[3684] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

XMCD v2.1 released (was: Security Problems in XMCD)

daemon@ATHENA.MIT.EDU (Xmcd Admin)
Tue Nov 26 11:50:06 1996

Date: 	Mon, 25 Nov 1996 23:08:30 -0800
Reply-To: Xmcd Admin <xmcd@bazooka.amb.org>
From: Xmcd Admin <xmcd@bazooka.amb.org>
X-To:         "David J. Meltzer" <davem@iss.net>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
In-Reply-To:  <Pine.LNX.3.95.961125122334.28145C-100000@phoenix.iss.net> from
              "David J. Meltzer" at Nov 25, 96 12:45:32 pm

This is to announce that XMCD 2.1 patchlevel 0 has been released
which fixes all of the issues previously raised by David Meltzer.
It also contains a number of other minor feature and functionality
enhancements.  The new version may be obtained via the xmcd web page at:

        http://sunsite.unc.edu/~cddb/xmcd/

Users of xmcd with older versions are encouraged to upgrade.

-Ti
--
\\ // XMCD - Motif CD player / CDA - Command line CD player
 \\/  Ti Kan / AMB Research Laboratories
 //\  E-mail: xmcd@amb.org
// \\ URL:    http://sunsite.unc.edu/~cddb/xmcd/

David J. Meltzer <davem@iss.net> wrote:
>    There are security holes in XMCD 2.0pl2 (and presumably all previous
> versions), a popular audio cd player for numerous unix platforms, which
> allow a user defined environment variable to overflow a fixed size buffer
> resulting in a complete compromise of system security on machines with XMCD
> installed suid root.
> [ ... description deleted ]


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[3684] in bugtraq

XMCD v2.1 released (was: Security Problems in XMCD)

daemon@ATHENA.MIT.EDU (Xmcd Admin)Tue Nov 26 11:50:06 1996

daemon@ATHENA.MIT.EDU (Xmcd Admin)
Tue Nov 26 11:50:06 1996