=========================================================== Ubuntu Security Notice USN-739-1 March 17, 2009 amarok vulnerabilities CVE-2009-0135, CVE-2009-0136 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 7.10 Ubuntu 8.04 LTS Ubuntu 8.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 7.10: amarok 2:1.4.7-0ubuntu3.2 Ubuntu 8.04 LTS: amarok 2:1.4.9.1-0ubuntu3.2 Ubuntu 8.10: amarok 2:1.4.10-0ubuntu3.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that Amarok did not correctly handle certain malformed tags in Audible Audio (.aa) files. If a user were tricked into opening a crafted Audible Audio file, an attacker could execute arbitrary code with the privileges of the user invoking the program. Updated packages for Ubuntu 7.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.7-0ubuntu3.2.diff.gz Size/MD5: 257112 c9e74edffcb691c16e1128aa887c1bfd http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.7-0ubuntu3.2.dsc Size/MD5: 1066 e0d1dd2ce612be33f143bdaac11e3959 http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.7.orig.tar.gz Size/MD5: 16103569 74cd355c6d4838695a8d5b914a5b7d77 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok-xine_1.4.7-0ubuntu3.2_amd64.deb Size/MD5: 62660 f88ae4c42572936a5ea969f42535b0b9 http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.7-0ubuntu3.2_amd64.deb Size/MD5: 10060154 e93c8ffb9db8004cbd1d702cadaaec28 http://security.ubuntu.com/ubuntu/pool/universe/a/amarok/amarok-engines_1.4.7-0ubuntu3.2_amd64.deb Size/MD5: 880 3bd14c1eed61be2a4992f3282bc6b0a4 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok-xine_1.4.7-0ubuntu3.2_i386.deb Size/MD5: 56632 ebf26ee4dd076e54782cf276a3cc888c http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.7-0ubuntu3.2_i386.deb Size/MD5: 9848998 b22ddae4b1ef24a58c42a65a0cb17c49 http://security.ubuntu.com/ubuntu/pool/universe/a/amarok/amarok-engines_1.4.7-0ubuntu3.2_i386.deb Size/MD5: 882 037d4a5a94a88f3f09a25c0e7de86baf lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/a/amarok/amarok-xine_1.4.7-0ubuntu3.2_lpia.deb Size/MD5: 56376 d22b49f1bd640bed50d86ce8b630515b http://ports.ubuntu.com/pool/main/a/amarok/amarok_1.4.7-0ubuntu3.2_lpia.deb Size/MD5: 9840226 4bc0d7e4e7e0791d2af94e53f106a9c2 http://ports.ubuntu.com/pool/universe/a/amarok/amarok-engines_1.4.7-0ubuntu3.2_lpia.deb Size/MD5: 880 7a48684acb8056df94e9ae04dbcb18e8 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok-xine_1.4.7-0ubuntu3.2_powerpc.deb Size/MD5: 62376 ba074f1110dc982df3a0d89321407dfc http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.7-0ubuntu3.2_powerpc.deb Size/MD5: 10058400 40ebc6949db67a6d169f03400e73f0bb http://security.ubuntu.com/ubuntu/pool/universe/a/amarok/amarok-engines_1.4.7-0ubuntu3.2_powerpc.deb Size/MD5: 884 17d6eb924c7960391e9192e92c7715f3 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok-xine_1.4.7-0ubuntu3.2_sparc.deb Size/MD5: 56966 54091e39c8cf0bc1d15335bfd760730a http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.7-0ubuntu3.2_sparc.deb Size/MD5: 9941278 7549394f977da613ced46cb06569c970 