Upstream information

CVE-2006-4197 at MITRE

Description

Multiple buffer overflows in libmusicbrainz (aka mb_client or MusicBrainz Client Library) 2.1.2 and earlier, and SVN 8406 and earlier, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) a long Location header by the HTTP server, which triggers an overflow in the MBHttp::Download function in lib/http.cpp; and (2) a long URL in RDF data, as demonstrated by a URL in an rdf:resource field in an RDF XML document, which triggers overflows in many functions in lib/rdfparse.c.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having important severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 7.5
Vector AV:N/AC:L/Au:N/C:P/I:P/A:P
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial
SUSE Bugzilla entry: 199134 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Desktop 12
  • libmusicbrainz4 >= 2.1.5-27.86
Patchnames:
SUSE Linux Enterprise Desktop 12 GA libmusicbrainz4
SUSE Linux Enterprise Desktop 12 SP1
  • libmusicbrainz4 >= 2.1.5-27.86
Patchnames:
SUSE Linux Enterprise Desktop 12 SP1 GA libmusicbrainz4
SUSE Linux Enterprise Desktop 12 SP2
  • libmusicbrainz4 >= 2.1.5-27.86
Patchnames:
SUSE Linux Enterprise Desktop 12 SP2 GA libmusicbrainz4
SUSE Linux Enterprise Desktop 12 SP3
  • libmusicbrainz4 >= 2.1.5-27.86
Patchnames:
SUSE Linux Enterprise Desktop 12 SP3 GA libmusicbrainz4
SUSE Linux Enterprise Server 11 SP1
  • libmusicbrainz4 >= 2.1.5-5.18
Patchnames:
SUSE Linux Enterprise Server 11 SP1 GA libmusicbrainz4
SUSE Linux Enterprise Server 11 SP2
  • libmusicbrainz4 >= 2.1.5-5.18
Patchnames:
SUSE Linux Enterprise Server 11 SP2 GA libmusicbrainz4
SUSE Linux Enterprise Server 11 SP3
  • libmusicbrainz4 >= 2.1.5-5.18
Patchnames:
SUSE Linux Enterprise Server 11 SP3 GA libmusicbrainz4
SUSE Linux Enterprise Server 11 SP4
  • libmusicbrainz4 >= 2.1.5-5.18
Patchnames:
SUSE Linux Enterprise Server 11 SP4 GA libmusicbrainz4
SUSE Linux Enterprise Server 12
  • libmusicbrainz4 >= 2.1.5-27.86
Patchnames:
SUSE Linux Enterprise Server 12 GA libmusicbrainz4
SUSE Linux Enterprise Server 12 SP1
  • libmusicbrainz4 >= 2.1.5-27.86
Patchnames:
SUSE Linux Enterprise Server 12 SP1 GA libmusicbrainz4
SUSE Linux Enterprise Server 12 SP2
  • libmusicbrainz4 >= 2.1.5-27.86
Patchnames:
SUSE Linux Enterprise Server 12 SP2 GA libmusicbrainz4
SUSE Linux Enterprise Server 12 SP3
  • libmusicbrainz4 >= 2.1.5-27.86
Patchnames:
SUSE Linux Enterprise Server 12 SP3 GA libmusicbrainz4
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
  • libmusicbrainz4 >= 2.1.5-27.79
Patchnames:
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 GA libmusicbrainz4
SUSE Linux Enterprise Software Development Kit 11 SP4
  • libmusicbrainz-devel >= 2.1.5-5.18
Patchnames:
SUSE Linux Enterprise Software Development Kit 11 SP4 GA libmusicbrainz-devel
SUSE Linux Enterprise Software Development Kit 12
  • libmusicbrainz-devel >= 2.1.5-27.86
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 GA libmusicbrainz-devel
SUSE Linux Enterprise Software Development Kit 12 SP1
  • libmusicbrainz-devel >= 2.1.5-27.86
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP1 GA libmusicbrainz-devel
SUSE Linux Enterprise Software Development Kit 12 SP2
  • libmusicbrainz-devel >= 2.1.5-27.86
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP2 GA libmusicbrainz-devel
SUSE Linux Enterprise Software Development Kit 12 SP3
  • libmusicbrainz-devel >= 2.1.5-27.86
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP3 GA libmusicbrainz-devel
Novell Linux Desktop 9 for x86
Novell Linux Desktop 9 for x86_64
  • libmusicbrainz >= 2.0.2-110.4
core9.x86
sles10.s390x
core9.s390
sles10.x86
ZYPP Patch Nr: 2042
SLES SDK 9 for IBM S/390 and IBM zSeries
SLES SDK 9 for IBM iSeries and IBM pSeries
SLES SDK 9 for IBM zSeries
SLES SDK 9 for IPF
SLES SDK 9 for X86-64
SLES SDK 9 for x86
  • libmusicbrainz >= 2.0.2-110.4
  • libmusicbrainz-devel >= 2.0.2-0.1
core9.x86
sles10.s390x
core9.s390
sles10.x86
ZYPP Patch Nr: 2042
SUSE LINUX 10.0
  • libmusicbrainz >= 2.1.1-6.2
  • libmusicbrainz-devel >= 2.1.1-6.2
SUSE LINUX 10.1
  • libmusicbrainz >= 2.1.2-12.5
  • libmusicbrainz-devel >= 2.1.2-12.5
SUSE LINUX 9.2
  • libmusicbrainz >= 2.1.1-3.2
  • libmusicbrainz-devel >= 2.1.1-3.2
SUSE LINUX 9.3
  • libmusicbrainz >= 2.1.1-4.2
  • libmusicbrainz-devel >= 2.1.1-4.2
openSUSE Leap 42.1
  • libmusicbrainz-devel >= 2.1.5-29.1
  • libmusicbrainz4 >= 2.1.5-29.1
Patchnames:
openSUSE Leap 42.1 GA libmusicbrainz-devel
openSUSE Leap 42.2
  • libmusicbrainz-devel >= 2.1.5-30.4
  • libmusicbrainz4 >= 2.1.5-30.4
Patchnames:
openSUSE Leap 42.2 GA libmusicbrainz-devel
openSUSE Leap 42.3
  • libmusicbrainz-devel >= 2.1.5-32.4
  • libmusicbrainz4 >= 2.1.5-32.4
Patchnames:
openSUSE Leap 42.3 GA libmusicbrainz-devel