[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060713123703.GI4947@piware.de>
Date: Thu Jul 13 13:35:51 2006
From: martin.pitt at canonical.com (Martin Pitt)
Subject: [USN-318-1] libtunepimp vulnerability
===========================================================
Ubuntu Security Notice USN-318-1 July 13, 2006
libtunepimp vulnerability
http://bugs.musicbrainz.org/ticket/1764
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 5.04
Ubuntu 5.10
Ubuntu 6.06 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 5.04:
libtunepimp2 0.3.0-2ubuntu5.1
Ubuntu 5.10:
libtunepimp2c2 0.3.0-2ubuntu7.1
Ubuntu 6.06 LTS:
libtunepimp2c2a 0.3.0-9.1ubuntu3.1
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
Kevin Kofler discovered several buffer overflows in the tag parser. By
tricking a user into opening a specially crafted tagged multimedia
file (such as .ogg or .mp3 music) with an application that uses
libtunepimp, this could be exploited to execute arbitrary code with
the user's privileges.
This particularly affects the KDE applications 'Amarok' and 'Juk'.
Updated packages for Ubuntu 5.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/libt/libtunepimp/libtunepimp_0.3.0-2ubuntu5.1.diff.gz
Size/MD5: 6871 816d083ad0010b6ba3f4c2c027ffe4c8
http://security.ubuntu.com/ubuntu/pool/main/libt/libtunepimp/libtunepimp_0.3.0-2ubuntu5.1.dsc
Size/MD5: 1016 0bb89c217e868b97c8ecece58d70d521
http://security.ubuntu.com/ubuntu/pool/main/libt/libtunepimp/libtunepimp_0.3.0.orig.tar.gz
Size/MD5: 524889 f1f506914150c4917ec730f847ad4709
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/libt/libtunepimp/libtunepimp-bin_0.3.0-2ubuntu5.1_amd64.deb
Size/MD5: 24124 2bafeba28a4e75afc24b9d84ca89e4a4
http://security.ubuntu.com/ubuntu/pool/universe/libt/libtunepimp/libtunepimp-perl_0.3.0-2ubuntu5.1_amd64.deb
Size/MD5: 65002 f6d69554dc0d49e9b43a8a86d3ad1595
http://security.ubuntu.com/ubuntu/pool/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-2ubuntu5.1_amd64.deb
Size/MD5: 307302 524eec25e6670177cef5f3923ca13bcb
http://security.ubuntu.com/ubuntu/pool/main/libt/libtunepimp/libtunepimp2_0.3.0-2ubuntu5.1_amd64.deb
Size/MD5: 166714 65cc3f239ff8a2e4b71d9681c7a399d4
http://security.ubuntu.com/ubuntu/pool/universe/libt/libtunepimp/python-tunepimp_0.3.0-2ubuntu5.1_amd64.deb
Size/MD5: 7620 8efc67adb855d09ee6163296d2a5dcc8
http://security.ubuntu.com/ubuntu/pool/universe/libt/libtunepimp/python2.3-tunepimp_0.3.0-2ubuntu5.1_amd64.deb
Size/MD5: 35906 fabd759fc946dc8da916ac4aea98344c
http://security.ubuntu.com/ubuntu/pool/universe/libt/libtunepimp/python2.4-tunepimp_0.3.0-2ubuntu5.1_amd64.deb
Size/MD5: 35906 ad81916e88a3041a29aa1d0b0381f807
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/libt/libtunepimp/libtunepimp-bin_0.3.0-2ubuntu5.1_i386.deb
Size/MD5: 22554 3796f87627d72b6e9459242d51275418