http://security.ubuntu.com/ubuntu/pool/universe/a/amarok/amarok-engines_1.4.7-0ubuntu3.2_sparc.deb Size/MD5: 882 b07d32a7a9b65eba984692ff89281361 Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.9.1-0ubuntu3.2.diff.gz Size/MD5: 35541 ae027294b9ecd0cfef274bd7821e55d8 http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.9.1-0ubuntu3.2.dsc Size/MD5: 1236 963e00d25ce78cea1cb687653382ffac http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.9.1.orig.tar.gz Size/MD5: 16055681 a4365f559f0d42a0a09c3e9a17f9a140 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok-xine_1.4.9.1-0ubuntu3.2_amd64.deb Size/MD5: 61972 e22ebf1259d6efc8df04a63c5f1f239b http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.9.1-0ubuntu3.2_amd64.deb Size/MD5: 9852912 749c0955241f580f604ec3cf737e29ba http://security.ubuntu.com/ubuntu/pool/universe/a/amarok/amarok-engines_1.4.9.1-0ubuntu3.2_amd64.deb Size/MD5: 892 8935cf386c89808423b31a971b8ba8f5 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok-xine_1.4.9.1-0ubuntu3.2_i386.deb Size/MD5: 55162 a708e7f15c28a78dbde8b0760a3c51e9 http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.9.1-0ubuntu3.2_i386.deb Size/MD5: 9613228 7ad352acc25cb075a86a712b9dc9cde7 http://security.ubuntu.com/ubuntu/pool/universe/a/amarok/amarok-engines_1.4.9.1-0ubuntu3.2_i386.deb Size/MD5: 894 327a4fab283176840a5c19c20da82a60 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/a/amarok/amarok-xine_1.4.9.1-0ubuntu3.2_lpia.deb Size/MD5: 55434 7e3ec4dd258b53d229e2a62f10f24ee0 http://ports.ubuntu.com/pool/main/a/amarok/amarok_1.4.9.1-0ubuntu3.2_lpia.deb Size/MD5: 9634246 00939b00ed248dcb20ba48cb0f7d4e85 http://ports.ubuntu.com/pool/universe/a/amarok/amarok-engines_1.4.9.1-0ubuntu3.2_lpia.deb Size/MD5: 892 08de17b51f8dc7e1718a538354793d96 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/a/amarok/amarok-xine_1.4.9.1-0ubuntu3.2_powerpc.deb Size/MD5: 60480 78a345b9355403c9e15fc40b2060729a http://ports.ubuntu.com/pool/main/a/amarok/amarok_1.4.9.1-0ubuntu3.2_powerpc.deb Size/MD5: 9814058 c455622225259b65b52190de1ac2f411 http://ports.ubuntu.com/pool/universe/a/amarok/amarok-engines_1.4.9.1-0ubuntu3.2_powerpc.deb Size/MD5: 894 21fee2e334c017d67035c1a855a76232 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/a/amarok/amarok-xine_1.4.9.1-0ubuntu3.2_sparc.deb Size/MD5: 55462 b7b35cb1a49407c5b1744e75be35be96 http://ports.ubuntu.com/pool/main/a/amarok/amarok_1.4.9.1-0ubuntu3.2_sparc.deb Size/MD5: 9703894 cbbc84b5f72149a1e6b77e2a3767b32a http://ports.ubuntu.com/pool/universe/a/amarok/amarok-engines_1.4.9.1-0ubuntu3.2_sparc.deb Size/MD5: 894 ec9b2171cfa95bb7d5f5eb00234a29c7 Updated packages for Ubuntu 8.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.10-0ubuntu3.1.diff.gz Size/MD5: 122128 dfa7f91f4b47877f2ae0ad628cd1cb34 http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.10-0ubuntu3.1.dsc Size/MD5: 1692 85e473b48ec7618853a7ef4ec9f676f3 http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.10.orig.tar.gz Size/MD5: 16207150 3d0670537b74e929909aa9fa5dc98ccf Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok-common_1.4.10-0ubuntu3.1_all.deb Size/MD5: 7189098 