lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20081021133422.GA7493@severus.strandboge.com>
Date: Tue, 21 Oct 2008 08:34:22 -0500
From: Jamie Strandboge <jamie@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-657-1] Amarok vulnerability

===========================================================
Ubuntu Security Notice USN-657-1           October 21, 2008
amarok vulnerability
CVE-2008-3699
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 7.10
Ubuntu 8.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 7.10:
  amarok                          2:1.4.7-0ubuntu3.1

Ubuntu 8.04 LTS:
  amarok                          2:1.4.9.1-0ubuntu3.1

After a standard system upgrade you need to restart Amarok to effect
the necessary changes.

Details follow:

Dwayne Litzenberger discovered that Amarok created temporary files in
an insecure way. Local users could exploit a race condition to create
or overwrite files with the privileges of the user invoking the
program. (CVE-2008-3699)


Updated packages for Ubuntu 7.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.7-0ubuntu3.1.diff.gz
      Size/MD5:   255918 dca8383f9896834f5d8c54d43f6dc853
    http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.7-0ubuntu3.1.dsc
      Size/MD5:     1058 d32a20821719c0dfacb5ba8ec075d489
    http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.7.orig.tar.gz
      Size/MD5: 16103569 74cd355c6d4838695a8d5b914a5b7d77

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok-xine_1.4.7-0ubuntu3.1_amd64.deb
      Size/MD5:    62658 45c0cdd1e68c0df745040e6c92200bc6
    http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.7-0ubuntu3.1_amd64.deb
      Size/MD5: 10059924 2ab0454733d26e134366636e83607a71
    http://security.ubuntu.com/ubuntu/pool/universe/a/amarok/amarok-engines_1.4.7-0ubuntu3.1_amd64.deb
      Size/MD5:      876 17a40d219de7ed693b1d230b26987602

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok-xine_1.4.7-0ubuntu3.1_i386.deb
      Size/MD5:    56628 a523fa49bde0b44b8ff82a36acd9fafa
    http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.7-0ubuntu3.1_i386.deb
      Size/MD5:  9849030 c5a52dff92e6d187d8593d6570fca417
    http://security.ubuntu.com/ubuntu/pool/universe/a/amarok/amarok-engines_1.4.7-0ubuntu3.1_i386.deb
      Size/MD5:      882 9587a0db89486eab4aa116d29a0c3d65

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/a/amarok/amarok-xine_1.4.7-0ubuntu3.1_lpia.deb
      Size/MD5:    56372 d11e1a501e5d89be4bee9334fd5bd8cc
    http://ports.ubuntu.com/pool/main/a/amarok/amarok_1.4.7-0ubuntu3.1_lpia.deb
      Size/MD5:  9840212 e378ce3c1f2d7b701e928c238f14513b
    http://ports.ubuntu.com/pool/universe/a/amarok/amarok-engines_1.4.7-0ubuntu3.1_lpia.deb
      Size/MD5:      880 bc43c874722611add7610d22b7dfca3f

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok-xine_1.4.7-0ubuntu3.1_powerpc.deb
      Size/MD5:    62382 a70d875a0d0c181e22013c61ce2d610e
    http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.7-0ubuntu3.1_powerpc.deb
      Size/MD5: 10058388 f0960ebb25d725c0fee8c60566e2e87b
    http://security.ubuntu.com/ubuntu/pool/universe/a/amarok/amarok-engines_1.4.7-0ubuntu3.1_powerpc.deb
      Size/MD5:      882 0b34c2be0efc3f69a8df7e4c45af6f91

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok-xine_1.4.7-0ubuntu3.1_sparc.deb
      Size/MD5:    56964 975d09ca95317c2a598e432fa42a6203
    http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.7-0ubuntu3.1_sparc.deb
      Size/MD5:  9940806 2fa016bd8b2632c0d37c79d2679d960c
    http://security.ubuntu.com/ubuntu/pool/universe/a/amarok/amarok-engines_1.4.7-0ubuntu3.1_sparc.deb
      Size/MD5:      882 195106c1509ffcb19fd2aadc5e6d198d

Updated packages for Ubuntu 8.04 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.9.1-0ubuntu3.1.diff.gz
      Size/MD5:    34120 2c031e3190574baeb16b582e7fe38976
    http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.9.1-0ubuntu3.1.dsc
      Size/MD5:     1228 3577bdf77bb6c68421d9d5385027ee00
    http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.9.1.orig.tar.gz
      Size/MD5: 16055681 a4365f559f0d42a0a09c3e9a17f9a140

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok-xine_1.4.9.1-0ubuntu3.1_amd64.deb
      Size/MD5:    61968 ae5a016b12762819e66614720e16e8d1
    http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.9.1-0ubuntu3.1_amd64.deb
      Size/MD5:  9852594 e90e8b066df459977b24a333ac1180a8
    http://security.ubuntu.com/ubuntu/pool/universe/a/amarok/amarok-engines_1.4.9.1-0ubuntu3.1_amd64.deb
      Size/MD5:      892 8b8a41d47eaad009f3c998e8ffed8588

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok-xine_1.4.9.1-0ubuntu3.1_i386.deb
      Size/MD5:    55158 94c5c5098ac8bc2387657d5f2a356817
    http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.9.1-0ubuntu3.1_i386.deb
      Size/MD5:  9612898 d424575a5b2fe32df2d7bf68f7e3dc92
    http://security.ubuntu.com/ubuntu/pool/universe/a/amarok/amarok-engines_1.4.9.1-0ubuntu3.1_i386.deb
      Size/MD5:      894 389f3799120c338a915fde145a9fdd0a

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/a/amarok/amarok-xine_1.4.9.1-0ubuntu3.1_lpia.deb
      Size/MD5:    55426 12c2f3f742b268bfdce0d0b0924e0b9e
    http://ports.ubuntu.com/pool/main/a/amarok/amarok_1.4.9.1-0ubuntu3.1_lpia.deb
      Size/MD5:  9633456 4ecea3bb7e762bc2ac626a301a6e6317
    http://ports.ubuntu.com/pool/universe/a/amarok/amarok-engines_1.4.9.1-0ubuntu3.1_lpia.deb
      Size/MD5:      892 fab140bcaba2326e5c85286d10052ad0

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/a/amarok/amarok-xine_1.4.9.1-0ubuntu3.1_powerpc.deb
      Size/MD5:    60482 a55ed07da11d9af83ca402df70c358ce
    http://ports.ubuntu.com/pool/main/a/amarok/amarok_1.4.9.1-0ubuntu3.1_powerpc.deb
      Size/MD5:  9813852 50d2c59b2d3d76a5be2fa39febdb486c
    http://ports.ubuntu.com/pool/universe/a/amarok/amarok-engines_1.4.9.1-0ubuntu3.1_powerpc.deb
      Size/MD5:      896 90b290b69b1fbfc3ef7d2a3ec1d63f5e

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/a/amarok/amarok-xine_1.4.9.1-0ubuntu3.1_sparc.deb
      Size/MD5:    55458 68477ffe9fa8ed27ed604f2f96cfafa2
    http://ports.ubuntu.com/pool/main/a/amarok/amarok_1.4.9.1-0ubuntu3.1_sparc.deb
      Size/MD5:  9703360 cc313fc4e1a9ef9fd585241251c29eea
    http://ports.ubuntu.com/pool/universe/a/amarok/amarok-engines_1.4.9.1-0ubuntu3.1_sparc.deb
      Size/MD5:      896 67db1063d70af6b8f5f4f1fa1e5c058e



Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