http://security.ubuntu.com/ubuntu/pool/universe/libt/libtunepimp/libtunepimp-perl_0.3.0-2ubuntu5.1_i386.deb
Size/MD5: 64308 b05b230b572574f70c70ac2c4b78ab47
http://security.ubuntu.com/ubuntu/pool/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-2ubuntu5.1_i386.deb
Size/MD5: 288084 861c09351e62091f262d0672398bfca3
http://security.ubuntu.com/ubuntu/pool/main/libt/libtunepimp/libtunepimp2_0.3.0-2ubuntu5.1_i386.deb
Size/MD5: 168370 1e4ec2f407fa1a2798b8e65f2779318b
http://security.ubuntu.com/ubuntu/pool/universe/libt/libtunepimp/python-tunepimp_0.3.0-2ubuntu5.1_i386.deb
Size/MD5: 7604 8b3fd4594225291e6104fc6ae7648308
http://security.ubuntu.com/ubuntu/pool/universe/libt/libtunepimp/python2.3-tunepimp_0.3.0-2ubuntu5.1_i386.deb
Size/MD5: 32092 dcce42ec71c9b3b5fba324e7ad8bc064
http://security.ubuntu.com/ubuntu/pool/universe/libt/libtunepimp/python2.4-tunepimp_0.3.0-2ubuntu5.1_i386.deb
Size/MD5: 32096 0244dc6403cc8f581d010cc049cc9772
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/libt/libtunepimp/libtunepimp-bin_0.3.0-2ubuntu5.1_powerpc.deb
Size/MD5: 25668 d1b3b88f7ea94faa390ac8a818a5b40a
http://security.ubuntu.com/ubuntu/pool/universe/libt/libtunepimp/libtunepimp-perl_0.3.0-2ubuntu5.1_powerpc.deb
Size/MD5: 65456 de067b822941a684b151eacd1627800a
http://security.ubuntu.com/ubuntu/pool/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-2ubuntu5.1_powerpc.deb
Size/MD5: 310288 ee373226566ebdd026d85339c6194f68
http://security.ubuntu.com/ubuntu/pool/main/libt/libtunepimp/libtunepimp2_0.3.0-2ubuntu5.1_powerpc.deb
Size/MD5: 161658 e57125bd48dc6fb43a729f42024d9acf
http://security.ubuntu.com/ubuntu/pool/universe/libt/libtunepimp/python-tunepimp_0.3.0-2ubuntu5.1_powerpc.deb
Size/MD5: 7604 856cad80b516aadfcc6b4dfce84f7c37
http://security.ubuntu.com/ubuntu/pool/universe/libt/libtunepimp/python2.3-tunepimp_0.3.0-2ubuntu5.1_powerpc.deb
Size/MD5: 35024 b2fe0b4fab5f8f26885830d1230c08e9
http://security.ubuntu.com/ubuntu/pool/universe/libt/libtunepimp/python2.4-tunepimp_0.3.0-2ubuntu5.1_powerpc.deb
Size/MD5: 35022 6aceed97903c5e9d58089be96034969b
Updated packages for Ubuntu 5.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/libt/libtunepimp/libtunepimp_0.3.0-2ubuntu7.1.diff.gz
Size/MD5: 57217 e84fada632684c764157925a6f28af58
http://security.ubuntu.com/ubuntu/pool/main/libt/libtunepimp/libtunepimp_0.3.0-2ubuntu7.1.dsc
Size/MD5: 1042 79047ac001cd966d40c7c7041057ce70
http://security.ubuntu.com/ubuntu/pool/main/libt/libtunepimp/libtunepimp_0.3.0.orig.tar.gz
Size/MD5: 524889 f1f506914150c4917ec730f847ad4709
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/libt/libtunepimp/libtunepimp-bin_0.3.0-2ubuntu7.1_amd64.deb
Size/MD5: 22900 8fa8c15ad391abaa865bd32aaf357696
http://security.ubuntu.com/ubuntu/pool/universe/libt/libtunepimp/libtunepimp-perl_0.3.0-2ubuntu7.1_amd64.deb
Size/MD5: 65060 c3f3a5f8fe97e8b1116e8b4a404f030b
