• info
• discussion
• exploit
• solution
• references

libcdaudio 'cddb.c' Remote Heap Buffer Overflow Vulnerability

Solution:
Updates are available. Please see the references for more information.


Mandriva Linux Mandrake 2008.1 x86_64

• Mandriva lib64cdaudio1-0.99.12-5.1mdv2008.1.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva lib64cdaudio1-devel-0.99.12-5.1mdv2008.1.x86_64.rpm
  http://www.mandriva.com/en/download/

Debian Linux 4.0 arm

• Debian libcdaudio-dev_0.99.12p2-2+etch1_arm.deb
  http://security.debian.org/pool/updates/main/libc/libcdaudio/libcdaudi o-dev_0.99.12p2-2+etch1_arm.deb


• Debian libcdaudio1_0.99.12p2-2+etch1_arm.deb
  http://security.debian.org/pool/updates/main/libc/libcdaudio/libcdaudi o1_0.99.12p2-2+etch1_arm.deb

Mandriva Linux Mandrake 2008.1

• Mandriva libcdaudio1-0.99.12-5.1mdv2008.1.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva libcdaudio1-devel-0.99.12-5.1mdv2008.1.i586.rpm
  http://www.mandriva.com/en/download/

Debian Linux 4.0 powerpc

• Debian libcdaudio-dev_0.99.12p2-2+etch1_powerpc.deb
  http://security.debian.org/pool/updates/main/libc/libcdaudio/libcdaudi o-dev_0.99.12p2-2+etch1_powerpc.deb


• Debian libcdaudio1_0.99.12p2-2+etch1_powerpc.deb
  http://security.debian.org/pool/updates/main/libc/libcdaudio/libcdaudi o1_0.99.12p2-2+etch1_powerpc.deb

Mandriva Linux Mandrake 2008.0 x86_64

• Mandriva lib64cdaudio1-0.99.12-4.1mdv2008.0.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva lib64cdaudio1-devel-0.99.12-4.1mdv2008.0.x86_64.rpm
  http://www.mandriva.com/en/download/

Mandriva Linux Mandrake 2008.0

• Mandriva libcdaudio1-0.99.12-4.1mdv2008.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva libcdaudio1-devel-0.99.12-4.1mdv2008.0.i586.rpm
  http://www.mandriva.com/en/download/

Debian Linux 4.0 amd64

• Debian libcdaudio-dev_0.99.12p2-2+etch1_amd64.deb
  http://security.debian.org/pool/updates/main/libc/libcdaudio/libcdaudi o-dev_0.99.12p2-2+etch1_amd64.deb


• Debian libcdaudio1_0.99.12p2-2+etch1_amd64.deb
  http://security.debian.org/pool/updates/main/libc/libcdaudio/libcdaudi o1_0.99.12p2-2+etch1_amd64.deb

Debian Linux 4.0 ia-32

• Debian libcdaudio-dev_0.99.12p2-2+etch1_i386.deb
  http://security.debian.org/pool/updates/main/libc/libcdaudio/libcdaudi o-dev_0.99.12p2-2+etch1_i386.deb


• Debian libcdaudio1_0.99.12p2-2+etch1_i386.deb
  http://security.debian.org/pool/updates/main/libc/libcdaudio/libcdaudi o1_0.99.12p2-2+etch1_i386.deb

Debian Linux 4.0 sparc

• Debian libcdaudio-dev_0.99.12p2-2+etch1_sparc.deb
  http://security.debian.org/pool/updates/main/libc/libcdaudio/libcdaudi o-dev_0.99.12p2-2+etch1_sparc.deb


• Debian libcdaudio1_0.99.12p2-2+etch1_sparc.deb
  http://security.debian.org/pool/updates/main/libc/libcdaudio/libcdaudi o1_0.99.12p2-2+etch1_sparc.deb

Debian Linux 4.0 s/390

• Debian libcdaudio-dev_0.99.12p2-2+etch1_s390.deb
  http://security.debian.org/pool/updates/main/libc/libcdaudio/libcdaudi o-dev_0.99.12p2-2+etch1_s390.deb


• Debian libcdaudio1_0.99.12p2-2+etch1_s390.deb
  http://security.debian.org/pool/updates/main/libc/libcdaudio/libcdaudi o1_0.99.12p2-2+etch1_s390.deb

Mandriva Linux Mandrake 2009.0

• Mandriva libcdaudio1-0.99.12-6.1mdv2009.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva libcdaudio1-devel-0.99.12-6.1mdv2009.0.i586.rpm
  http://www.mandriva.com/en/download/

Debian Linux 4.0 alpha

• Debian libcdaudio-dev_0.99.12p2-2+etch1_alpha.deb
  http://security.debian.org/pool/updates/main/libc/libcdaudio/libcdaudi o-dev_0.99.12p2-2+etch1_alpha.deb


• Debian libcdaudio1_0.99.12p2-2+etch1_alpha.deb
  http://security.debian.org/pool/updates/main/libc/libcdaudio/libcdaudi o1_0.99.12p2-2+etch1_alpha.deb

Mandriva Linux Mandrake 2009.0 x86_64

• Mandriva lib64cdaudio1-0.99.12-6.1mdv2009.0.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva lib64cdaudio1-devel-0.99.12-6.1mdv2009.0.x86_64.rpm
  http://www.mandriva.com/en/download/

Debian Linux 4.0 mipsel

• Debian libcdaudio-dev_0.99.12p2-2+etch1_mipsel.deb
  http://security.debian.org/pool/updates/main/libc/libcdaudio/libcdaudi o-dev_0.99.12p2-2+etch1_mipsel.deb


• Debian libcdaudio1_0.99.12p2-2+etch1_mipsel.deb
  http://security.debian.org/pool/updates/main/libc/libcdaudio/libcdaudi o1_0.99.12p2-2+etch1_mipsel.deb

Debian Linux 4.0 ia-64

• Debian libcdaudio-dev_0.99.12p2-2+etch1_ia64.deb
  http://security.debian.org/pool/updates/main/libc/libcdaudio/libcdaudi o-dev_0.99.12p2-2+etch1_ia64.deb


• Debian libcdaudio1_0.99.12p2-2+etch1_ia64.deb
  http://security.debian.org/pool/updates/main/libc/libcdaudio/libcdaudi o1_0.99.12p2-2+etch1_ia64.deb

Debian Linux 4.0 mips

• Debian libcdaudio-dev_0.99.12p2-2+etch1_mips.deb
  http://security.debian.org/pool/updates/main/libc/libcdaudio/libcdaudi o-dev_0.99.12p2-2+etch1_mips.deb


• Debian libcdaudio1_0.99.12p2-2+etch1_mips.deb
  http://security.debian.org/pool/updates/main/libc/libcdaudio/libcdaudi o1_0.99.12p2-2+etch1_mips.deb

MandrakeSoft Corporate Server 3.0 x86_64

• Mandriva libcdaudio1-0.99.9-1.2.C30mdk.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva libcdaudio1-devel-0.99.9-1.2.C30mdk.x86_64.rpm
  http://www.mandriva.com/en/download/

MandrakeSoft Corporate Server 3.0

• Mandriva libcdaudio1-0.99.9-1.2.C30mdk.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva libcdaudio1-devel-0.99.9-1.2.C30mdk.i586.rpm
  http://www.mandriva.com/en/download/