14810af1ad0beaceaa6d4ffdef262303 http://security.ubuntu.com/ubuntu/pool/universe/a/amarok/amarok-engines_1.4.10-0ubuntu3.1_all.deb Size/MD5: 20876 5e4197198c821aa5ba7b4bf4aa880c48 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok-dbg_1.4.10-0ubuntu3.1_amd64.deb Size/MD5: 11263374 3cd56f5c0137f627c7a1b6cf4da65b8f http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok-engine-xine_1.4.10-0ubuntu3.1_amd64.deb Size/MD5: 77300 ec981ba68cfd40da2c0d1bcc732bb6ad http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.10-0ubuntu3.1_amd64.deb Size/MD5: 2555918 aa8ca60da603dde4ad17abf9a3f9413c http://security.ubuntu.com/ubuntu/pool/universe/a/amarok/amarok-engine-yauap_1.4.10-0ubuntu3.1_amd64.deb Size/MD5: 44786 19864173750f5e0cfecb9cd0e5ecb93c i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok-dbg_1.4.10-0ubuntu3.1_i386.deb Size/MD5: 11214674 209fb4b55cccb46924b49aa311cd7fd2 http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok-engine-xine_1.4.10-0ubuntu3.1_i386.deb Size/MD5: 73120 ac2195787b0f20e49f0f2c4600af8e0a http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.10-0ubuntu3.1_i386.deb Size/MD5: 2455166 10a4d45271de505b27335b03e63e65e7 http://security.ubuntu.com/ubuntu/pool/universe/a/amarok/amarok-engine-yauap_1.4.10-0ubuntu3.1_i386.deb Size/MD5: 42068 27fda4967f148fae1cc9368c2a864580 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/a/amarok/amarok-dbg_1.4.10-0ubuntu3.1_lpia.deb Size/MD5: 11001132 58d91d53551248da242004538f8cf4e1 http://ports.ubuntu.com/pool/main/a/amarok/amarok-engine-xine_1.4.10-0ubuntu3.1_lpia.deb Size/MD5: 72996 700366415eb1979682355bf3321116eb http://ports.ubuntu.com/pool/main/a/amarok/amarok_1.4.10-0ubuntu3.1_lpia.deb Size/MD5: 2466854 1e8371a2ecd057dd132b734dd90123ae http://ports.ubuntu.com/pool/universe/a/amarok/amarok-engine-yauap_1.4.10-0ubuntu3.1_lpia.deb Size/MD5: 42324 46e91ba8d21b8a07bb55908baa31ff36 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/a/amarok/amarok-dbg_1.4.10-0ubuntu3.1_powerpc.deb Size/MD5: 11630608 f396b5277dae7a48eb99f96d0286f5ef http://ports.ubuntu.com/pool/main/a/amarok/amarok-engine-xine_1.4.10-0ubuntu3.1_powerpc.deb Size/MD5: 77218 14a66ad0995715007e05ae0c4391ee36 http://ports.ubuntu.com/pool/main/a/amarok/amarok_1.4.10-0ubuntu3.1_powerpc.deb Size/MD5: 2553480 8b214c82fd0facc88be1784c4cf72c0c http://ports.ubuntu.com/pool/universe/a/amarok/amarok-engine-yauap_1.4.10-0ubuntu3.1_powerpc.deb Size/MD5: 46030 fcdb0545bd8a26124a2bb70604e3ac18 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/a/amarok/amarok-dbg_1.4.10-0ubuntu3.1_sparc.deb Size/MD5: 11005590 628b0d7d4425387d5aaf37a3ea983964 http://ports.ubuntu.com/pool/main/a/amarok/amarok-engine-xine_1.4.10-0ubuntu3.1_sparc.deb Size/MD5: 72268 c8b1b20037f189d7237cbdad98756147 http://ports.ubuntu.com/pool/main/a/amarok/amarok_1.4.10-0ubuntu3.1_sparc.deb Size/MD5: 2398662 ee7c646f35ddc367817de4e0922a36d7 http://ports.ubuntu.com/pool/universe/a/amarok/amarok-engine-yauap_1.4.10-0ubuntu3.1_sparc.deb Size/MD5: 41892 f5579da5c9e5da9a312dd61e13d1d6e2
Attachment:
signature.asc
Description: This is a digitally signed message part