http://security.ubuntu.com/ubuntu/pool/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-2ubuntu7.1_amd64.deb
Size/MD5: 423156 b3bcfc2292f7d34a4e83e80dac4a5a45
http://security.ubuntu.com/ubuntu/pool/main/libt/libtunepimp/libtunepimp2c2_0.3.0-2ubuntu7.1_amd64.deb
Size/MD5: 194818 3d8bb66aa14ec742b44c886c4b9e73c0
http://security.ubuntu.com/ubuntu/pool/universe/libt/libtunepimp/python-tunepimp_0.3.0-2ubuntu7.1_amd64.deb
Size/MD5: 7326 0b52f772ba148170a9aeee326510d662
http://security.ubuntu.com/ubuntu/pool/universe/libt/libtunepimp/python2.3-tunepimp_0.3.0-2ubuntu7.1_amd64.deb
Size/MD5: 35766 eef8807c1221c87468ce3446292029a5
http://security.ubuntu.com/ubuntu/pool/universe/libt/libtunepimp/python2.4-tunepimp_0.3.0-2ubuntu7.1_amd64.deb
Size/MD5: 35760 ff1030fefa9d205303cfe935df177106
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/libt/libtunepimp/libtunepimp-bin_0.3.0-2ubuntu7.1_i386.deb
Size/MD5: 21832 39979e0f98a247ad115d7df4973a9e33
http://security.ubuntu.com/ubuntu/pool/universe/libt/libtunepimp/libtunepimp-perl_0.3.0-2ubuntu7.1_i386.deb
Size/MD5: 63588 c967addd0a999e243981908ea982ba32
http://security.ubuntu.com/ubuntu/pool/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-2ubuntu7.1_i386.deb
Size/MD5: 377446 c2c567712c0d84b9840d2afbbf591894
http://security.ubuntu.com/ubuntu/pool/main/libt/libtunepimp/libtunepimp2c2_0.3.0-2ubuntu7.1_i386.deb
Size/MD5: 183424 d43689ace27a3cd6188a58e5f32221ee
http://security.ubuntu.com/ubuntu/pool/universe/libt/libtunepimp/python-tunepimp_0.3.0-2ubuntu7.1_i386.deb
Size/MD5: 7722 144d696e193d3084a8a33fa301e2673c
http://security.ubuntu.com/ubuntu/pool/universe/libt/libtunepimp/python2.3-tunepimp_0.3.0-2ubuntu7.1_i386.deb
Size/MD5: 31896 9aa6b90c84df7e88bfd749d62c73e32d
http://security.ubuntu.com/ubuntu/pool/universe/libt/libtunepimp/python2.4-tunepimp_0.3.0-2ubuntu7.1_i386.deb
Size/MD5: 31888 5fcde4b28b41d8dd6bc08a2ade8ca053
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/libt/libtunepimp/libtunepimp-bin_0.3.0-2ubuntu7.1_powerpc.deb
Size/MD5: 25168 f3a910c5c2eac9af7c464b0de6b52d66
http://security.ubuntu.com/ubuntu/pool/universe/libt/libtunepimp/libtunepimp-perl_0.3.0-2ubuntu7.1_powerpc.deb
Size/MD5: 66636 2ca63be064b364f34d364ec066d64cb7
http://security.ubuntu.com/ubuntu/pool/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-2ubuntu7.1_powerpc.deb
Size/MD5: 381948 6b5b4645103599a7f0eb4b57ca893610
http://security.ubuntu.com/ubuntu/pool/main/libt/libtunepimp/libtunepimp2c2_0.3.0-2ubuntu7.1_powerpc.deb
Size/MD5: 179634 d34c9466b6d956fe7ac940c866920f29
http://security.ubuntu.com/ubuntu/pool/universe/libt/libtunepimp/python-tunepimp_0.3.0-2ubuntu7.1_powerpc.deb
Size/MD5: 7726 02de2d03f2cc418978855ac672e86e55
http://security.ubuntu.com/ubuntu/pool/universe/libt/libtunepimp/python2.3-tunepimp_0.3.0-2ubuntu7.1_powerpc.deb
Size/MD5: 34982 9b5ce65ec98c254a7f42dd420f175072
