Upstream information
Description
Multiple buffer overflows in libmusicbrainz (aka mb_client or MusicBrainz Client Library) 2.1.2 and earlier, and SVN 8406 and earlier, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) a long Location header by the HTTP server, which triggers an overflow in the MBHttp::Download function in lib/http.cpp; and (2) a long URL in RDF data, as demonstrated by a URL in an rdf:resource field in an RDF XML document, which triggers overflows in many functions in lib/rdfparse.c.SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having important severity.
| National Vulnerability Database | |
|---|---|
| Base Score | 7.5 |
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Access Vector | Network |
| Access Complexity | Low |
| Authentication | None |
| Confidentiality Impact | Partial |
| Integrity Impact | Partial |
| Availability Impact | Partial |
SUSE Security Advisories:
- SUSE-SR:2006:025, published Fri, 27 Oct 2006 15:00:00 +0000
List of released packages
| Product(s) | Fixed package version(s) | References |
|---|---|---|
| SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 |
| Patchnames: SUSE Linux Enterprise Software Development Kit 11 SP4 GA libmusicbrainz-devel-2.1.5-5.18 |
| SUSE Linux Enterprise Desktop 12 SP1 |
| Patchnames: SUSE Linux Enterprise Desktop 12 SP1 GA libmusicbrainz4-2.1.5-27.86 SUSE Linux Enterprise Software Development Kit 12 SP1 GA libmusicbrainz-devel-2.1.5-27.86 |
| SUSE Linux Enterprise Desktop 12 SP2 |
| Patchnames: SUSE Linux Enterprise Desktop 12 SP2 GA libmusicbrainz4-2.1.5-27.86 SUSE Linux Enterprise Software Development Kit 12 SP2 GA libmusicbrainz-devel-2.1.5-27.79 |
| SUSE Linux Enterprise Desktop 12 SP3 |
| Patchnames: SUSE Linux Enterprise Desktop 12 SP3 GA libmusicbrainz4-2.1.5-27.86 SUSE Linux Enterprise Software Development Kit 12 SP3 GA libmusicbrainz-devel-2.1.5-27.79 |
| SUSE Linux Enterprise Desktop 12 SP4 |
| Patchnames: SUSE Linux Enterprise Desktop 12 SP4 GA libmusicbrainz4-2.1.5-27.86 SUSE Linux Enterprise Software Development Kit 12 SP4 GA libmusicbrainz-devel-2.1.5-27.79 |
| SUSE Linux Enterprise Desktop 12 |
| Patchnames: SUSE Linux Enterprise Desktop 12 GA libmusicbrainz4-2.1.5-27.86 SUSE Linux Enterprise Software Development Kit 12 GA libmusicbrainz-devel-2.1.5-27.86 |
| SUSE Linux Enterprise High Performance Computing 12 SP5 |
| Patchnames: SUSE Linux Enterprise High Performance Computing 12 SP5 GA libmusicbrainz4-2.1.5-27.79 |
| SUSE Linux Enterprise Server 11 SP1 |
| Patchnames: SUSE Linux Enterprise Server 11 SP1 GA libmusicbrainz4-2.1.5-5.18 |
| SUSE Linux Enterprise Server 11 SP2 |
| Patchnames: SUSE Linux Enterprise Server 11 SP2 GA libmusicbrainz4-2.1.5-5.18 |
| SUSE Linux Enterprise Server 11 SP3 |
| Patchnames: SUSE Linux Enterprise Server 11 SP3 GA libmusicbrainz4-2.1.5-5.18 |
| SUSE Linux Enterprise Server 11 SP4 |
| Patchnames: SUSE Linux Enterprise Server 11 SP4 GA libmusicbrainz4-2.1.5-5.18 SUSE Linux Enterprise Software Development Kit 11 SP4 GA libmusicbrainz-devel-2.1.5-5.18 |
| SUSE Linux Enterprise Server 12 SP1 |
| Patchnames: SUSE Linux Enterprise Server 12 SP1 GA libmusicbrainz4-2.1.5-27.86 SUSE Linux Enterprise Software Development Kit 12 SP1 GA libmusicbrainz-devel-2.1.5-27.86 |
| SUSE Linux Enterprise Server 12 SP2 |
| Patchnames: SUSE Linux Enterprise Server 12 SP2 GA libmusicbrainz4-2.1.5-27.79 SUSE Linux Enterprise Software Development Kit 12 SP2 GA libmusicbrainz-devel-2.1.5-27.79 |
| SUSE Linux Enterprise Server 12 SP3 |
| Patchnames: SUSE Linux Enterprise Server 12 SP3 GA libmusicbrainz4-2.1.5-27.79 SUSE Linux Enterprise Software Development Kit 12 SP3 GA libmusicbrainz-devel-2.1.5-27.79 |
| SUSE Linux Enterprise Server 12 SP4 |
| Patchnames: SUSE Linux Enterprise Server 12 SP4 GA libmusicbrainz4-2.1.5-27.79 SUSE Linux Enterprise Software Development Kit 12 SP4 GA libmusicbrainz-devel-2.1.5-27.79 |
| SUSE Linux Enterprise Server 12 SP5 |
| Patchnames: SUSE Linux Enterprise Server 12 SP5 GA libmusicbrainz4-2.1.5-27.79 SUSE Linux Enterprise Software Development Kit 12 SP5 GA libmusicbrainz-devel-2.1.5-27.79 |
| SUSE Linux Enterprise Server 12 |
| Patchnames: SUSE Linux Enterprise Server 12 GA libmusicbrainz4-2.1.5-27.79 SUSE Linux Enterprise Software Development Kit 12 GA libmusicbrainz-devel-2.1.5-27.86 |
| SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 |
| Patchnames: SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 GA libmusicbrainz4-2.1.5-27.79 |
| SUSE Linux Enterprise Server for SAP Applications 12 SP1 SUSE Linux Enterprise Software Development Kit 12 SP1 |
| Patchnames: SUSE Linux Enterprise Software Development Kit 12 SP1 GA libmusicbrainz-devel-2.1.5-27.86 |
| SUSE Linux Enterprise Server for SAP Applications 12 SP2 SUSE Linux Enterprise Software Development Kit 12 SP2 |
| Patchnames: SUSE Linux Enterprise Software Development Kit 12 SP2 GA libmusicbrainz-devel-2.1.5-27.79 |
| SUSE Linux Enterprise Server for SAP Applications 12 SP3 SUSE Linux Enterprise Software Development Kit 12 SP3 |
| Patchnames: SUSE Linux Enterprise Software Development Kit 12 SP3 GA libmusicbrainz-devel-2.1.5-27.79 |
| SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 |
| Patchnames: SUSE Linux Enterprise Software Development Kit 12 SP4 GA libmusicbrainz-devel-2.1.5-27.79 |
| SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE Linux Enterprise Software Development Kit 12 SP5 |
| Patchnames: SUSE Linux Enterprise Software Development Kit 12 SP5 GA libmusicbrainz-devel-2.1.5-27.79 |
| SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Software Development Kit 12 |
| Patchnames: SUSE Linux Enterprise Software Development Kit 12 GA libmusicbrainz-devel-2.1.5-27.86 |
SUSE Timeline for this CVE
CVE page created: Fri Jun 28 05:09:24 2013CVE page last modified: Sat Jun 15 20:34:56 2024