 

http://security.debian.org/pool/updates/main/m/mt-daapd/mt-daapd_0.2.4+r1376-1.1+etch1_powerpc.deb

Size/MD5 checksum: 620258 959237abd21efeb7b486bb092ad81d5e

 

s390 architecture (IBM S/390)

 

http://security.debian.org/pool/updates/main/m/mt-daapd/mt-daapd_0.2.4+r1376-1.1+etch1_s390.deb

Size/MD5 checksum: 623142 a74cec69d272a1ba4fe9d232b992b572

 

sparc architecture (Sun SPARC/UltraSPARC)

 

http://security.debian.org/pool/updates/main/m/mt-daapd/mt-daapd_0.2.4+r1376-1.1+etch1_sparc.deb

Size/MD5 checksum: 595390 6eb767c6fb3d4a12448928f31754f0c5

 

 

These files will probably be moved into the stable distribution on

its next update.

 

- ---------------------------------------------------------------------------------

For apt-get: deb http://security.debian.org/ stable/updates main

For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main

 

 

Share this post

Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  
Followers 0
Go To Topic Listing Upcoming News
×