Debian: DSA-1706-1: New amarok packages fix arbitrary code execution

    Date 15 Jan 2009
    Posted By LinuxSecurity Advisories
    Tobias Klein discovered that integer overflows in the code the Amarok media player uses to parse Audible files may lead to the execution of arbitrary code.
    Hash: SHA1
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-1706-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.                       Moritz Muehlenhoff
    January 15, 2009            
    - ------------------------------------------------------------------------
    Package        : amarok
    Vulnerability  : integer overflows
    Problem type   : local(remote)
    Debian-specific: no
    CVE Id(s)      : not assigned yet
    Tobias Klein discovered that integer overflows in the code the Amarok
    media player uses to parse Audible files may lead to the execution of
    arbitrary code.
    For the stable distribution (etch), this problem has been fixed in
    version 1.4.4-4etch1. Updated packages for sparc and arm will be
    provided later.
    For the upcoming stable distribution (lenny) and the unstable
    distribution (sid), this problem has been fixed in version 1.4.10-2.
    We recommend that you upgrade your amarok packages.
    Upgrade instructions
    - --------------------
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    Debian GNU/Linux 4.0 alias etch
    - -------------------------------
    Stable updates are available for alpha, amd64, hppa, i386, ia64, mips, mipsel, powerpc, s390.
    Source archives:
        Size/MD5 checksum: 17628566 0adbbd8373da2198b80e509618a2dab9
        Size/MD5 checksum:    42402 c29b0538c033ededacc6d31339d17700
        Size/MD5 checksum:      986 f8e80af55fbd8386e6b13b0b12d798f4
    alpha architecture (DEC Alpha)
        Size/MD5 checksum:    70238 16f3f3c09abb731a18a3dc48c473de6b
        Size/MD5 checksum:   129504 287d891eceb758b606dca22be1c00373
        Size/MD5 checksum: 17689706 f50edbcb0ecf4e4b9eb3c7bfcccdab16
    amd64 architecture (AMD x86_64 (AMD64))
        Size/MD5 checksum:    69932 7fa4c35fe5ec1bf5c3622beaadfd9d55
        Size/MD5 checksum: 17559012 516c270247fbb4470ec5d453edd45240
        Size/MD5 checksum:   126688 f4dc3d7e22c5716df018e1d198756523
    hppa architecture (HP PA RISC)
        Size/MD5 checksum:    70028 ee3d6e27e1bb5412a729cda758bb4c79
        Size/MD5 checksum: 17799030 a9ab6605a349108354a1c3642b3e017b
        Size/MD5 checksum:   133110 025ed372785d76ee8489debf6ec06b59
    i386 architecture (Intel ia32)
        Size/MD5 checksum:   122606 af13d7d1948840398e2e0865c002f1be
        Size/MD5 checksum:    69978 d9e962dbb56755409c73e1d29d76e8ca
        Size/MD5 checksum: 17426752 7e3dd482184056066d73844fea495000
    ia64 architecture (Intel ia64)
        Size/MD5 checksum:    69978 eaeea421c5d986247d68b24fa43645b4
        Size/MD5 checksum:   143310 55bcb806b1ed036e0b1bf1e14cab97d1
        Size/MD5 checksum: 18256184 8ee9cdea2583aa0efdd577a91ccb1037
    mips architecture (MIPS (Big Endian))
        Size/MD5 checksum:    69978 2e39ff39e8a9ef544f4f9e3d00c4708e
        Size/MD5 checksum:   118582 956b27a45db711471b8a1647a7e13893
        Size/MD5 checksum: 17189438 a0cd5cbf3e68a9a481cbd42a13d0c717
    mipsel architecture (MIPS (Little Endian))
        Size/MD5 checksum:   118316 73af2daa439ee61d07781f42fbb9bdf2
        Size/MD5 checksum:    69976 084e0fabd90d5dcbc3cdaf7727a8e7c9
        Size/MD5 checksum: 17131354 d5a809e1e78f60ffb91ed99e697dbc13
    powerpc architecture (PowerPC)
        Size/MD5 checksum: 17423852 1c2428cbb97b045f3880538db423e6f4
        Size/MD5 checksum:   123234 224605d1f56406132ab7acc9314301c0
        Size/MD5 checksum:    69978 6d0d183ed614b4627fb306aeec628b72
    s390 architecture (IBM S/390)
        Size/MD5 checksum:    69974 300b343297ec84c5520052014d237df6
        Size/MD5 checksum:   125914 48ca5f8f754297d200c4d87d69d6c345
        Size/MD5 checksum: 17480270 865a5a65b3c5ad28858d7c7538f0bbc7
      These files will probably be moved into the stable distribution on
      its next update.
    - ---------------------------------------------------------------------------------
    For apt-get: deb stable/updates main
    For dpkg-ftp: dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and

    LinuxSecurity Poll

    Do you feel that the Lawful Access to Encrypted Data Act, which aims to force encryption backdoors, is a threat to US citizens' privacy?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    [{"id":"106","title":"Yes - I am a privacy advocate and I am strongly opposed to this bill.","votes":"7","type":"x","order":"1","pct":100,"resources":[]},{"id":"107","title":"I'm undecided - it has its pros and cons.","votes":"0","type":"x","order":"2","pct":0,"resources":[]},{"id":"108","title":"No - I support this bill and feel that it will help protect against crime and threats to our national security. ","votes":"0","type":"x","order":"3","pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.