lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <1237310965.6268.5.camel@mdlinux.technorage.com>
Date: Tue, 17 Mar 2009 13:29:25 -0400
From: Marc Deslauriers <marc.deslauriers@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk
Subject: [USN-739-1] Amarok vulnerabilities

===========================================================
Ubuntu Security Notice USN-739-1             March 17, 2009
amarok vulnerabilities
CVE-2009-0135, CVE-2009-0136
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 7.10
Ubuntu 8.04 LTS
Ubuntu 8.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 7.10:
  amarok                          2:1.4.7-0ubuntu3.2

Ubuntu 8.04 LTS:
  amarok                          2:1.4.9.1-0ubuntu3.2

Ubuntu 8.10:
  amarok                          2:1.4.10-0ubuntu3.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

It was discovered that Amarok did not correctly handle certain malformed
tags in Audible Audio (.aa) files. If a user were tricked into opening a
crafted Audible Audio file, an attacker could execute arbitrary code with
the privileges of the user invoking the program.


Updated packages for Ubuntu 7.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.7-0ubuntu3.2.diff.gz
      Size/MD5:   257112 c9e74edffcb691c16e1128aa887c1bfd
    http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.7-0ubuntu3.2.dsc
      Size/MD5:     1066 e0d1dd2ce612be33f143bdaac11e3959
    http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.7.orig.tar.gz
      Size/MD5: 16103569 74cd355c6d4838695a8d5b914a5b7d77

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok-xine_1.4.7-0ubuntu3.2_amd64.deb
      Size/MD5:    62660 f88ae4c42572936a5ea969f42535b0b9
    http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.7-0ubuntu3.2_amd64.deb
      Size/MD5: 10060154 e93c8ffb9db8004cbd1d702cadaaec28
    http://security.ubuntu.com/ubuntu/pool/universe/a/amarok/amarok-engines_1.4.7-0ubuntu3.2_amd64.deb
      Size/MD5:      880 3bd14c1eed61be2a4992f3282bc6b0a4

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok-xine_1.4.7-0ubuntu3.2_i386.deb
      Size/MD5:    56632 ebf26ee4dd076e54782cf276a3cc888c
    http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.7-0ubuntu3.2_i386.deb
      Size/MD5:  9848998 b22ddae4b1ef24a58c42a65a0cb17c49
    http://security.ubuntu.com/ubuntu/pool/universe/a/amarok/amarok-engines_1.4.7-0ubuntu3.2_i386.deb
      Size/MD5:      882 037d4a5a94a88f3f09a25c0e7de86baf

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/a/amarok/amarok-xine_1.4.7-0ubuntu3.2_lpia.deb
      Size/MD5:    56376 d22b49f1bd640bed50d86ce8b630515b
    http://ports.ubuntu.com/pool/main/a/amarok/amarok_1.4.7-0ubuntu3.2_lpia.deb
      Size/MD5:  9840226 4bc0d7e4e7e0791d2af94e53f106a9c2
    http://ports.ubuntu.com/pool/universe/a/amarok/amarok-engines_1.4.7-0ubuntu3.2_lpia.deb
      Size/MD5:      880 7a48684acb8056df94e9ae04dbcb18e8

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok-xine_1.4.7-0ubuntu3.2_powerpc.deb
      Size/MD5:    62376 ba074f1110dc982df3a0d89321407dfc
    http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.7-0ubuntu3.2_powerpc.deb
      Size/MD5: 10058400 40ebc6949db67a6d169f03400e73f0bb
    http://security.ubuntu.com/ubuntu/pool/universe/a/amarok/amarok-engines_1.4.7-0ubuntu3.2_powerpc.deb
      Size/MD5:      884 17d6eb924c7960391e9192e92c7715f3

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok-xine_1.4.7-0ubuntu3.2_sparc.deb
      Size/MD5:    56966 54091e39c8cf0bc1d15335bfd760730a
    http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.7-0ubuntu3.2_sparc.deb
      Size/MD5:  9941278 7549394f977da613ced46cb06569c970
    http://security.ubuntu.com/ubuntu/pool/universe/a/amarok/amarok-engines_1.4.7-0ubuntu3.2_sparc.deb
      Size/MD5:      882 b07d32a7a9b65eba984692ff89281361