http://security.ubuntu.com/ubuntu/pool/universe/libt/libtunepimp/python2.4-tunepimp_0.3.0-2ubuntu7.1_powerpc.deb
Size/MD5: 34980 1a770caef6f7eef04687a92d0742e7bf
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/libt/libtunepimp/libtunepimp-bin_0.3.0-2ubuntu7.1_sparc.deb
Size/MD5: 21896 eeb801a35abca46bbf42bee69b360cfd
http://security.ubuntu.com/ubuntu/pool/universe/libt/libtunepimp/libtunepimp-perl_0.3.0-2ubuntu7.1_sparc.deb
Size/MD5: 65508 3fe0fee3f317b65a723a7aafe0b5061f
http://security.ubuntu.com/ubuntu/pool/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-2ubuntu7.1_sparc.deb
Size/MD5: 353488 a4daad9f4ccf01f4b643c10ac038ecb5
http://security.ubuntu.com/ubuntu/pool/main/libt/libtunepimp/libtunepimp2c2_0.3.0-2ubuntu7.1_sparc.deb
Size/MD5: 170798 e1b4278a1b3db42c8c47c79f9d733508
http://security.ubuntu.com/ubuntu/pool/universe/libt/libtunepimp/python-tunepimp_0.3.0-2ubuntu7.1_sparc.deb
Size/MD5: 7756 05381e3502cd0e317c1f8b5786dcd3fa
http://security.ubuntu.com/ubuntu/pool/universe/libt/libtunepimp/python2.3-tunepimp_0.3.0-2ubuntu7.1_sparc.deb
Size/MD5: 33196 dd7540323f010e4cb6a989b7b9637e08
http://security.ubuntu.com/ubuntu/pool/universe/libt/libtunepimp/python2.4-tunepimp_0.3.0-2ubuntu7.1_sparc.deb
Size/MD5: 33186 749e8c2e4a6aa94b62e9f7815b9ee7cf
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/libt/libtunepimp/libtunepimp_0.3.0-9.1ubuntu3.1.diff.gz
Size/MD5: 167027 5cbf88064d3c601b1e21d655bf6f2a9f
http://security.ubuntu.com/ubuntu/pool/main/libt/libtunepimp/libtunepimp_0.3.0-9.1ubuntu3.1.dsc
Size/MD5: 940 7e3e4061956ba7d494b1656545af86f3
http://security.ubuntu.com/ubuntu/pool/main/libt/libtunepimp/libtunepimp_0.3.0.orig.tar.gz
Size/MD5: 524889 f1f506914150c4917ec730f847ad4709
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/libt/libtunepimp/libtunepimp-bin_0.3.0-9.1ubuntu3.1_amd64.deb
Size/MD5: 23790 d8c7ef4dd653db7cfb107d80280b17dd
http://security.ubuntu.com/ubuntu/pool/universe/libt/libtunepimp/libtunepimp-perl_0.3.0-9.1ubuntu3.1_amd64.deb
Size/MD5: 66182 d8daee5233892c809dcfad35f68fb099
http://security.ubuntu.com/ubuntu/pool/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-9.1ubuntu3.1_amd64.deb
Size/MD5: 343194 610c0e719156390e292ff6e096be46df
http://security.ubuntu.com/ubuntu/pool/main/libt/libtunepimp/libtunepimp2c2a_0.3.0-9.1ubuntu3.1_amd64.deb
Size/MD5: 167296 9d4ac860ec681f3e19b93acd6e51b9c6
http://security.ubuntu.com/ubuntu/pool/universe/libt/libtunepimp/python-tunepimp_0.3.0-9.1ubuntu3.1_amd64.deb
Size/MD5: 8302 51c14894544828c1941aec878c6926a1
http://security.ubuntu.com/ubuntu/pool/universe/libt/libtunepimp/python2.4-tunepimp_0.3.0-9.1ubuntu3.1_amd64.deb
Size/MD5: 36750 63a8a32a3e984e3d15e765418e53f9d3
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/libt/libtunepimp/libtunepimp-bin_0.3.0-9.1ubuntu3.1_i386.deb
Size/MD5: 22684 43aa7607a31a3a5459ea92401bfdfc91
