=========================================================== Ubuntu Security Notice USN-657-1 October 21, 2008 amarok vulnerability CVE-2008-3699 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 7.10 Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 7.10: amarok 2:1.4.7-0ubuntu3.1 Ubuntu 8.04 LTS: amarok 2:1.4.9.1-0ubuntu3.1 After a standard system upgrade you need to restart Amarok to effect the necessary changes. Details follow: Dwayne Litzenberger discovered that Amarok created temporary files in an insecure way. Local users could exploit a race condition to create or overwrite files with the privileges of the user invoking the program. (CVE-2008-3699) Updated packages for Ubuntu 7.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.7-0ubuntu3.1.diff.gz Size/MD5: 255918 dca8383f9896834f5d8c54d43f6dc853 http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.7-0ubuntu3.1.dsc Size/MD5: 1058 d32a20821719c0dfacb5ba8ec075d489 http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.7.orig.tar.gz Size/MD5: 16103569 74cd355c6d4838695a8d5b914a5b7d77 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok-xine_1.4.7-0ubuntu3.1_amd64.deb Size/MD5: 62658 45c0cdd1e68c0df745040e6c92200bc6 http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.7-0ubuntu3.1_amd64.deb Size/MD5: 10059924 2ab0454733d26e134366636e83607a71 http://security.ubuntu.com/ubuntu/pool/universe/a/amarok/amarok-engines_1.4.7-0ubuntu3.1_amd64.deb Size/MD5: 876 17a40d219de7ed693b1d230b26987602 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok-xine_1.4.7-0ubuntu3.1_i386.deb Size/MD5: 56628 a523fa49bde0b44b8ff82a36acd9fafa http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.7-0ubuntu3.1_i386.deb Size/MD5: 9849030 c5a52dff92e6d187d8593d6570fca417 http://security.ubuntu.com/ubuntu/pool/universe/a/amarok/amarok-engines_1.4.7-0ubuntu3.1_i386.deb Size/MD5: 882 9587a0db89486eab4aa116d29a0c3d65 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/a/amarok/amarok-xine_1.4.7-0ubuntu3.1_lpia.deb Size/MD5: 56372 d11e1a501e5d89be4bee9334fd5bd8cc http://ports.ubuntu.com/pool/main/a/amarok/amarok_1.4.7-0ubuntu3.1_lpia.deb Size/MD5: 9840212 e378ce3c1f2d7b701e928c238f14513b http://ports.ubuntu.com/pool/universe/a/amarok/amarok-engines_1.4.7-0ubuntu3.1_lpia.deb Size/MD5: 880 bc43c874722611add7610d22b7dfca3f powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok-xine_1.4.7-0ubuntu3.1_powerpc.deb Size/MD5: 62382 a70d875a0d0c181e22013c61ce2d610e http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.7-0ubuntu3.1_powerpc.deb Size/MD5: 10058388 f0960ebb25d725c0fee8c60566e2e87b http://security.ubuntu.com/ubuntu/pool/universe/a/amarok/amarok-engines_1.4.7-0ubuntu3.1_powerpc.deb Size/MD5: 882 0b34c2be0efc3f69a8df7e4c45af6f91 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok-xine_1.4.7-0ubuntu3.1_sparc.deb Size/MD5: 56964 975d09ca95317c2a598e432fa42a6203 http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.7-0ubuntu3.1_sparc.deb Size/MD5: 9940806 2fa016bd8b2632c0d37c79d2679d960c http://security.ubuntu.com/ubuntu/pool/universe/a/amarok/amarok-engines_1.4.7-0ubuntu3.1_sparc.deb Size/MD5: 882 195106c1509ffcb19fd2aadc5e6d198d Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.9.1-0ubuntu3.1.diff.gz Size/MD5: 34120 2c031e3190574baeb16b582e7fe38976 http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.9.1-0ubuntu3.1.dsc Size/MD5: 1228 3577bdf77bb6c68421d9d5385027ee00 http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.9.1.orig.tar.gz Size/MD5: 16055681 a4365f559f0d42a0a09c3e9a17f9a140 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok-xine_1.4.9.1-0ubuntu3.1_amd64.deb Size/MD5: 61968 ae5a016b12762819e66614720e16e8d1 http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.9.1-0ubuntu3.1_amd64.deb Size/MD5: 9852594 e90e8b066df459977b24a333ac1180a8 http://security.ubuntu.com/ubuntu/pool/universe/a/amarok/amarok-engines_1.4.9.1-0ubuntu3.1_amd64.deb Size/MD5: 892 8b8a41d47eaad009f3c998e8ffed8588 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok-xine_1.4.9.1-0ubuntu3.1_i386.deb Size/MD5: 55158 94c5c5098ac8bc2387657d5f2a356817 http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.9.1-0ubuntu3.1_i386.deb Size/MD5: 9612898 d424575a5b2fe32df2d7bf68f7e3dc92 http://security.ubuntu.com/ubuntu/pool/universe/a/amarok/amarok-engines_1.4.9.1-0ubuntu3.1_i386.deb Size/MD5: 894 389f3799120c338a915fde145a9fdd0a lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/a/amarok/amarok-xine_1.4.9.1-0ubuntu3.1_lpia.deb Size/MD5: 55426 12c2f3f742b268bfdce0d0b0924e0b9e http://ports.ubuntu.com/pool/main/a/amarok/amarok_1.4.9.1-0ubuntu3.1_lpia.deb Size/MD5: 9633456 4ecea3bb7e762bc2ac626a301a6e6317 http://ports.ubuntu.com/pool/universe/a/amarok/amarok-engines_1.4.9.1-0ubuntu3.1_lpia.deb Size/MD5: 892 fab140bcaba2326e5c85286d10052ad0 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/a/amarok/amarok-xine_1.4.9.1-0ubuntu3.1_powerpc.deb Size/MD5: 60482 a55ed07da11d9af83ca402df70c358ce http://ports.ubuntu.com/pool/main/a/amarok/amarok_1.4.9.1-0ubuntu3.1_powerpc.deb Size/MD5: 9813852 50d2c59b2d3d76a5be2fa39febdb486c http://ports.ubuntu.com/pool/universe/a/amarok/amarok-engines_1.4.9.1-0ubuntu3.1_powerpc.deb Size/MD5: 896 90b290b69b1fbfc3ef7d2a3ec1d63f5e sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/a/amarok/amarok-xine_1.4.9.1-0ubuntu3.1_sparc.deb Size/MD5: 55458 68477ffe9fa8ed27ed604f2f96cfafa2 http://ports.ubuntu.com/pool/main/a/amarok/amarok_1.4.9.1-0ubuntu3.1_sparc.deb Size/MD5: 9703360 cc313fc4e1a9ef9fd585241251c29eea http://ports.ubuntu.com/pool/universe/a/amarok/amarok-engines_1.4.9.1-0ubuntu3.1_sparc.deb Size/MD5: 896 67db1063d70af6b8f5f4f1fa1e5c058e
Attachment:
signature.asc
Description: Digital signature