Updated packages for Ubuntu 8.04 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.9.1-0ubuntu3.2.diff.gz
      Size/MD5:    35541 ae027294b9ecd0cfef274bd7821e55d8
    http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.9.1-0ubuntu3.2.dsc
      Size/MD5:     1236 963e00d25ce78cea1cb687653382ffac
    http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.9.1.orig.tar.gz
      Size/MD5: 16055681 a4365f559f0d42a0a09c3e9a17f9a140

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok-xine_1.4.9.1-0ubuntu3.2_amd64.deb
      Size/MD5:    61972 e22ebf1259d6efc8df04a63c5f1f239b
    http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.9.1-0ubuntu3.2_amd64.deb
      Size/MD5:  9852912 749c0955241f580f604ec3cf737e29ba
    http://security.ubuntu.com/ubuntu/pool/universe/a/amarok/amarok-engines_1.4.9.1-0ubuntu3.2_amd64.deb
      Size/MD5:      892 8935cf386c89808423b31a971b8ba8f5

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok-xine_1.4.9.1-0ubuntu3.2_i386.deb
      Size/MD5:    55162 a708e7f15c28a78dbde8b0760a3c51e9
    http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.9.1-0ubuntu3.2_i386.deb
      Size/MD5:  9613228 7ad352acc25cb075a86a712b9dc9cde7
    http://security.ubuntu.com/ubuntu/pool/universe/a/amarok/amarok-engines_1.4.9.1-0ubuntu3.2_i386.deb
      Size/MD5:      894 327a4fab283176840a5c19c20da82a60

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/a/amarok/amarok-xine_1.4.9.1-0ubuntu3.2_lpia.deb
      Size/MD5:    55434 7e3ec4dd258b53d229e2a62f10f24ee0
    http://ports.ubuntu.com/pool/main/a/amarok/amarok_1.4.9.1-0ubuntu3.2_lpia.deb
      Size/MD5:  9634246 00939b00ed248dcb20ba48cb0f7d4e85
    http://ports.ubuntu.com/pool/universe/a/amarok/amarok-engines_1.4.9.1-0ubuntu3.2_lpia.deb
      Size/MD5:      892 08de17b51f8dc7e1718a538354793d96

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/a/amarok/amarok-xine_1.4.9.1-0ubuntu3.2_powerpc.deb
      Size/MD5:    60480 78a345b9355403c9e15fc40b2060729a
    http://ports.ubuntu.com/pool/main/a/amarok/amarok_1.4.9.1-0ubuntu3.2_powerpc.deb
      Size/MD5:  9814058 c455622225259b65b52190de1ac2f411
    http://ports.ubuntu.com/pool/universe/a/amarok/amarok-engines_1.4.9.1-0ubuntu3.2_powerpc.deb
      Size/MD5:      894 21fee2e334c017d67035c1a855a76232

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/a/amarok/amarok-xine_1.4.9.1-0ubuntu3.2_sparc.deb
      Size/MD5:    55462 b7b35cb1a49407c5b1744e75be35be96
    http://ports.ubuntu.com/pool/main/a/amarok/amarok_1.4.9.1-0ubuntu3.2_sparc.deb
      Size/MD5:  9703894 cbbc84b5f72149a1e6b77e2a3767b32a
    http://ports.ubuntu.com/pool/universe/a/amarok/amarok-engines_1.4.9.1-0ubuntu3.2_sparc.deb
      Size/MD5:      894 ec9b2171cfa95bb7d5f5eb00234a29c7

Updated packages for Ubuntu 8.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.10-0ubuntu3.1.diff.gz
      Size/MD5:   122128 dfa7f91f4b47877f2ae0ad628cd1cb34
    http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.10-0ubuntu3.1.dsc
      Size/MD5:     1692 85e473b48ec7618853a7ef4ec9f676f3
    http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.10.orig.tar.gz
      Size/MD5: 16207150 3d0670537b74e929909aa9fa5dc98ccf

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok-common_1.4.10-0ubuntu3.1_all.deb
      Size/MD5:  7189098 14810af1ad0beaceaa6d4ffdef262303
    http://security.ubuntu.com/ubuntu/pool/universe/a/amarok/amarok-engines_1.4.10-0ubuntu3.1_all.deb
      Size/MD5:    20876 5e4197198c821aa5ba7b4bf4aa880c48