http://security.ubuntu.com/ubuntu/pool/universe/libt/libtunepimp/libtunepimp-perl_0.3.0-9.1ubuntu3.1_i386.deb
Size/MD5: 64694 a6652cd749d8fdf1e565a61276ae4f37
http://security.ubuntu.com/ubuntu/pool/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-9.1ubuntu3.1_i386.deb
Size/MD5: 323862 0bfff7363b6e4b6228856a965a0cb865
http://security.ubuntu.com/ubuntu/pool/main/libt/libtunepimp/libtunepimp2c2a_0.3.0-9.1ubuntu3.1_i386.deb
Size/MD5: 164644 50037044badb6c1a67304f0cb733f77c
http://security.ubuntu.com/ubuntu/pool/universe/libt/libtunepimp/python-tunepimp_0.3.0-9.1ubuntu3.1_i386.deb
Size/MD5: 8716 0b4d9fb3aa25383bdc96022d633b3c3f
http://security.ubuntu.com/ubuntu/pool/universe/libt/libtunepimp/python2.4-tunepimp_0.3.0-9.1ubuntu3.1_i386.deb
Size/MD5: 32796 9f138782b4ce65cb45f7b8a5dcd30adc
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/libt/libtunepimp/libtunepimp-bin_0.3.0-9.1ubuntu3.1_powerpc.deb
Size/MD5: 25984 548a14de1f722edf6e50466ce31028a8
http://security.ubuntu.com/ubuntu/pool/universe/libt/libtunepimp/libtunepimp-perl_0.3.0-9.1ubuntu3.1_powerpc.deb
Size/MD5: 67776 ffcadfbb8fa0218ef9d5fa8bb4762a9f
http://security.ubuntu.com/ubuntu/pool/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-9.1ubuntu3.1_powerpc.deb
Size/MD5: 343108 fc51b87e482ec0b97b324fcb984dce6c
http://security.ubuntu.com/ubuntu/pool/main/libt/libtunepimp/libtunepimp2c2a_0.3.0-9.1ubuntu3.1_powerpc.deb
Size/MD5: 163486 59cc8425cc6b0f46c963da0c8d06d051
http://security.ubuntu.com/ubuntu/pool/universe/libt/libtunepimp/python-tunepimp_0.3.0-9.1ubuntu3.1_powerpc.deb
Size/MD5: 8714 599b6fe1626b8cb09ef13c29c2340db4
http://security.ubuntu.com/ubuntu/pool/universe/libt/libtunepimp/python2.4-tunepimp_0.3.0-9.1ubuntu3.1_powerpc.deb
Size/MD5: 35948 f839586e4e6fbd4a559da1a2769ce7e1
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/libt/libtunepimp/libtunepimp-bin_0.3.0-9.1ubuntu3.1_sparc.deb
Size/MD5: 22728 a8f14d0d59cdb75d7ec19bf7c0fd40c0
http://security.ubuntu.com/ubuntu/pool/universe/libt/libtunepimp/libtunepimp-perl_0.3.0-9.1ubuntu3.1_sparc.deb
Size/MD5: 66668 6d21d148627ae79a8e69f08e49864ae8
http://security.ubuntu.com/ubuntu/pool/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-9.1ubuntu3.1_sparc.deb
Size/MD5: 316962 3e246a51f0e8aab396c2237092d60ca4
http://security.ubuntu.com/ubuntu/pool/main/libt/libtunepimp/libtunepimp2c2a_0.3.0-9.1ubuntu3.1_sparc.deb
Size/MD5: 153124 cbf70ade10c1303f8a5267e13c6cc4e1
http://security.ubuntu.com/ubuntu/pool/universe/libt/libtunepimp/python-tunepimp_0.3.0-9.1ubuntu3.1_sparc.deb
Size/MD5: 8756 2525d4058def16a35a8f2d8d2465bbe5
http://security.ubuntu.com/ubuntu/pool/universe/libt/libtunepimp/python2.4-tunepimp_0.3.0-9.1ubuntu3.1_sparc.deb
Size/MD5: 34136 6aff67f8c972b99bb650db85f5b06012
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060713/e6b8d43f/attachment.bin
Powered by blists - more mailing lists