[<prev] [next>] [day] [month] [year] [list]
Message-Id: <1237310965.6268.5.camel@mdlinux.technorage.com>
Date: Tue, 17 Mar 2009 13:29:25 -0400
From: Marc Deslauriers <marc.deslauriers@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-739-1] Amarok vulnerabilities
===========================================================
Ubuntu Security Notice USN-739-1 March 17, 2009
amarok vulnerabilities
CVE-2009-0135, CVE-2009-0136
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 7.10
Ubuntu 8.04 LTS
Ubuntu 8.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 7.10:
amarok 2:1.4.7-0ubuntu3.2
Ubuntu 8.04 LTS:
amarok 2:1.4.9.1-0ubuntu3.2
Ubuntu 8.10:
amarok 2:1.4.10-0ubuntu3.1
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
It was discovered that Amarok did not correctly handle certain malformed
tags in Audible Audio (.aa) files. If a user were tricked into opening a
crafted Audible Audio file, an attacker could execute arbitrary code with
the privileges of the user invoking the program.
Updated packages for Ubuntu 7.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.7-0ubuntu3.2.diff.gz
Size/MD5: 257112 c9e74edffcb691c16e1128aa887c1bfd
http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.7-0ubuntu3.2.dsc
Size/MD5: 1066 e0d1dd2ce612be33f143bdaac11e3959
http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.7.orig.tar.gz
Size/MD5: 16103569 74cd355c6d4838695a8d5b914a5b7d77
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok-xine_1.4.7-0ubuntu3.2_amd64.deb
Size/MD5: 62660 f88ae4c42572936a5ea969f42535b0b9
http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.7-0ubuntu3.2_amd64.deb
Size/MD5: 10060154 e93c8ffb9db8004cbd1d702cadaaec28
http://security.ubuntu.com/ubuntu/pool/universe/a/amarok/amarok-engines_1.4.7-0ubuntu3.2_amd64.deb
Size/MD5: 880 3bd14c1eed61be2a4992f3282bc6b0a4
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok-xine_1.4.7-0ubuntu3.2_i386.deb
Size/MD5: 56632 ebf26ee4dd076e54782cf276a3cc888c
http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.7-0ubuntu3.2_i386.deb
Size/MD5: 9848998 b22ddae4b1ef24a58c42a65a0cb17c49
http://security.ubuntu.com/ubuntu/pool/universe/a/amarok/amarok-engines_1.4.7-0ubuntu3.2_i386.deb
Size/MD5: 882 037d4a5a94a88f3f09a25c0e7de86baf
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/a/amarok/amarok-xine_1.4.7-0ubuntu3.2_lpia.deb
Size/MD5: 56376 d22b49f1bd640bed50d86ce8b630515b
http://ports.ubuntu.com/pool/main/a/amarok/amarok_1.4.7-0ubuntu3.2_lpia.deb
Size/MD5: 9840226 4bc0d7e4e7e0791d2af94e53f106a9c2
http://ports.ubuntu.com/pool/universe/a/amarok/amarok-engines_1.4.7-0ubuntu3.2_lpia.deb
Size/MD5: 880 7a48684acb8056df94e9ae04dbcb18e8
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok-xine_1.4.7-0ubuntu3.2_powerpc.deb
Size/MD5: 62376 ba074f1110dc982df3a0d89321407dfc
http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.7-0ubuntu3.2_powerpc.deb
Size/MD5: 10058400 40ebc6949db67a6d169f03400e73f0bb
http://security.ubuntu.com/ubuntu/pool/universe/a/amarok/amarok-engines_1.4.7-0ubuntu3.2_powerpc.deb
Size/MD5: 884 17d6eb924c7960391e9192e92c7715f3
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok-xine_1.4.7-0ubuntu3.2_sparc.deb
Size/MD5: 56966 54091e39c8cf0bc1d15335bfd760730a