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok-dbg_1.4.10-0ubuntu3.1_amd64.deb
      Size/MD5: 11263374 3cd56f5c0137f627c7a1b6cf4da65b8f
    http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok-engine-xine_1.4.10-0ubuntu3.1_amd64.deb
      Size/MD5:    77300 ec981ba68cfd40da2c0d1bcc732bb6ad
    http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.10-0ubuntu3.1_amd64.deb
      Size/MD5:  2555918 aa8ca60da603dde4ad17abf9a3f9413c
    http://security.ubuntu.com/ubuntu/pool/universe/a/amarok/amarok-engine-yauap_1.4.10-0ubuntu3.1_amd64.deb
      Size/MD5:    44786 19864173750f5e0cfecb9cd0e5ecb93c

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok-dbg_1.4.10-0ubuntu3.1_i386.deb
      Size/MD5: 11214674 209fb4b55cccb46924b49aa311cd7fd2
    http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok-engine-xine_1.4.10-0ubuntu3.1_i386.deb
      Size/MD5:    73120 ac2195787b0f20e49f0f2c4600af8e0a
    http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.10-0ubuntu3.1_i386.deb
      Size/MD5:  2455166 10a4d45271de505b27335b03e63e65e7
    http://security.ubuntu.com/ubuntu/pool/universe/a/amarok/amarok-engine-yauap_1.4.10-0ubuntu3.1_i386.deb
      Size/MD5:    42068 27fda4967f148fae1cc9368c2a864580

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/a/amarok/amarok-dbg_1.4.10-0ubuntu3.1_lpia.deb
      Size/MD5: 11001132 58d91d53551248da242004538f8cf4e1
    http://ports.ubuntu.com/pool/main/a/amarok/amarok-engine-xine_1.4.10-0ubuntu3.1_lpia.deb
      Size/MD5:    72996 700366415eb1979682355bf3321116eb
    http://ports.ubuntu.com/pool/main/a/amarok/amarok_1.4.10-0ubuntu3.1_lpia.deb
      Size/MD5:  2466854 1e8371a2ecd057dd132b734dd90123ae
    http://ports.ubuntu.com/pool/universe/a/amarok/amarok-engine-yauap_1.4.10-0ubuntu3.1_lpia.deb
      Size/MD5:    42324 46e91ba8d21b8a07bb55908baa31ff36

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/a/amarok/amarok-dbg_1.4.10-0ubuntu3.1_powerpc.deb
      Size/MD5: 11630608 f396b5277dae7a48eb99f96d0286f5ef
    http://ports.ubuntu.com/pool/main/a/amarok/amarok-engine-xine_1.4.10-0ubuntu3.1_powerpc.deb
      Size/MD5:    77218 14a66ad0995715007e05ae0c4391ee36
    http://ports.ubuntu.com/pool/main/a/amarok/amarok_1.4.10-0ubuntu3.1_powerpc.deb
      Size/MD5:  2553480 8b214c82fd0facc88be1784c4cf72c0c
    http://ports.ubuntu.com/pool/universe/a/amarok/amarok-engine-yauap_1.4.10-0ubuntu3.1_powerpc.deb
      Size/MD5:    46030 fcdb0545bd8a26124a2bb70604e3ac18

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/a/amarok/amarok-dbg_1.4.10-0ubuntu3.1_sparc.deb
      Size/MD5: 11005590 628b0d7d4425387d5aaf37a3ea983964
    http://ports.ubuntu.com/pool/main/a/amarok/amarok-engine-xine_1.4.10-0ubuntu3.1_sparc.deb
      Size/MD5:    72268 c8b1b20037f189d7237cbdad98756147
    http://ports.ubuntu.com/pool/main/a/amarok/amarok_1.4.10-0ubuntu3.1_sparc.deb
      Size/MD5:  2398662 ee7c646f35ddc367817de4e0922a36d7
    http://ports.ubuntu.com/pool/universe/a/amarok/amarok-engine-yauap_1.4.10-0ubuntu3.1_sparc.deb
      Size/MD5:    41892 f5579da5c9e5da9a312dd61e13d1d6e2



Download attachment "signature.asc" of type "application/pgp-signature" (198 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