News

=========================================================== Ubuntu Security Notice USN-363-1 October 11, 2006 libmusicbrainz-2.0, libmusicbrainz-2.1 vulnerability CVE-2006-4197 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.04 Ubuntu 5.10 Ubuntu 6.06 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 5.04: libmusicbrainz2 2.0.2-10ubuntu1.1 libmusicbrainz4 2.1.1-3ubuntu1.1 Ubuntu 5.10: libmusicbrainz2c2 2.0.2-10ubuntu2.1 libmusicbrainz4c2 2.1.1-3ubuntu3.1 Ubuntu 6.06 LTS: libmusicbrainz4c2a 2.1.2-2ubuntu3.1 After a standard system upgrade you need to restart your session to effect the necessary changes. Details follow: Luigi Auriemma discovered multiple buffer overflows in libmusicbrainz. When a user made queries to MusicBrainz servers, it was possible for malicious servers, or man-in-the-middle systems posing as servers, to send a crafted reply to the client request and remotely gain access to the user's system with the user's privileges.