http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.7-0ubuntu3.2_sparc.deb
Size/MD5: 9941278 7549394f977da613ced46cb06569c970
http://security.ubuntu.com/ubuntu/pool/universe/a/amarok/amarok-engines_1.4.7-0ubuntu3.2_sparc.deb
Size/MD5: 882 b07d32a7a9b65eba984692ff89281361
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.9.1-0ubuntu3.2.diff.gz
Size/MD5: 35541 ae027294b9ecd0cfef274bd7821e55d8
http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.9.1-0ubuntu3.2.dsc
Size/MD5: 1236 963e00d25ce78cea1cb687653382ffac
http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.9.1.orig.tar.gz
Size/MD5: 16055681 a4365f559f0d42a0a09c3e9a17f9a140
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok-xine_1.4.9.1-0ubuntu3.2_amd64.deb
Size/MD5: 61972 e22ebf1259d6efc8df04a63c5f1f239b
http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.9.1-0ubuntu3.2_amd64.deb
Size/MD5: 9852912 749c0955241f580f604ec3cf737e29ba
http://security.ubuntu.com/ubuntu/pool/universe/a/amarok/amarok-engines_1.4.9.1-0ubuntu3.2_amd64.deb
Size/MD5: 892 8935cf386c89808423b31a971b8ba8f5
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok-xine_1.4.9.1-0ubuntu3.2_i386.deb
Size/MD5: 55162 a708e7f15c28a78dbde8b0760a3c51e9
http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.9.1-0ubuntu3.2_i386.deb
Size/MD5: 9613228 7ad352acc25cb075a86a712b9dc9cde7
http://security.ubuntu.com/ubuntu/pool/universe/a/amarok/amarok-engines_1.4.9.1-0ubuntu3.2_i386.deb
Size/MD5: 894 327a4fab283176840a5c19c20da82a60
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/a/amarok/amarok-xine_1.4.9.1-0ubuntu3.2_lpia.deb
Size/MD5: 55434 7e3ec4dd258b53d229e2a62f10f24ee0
http://ports.ubuntu.com/pool/main/a/amarok/amarok_1.4.9.1-0ubuntu3.2_lpia.deb
Size/MD5: 9634246 00939b00ed248dcb20ba48cb0f7d4e85
http://ports.ubuntu.com/pool/universe/a/amarok/amarok-engines_1.4.9.1-0ubuntu3.2_lpia.deb
Size/MD5: 892 08de17b51f8dc7e1718a538354793d96
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/a/amarok/amarok-xine_1.4.9.1-0ubuntu3.2_powerpc.deb
Size/MD5: 60480 78a345b9355403c9e15fc40b2060729a
http://ports.ubuntu.com/pool/main/a/amarok/amarok_1.4.9.1-0ubuntu3.2_powerpc.deb
Size/MD5: 9814058 c455622225259b65b52190de1ac2f411
http://ports.ubuntu.com/pool/universe/a/amarok/amarok-engines_1.4.9.1-0ubuntu3.2_powerpc.deb
Size/MD5: 894 21fee2e334c017d67035c1a855a76232
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/a/amarok/amarok-xine_1.4.9.1-0ubuntu3.2_sparc.deb
Size/MD5: 55462 b7b35cb1a49407c5b1744e75be35be96
http://ports.ubuntu.com/pool/main/a/amarok/amarok_1.4.9.1-0ubuntu3.2_sparc.deb
Size/MD5: 9703894 cbbc84b5f72149a1e6b77e2a3767b32a
http://ports.ubuntu.com/pool/universe/a/amarok/amarok-engines_1.4.9.1-0ubuntu3.2_sparc.deb
Size/MD5: 894 ec9b2171cfa95bb7d5f5eb00234a29c7
Updated packages for Ubuntu 8.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.10-0ubuntu3.1.diff.gz
Size/MD5: 122128 dfa7f91f4b47877f2ae0ad628cd1cb34
http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.10-0ubuntu3.1.dsc
Size/MD5: 1692 85e473b48ec7618853a7ef4ec9f676f3
http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.10.orig.tar.gz
Size/MD5: 16207150 3d0670537b74e929909aa9fa5dc98ccf
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok-common_1.4.10-0ubuntu3.1_all.deb
