fedora-security/extras-errata/errata FEDORA-EXTRAS-2006-003, 1.2, 1.3
Ville Skytta (scop)
fedora-extras-commits at redhat.com
Mon Jul 31 19:09:11 UTC 2006
Author: scop
Update of /cvs/fedora/fedora-security/extras-errata/errata
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv13378
Modified Files:
FEDORA-EXTRAS-2006-003
Log Message:
Update from Hans.
Index: FEDORA-EXTRAS-2006-003
===================================================================
RCS file: /cvs/fedora/fedora-security/extras-errata/errata/FEDORA-EXTRAS-2006-003,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- FEDORA-EXTRAS-2006-003 28 Jul 2006 16:11:36 -0000 1.2
+++ FEDORA-EXTRAS-2006-003 31 Jul 2006 19:09:09 -0000 1.3
@@ -2,19 +2,30 @@
Fedora Update Notification
FEDORA-EXTRAS-2006-003
---------------------------------------------------------------------
-Product: Fedora Extras [4 5]
+Product: Fedora Extras [5 devel]
Name: dumb
-Version:
-Release:
-Summary:
+Version: 0.9.3
+Release: 4
+Summary: IT, XM, S3M and MOD player library
Description:
-
+IT, XM, S3M and MOD player library. Mainly targeted for use with the
+allegro game programming library, but it can be used without allegro.
+Faithful to the original trackers, especially IT.
---------------------------------------------------------------------
Update Information:
CVE ID: CVE-2006-3668
-<Fill me in>
+Luigi Auriemma discovered that DUMB, a tracker music library, performs
+insufficient sanitising of values parsed from IT music files. This could
+result in a heap-based buffer overflow in the it_read_envelope function
+in Dynamic Universal Music Bibliotheque (DUMB) 0.9.3 and earlier and
+current CVS as of 20060716, including libdumb, allows user-complicit
+attackers to execute arbitrary code via a ".it" (Impulse Tracker) file
+with an envelope with a large number of nodes.
+
+Fedora Extras versions 0.9.3-3 and earlier are vulnerable to this
+upgrade to 0.9.3-4 to fix this vulnerability.
---------------------------------------------------------------------
This update can be installed with the 'yum' update program. Use 'yum
More information about the fedora-extras-commits
mailing list