Size/MD5: 7189098 14810af1ad0beaceaa6d4ffdef262303
http://security.ubuntu.com/ubuntu/pool/universe/a/amarok/amarok-engines_1.4.10-0ubuntu3.1_all.deb
Size/MD5: 20876 5e4197198c821aa5ba7b4bf4aa880c48
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok-dbg_1.4.10-0ubuntu3.1_amd64.deb
Size/MD5: 11263374 3cd56f5c0137f627c7a1b6cf4da65b8f
http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok-engine-xine_1.4.10-0ubuntu3.1_amd64.deb
Size/MD5: 77300 ec981ba68cfd40da2c0d1bcc732bb6ad
http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.10-0ubuntu3.1_amd64.deb
Size/MD5: 2555918 aa8ca60da603dde4ad17abf9a3f9413c
http://security.ubuntu.com/ubuntu/pool/universe/a/amarok/amarok-engine-yauap_1.4.10-0ubuntu3.1_amd64.deb
Size/MD5: 44786 19864173750f5e0cfecb9cd0e5ecb93c
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok-dbg_1.4.10-0ubuntu3.1_i386.deb
Size/MD5: 11214674 209fb4b55cccb46924b49aa311cd7fd2
http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok-engine-xine_1.4.10-0ubuntu3.1_i386.deb
Size/MD5: 73120 ac2195787b0f20e49f0f2c4600af8e0a
http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.10-0ubuntu3.1_i386.deb
Size/MD5: 2455166 10a4d45271de505b27335b03e63e65e7
http://security.ubuntu.com/ubuntu/pool/universe/a/amarok/amarok-engine-yauap_1.4.10-0ubuntu3.1_i386.deb
Size/MD5: 42068 27fda4967f148fae1cc9368c2a864580
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/a/amarok/amarok-dbg_1.4.10-0ubuntu3.1_lpia.deb
Size/MD5: 11001132 58d91d53551248da242004538f8cf4e1
http://ports.ubuntu.com/pool/main/a/amarok/amarok-engine-xine_1.4.10-0ubuntu3.1_lpia.deb
Size/MD5: 72996 700366415eb1979682355bf3321116eb
http://ports.ubuntu.com/pool/main/a/amarok/amarok_1.4.10-0ubuntu3.1_lpia.deb
Size/MD5: 2466854 1e8371a2ecd057dd132b734dd90123ae
http://ports.ubuntu.com/pool/universe/a/amarok/amarok-engine-yauap_1.4.10-0ubuntu3.1_lpia.deb
Size/MD5: 42324 46e91ba8d21b8a07bb55908baa31ff36
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/a/amarok/amarok-dbg_1.4.10-0ubuntu3.1_powerpc.deb
Size/MD5: 11630608 f396b5277dae7a48eb99f96d0286f5ef
http://ports.ubuntu.com/pool/main/a/amarok/amarok-engine-xine_1.4.10-0ubuntu3.1_powerpc.deb
Size/MD5: 77218 14a66ad0995715007e05ae0c4391ee36
http://ports.ubuntu.com/pool/main/a/amarok/amarok_1.4.10-0ubuntu3.1_powerpc.deb
Size/MD5: 2553480 8b214c82fd0facc88be1784c4cf72c0c
http://ports.ubuntu.com/pool/universe/a/amarok/amarok-engine-yauap_1.4.10-0ubuntu3.1_powerpc.deb
Size/MD5: 46030 fcdb0545bd8a26124a2bb70604e3ac18
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/a/amarok/amarok-dbg_1.4.10-0ubuntu3.1_sparc.deb
Size/MD5: 11005590 628b0d7d4425387d5aaf37a3ea983964
http://ports.ubuntu.com/pool/main/a/amarok/amarok-engine-xine_1.4.10-0ubuntu3.1_sparc.deb
Size/MD5: 72268 c8b1b20037f189d7237cbdad98756147
http://ports.ubuntu.com/pool/main/a/amarok/amarok_1.4.10-0ubuntu3.1_sparc.deb
Size/MD5: 2398662 ee7c646f35ddc367817de4e0922a36d7
http://ports.ubuntu.com/pool/universe/a/amarok/amarok-engine-yauap_1.4.10-0ubuntu3.1_sparc.deb
Size/MD5: 41892 f5579da5c9e5da9a312dd61e13d1d6e2
Download attachment "signature.asc" of type "application/pgp-signature" (198 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists