Linux Security
Linux Security
Linux Security

Debian: DSA-1706-1: New amarok packages fix arbitrary code execution

Date 15 Jan 2009
Posted By LinuxSecurity Advisories
Tobias Klein discovered that integer overflows in the code the Amarok media player uses to parse Audible files may lead to the execution of arbitrary code.
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1706-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.                       Moritz Muehlenhoff
January 15, 2009            
- ------------------------------------------------------------------------

Package        : amarok
Vulnerability  : integer overflows
Problem type   : local(remote)
Debian-specific: no
CVE Id(s)      : not assigned yet

Tobias Klein discovered that integer overflows in the code the Amarok
media player uses to parse Audible files may lead to the execution of
arbitrary code.

For the stable distribution (etch), this problem has been fixed in
version 1.4.4-4etch1. Updated packages for sparc and arm will be
provided later.

For the upcoming stable distribution (lenny) and the unstable
distribution (sid), this problem has been fixed in version 1.4.10-2.

We recommend that you upgrade your amarok packages.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch
- -------------------------------

Stable updates are available for alpha, amd64, hppa, i386, ia64, mips, mipsel, powerpc, s390.

Source archives:
    Size/MD5 checksum: 17628566 0adbbd8373da2198b80e509618a2dab9
    Size/MD5 checksum:    42402 c29b0538c033ededacc6d31339d17700
    Size/MD5 checksum:      986 f8e80af55fbd8386e6b13b0b12d798f4

alpha architecture (DEC Alpha)
    Size/MD5 checksum:    70238 16f3f3c09abb731a18a3dc48c473de6b
    Size/MD5 checksum:   129504 287d891eceb758b606dca22be1c00373
    Size/MD5 checksum: 17689706 f50edbcb0ecf4e4b9eb3c7bfcccdab16

amd64 architecture (AMD x86_64 (AMD64))
    Size/MD5 checksum:    69932 7fa4c35fe5ec1bf5c3622beaadfd9d55
    Size/MD5 checksum: 17559012 516c270247fbb4470ec5d453edd45240
    Size/MD5 checksum:   126688 f4dc3d7e22c5716df018e1d198756523

hppa architecture (HP PA RISC)
    Size/MD5 checksum:    70028 ee3d6e27e1bb5412a729cda758bb4c79
    Size/MD5 checksum: 17799030 a9ab6605a349108354a1c3642b3e017b
    Size/MD5 checksum:   133110 025ed372785d76ee8489debf6ec06b59

i386 architecture (Intel ia32)
    Size/MD5 checksum:   122606 af13d7d1948840398e2e0865c002f1be
    Size/MD5 checksum:    69978 d9e962dbb56755409c73e1d29d76e8ca
    Size/MD5 checksum: 17426752 7e3dd482184056066d73844fea495000

ia64 architecture (Intel ia64)
    Size/MD5 checksum:    69978 eaeea421c5d986247d68b24fa43645b4
    Size/MD5 checksum:   143310 55bcb806b1ed036e0b1bf1e14cab97d1
    Size/MD5 checksum: 18256184 8ee9cdea2583aa0efdd577a91ccb1037

mips architecture (MIPS (Big Endian))
    Size/MD5 checksum:    69978 2e39ff39e8a9ef544f4f9e3d00c4708e
    Size/MD5 checksum:   118582 956b27a45db711471b8a1647a7e13893
    Size/MD5 checksum: 17189438 a0cd5cbf3e68a9a481cbd42a13d0c717

mipsel architecture (MIPS (Little Endian))
    Size/MD5 checksum:   118316 73af2daa439ee61d07781f42fbb9bdf2
    Size/MD5 checksum:    69976 084e0fabd90d5dcbc3cdaf7727a8e7c9
    Size/MD5 checksum: 17131354 d5a809e1e78f60ffb91ed99e697dbc13

powerpc architecture (PowerPC)
    Size/MD5 checksum: 17423852 1c2428cbb97b045f3880538db423e6f4
    Size/MD5 checksum:   123234 224605d1f56406132ab7acc9314301c0
    Size/MD5 checksum:    69978 6d0d183ed614b4627fb306aeec628b72

s390 architecture (IBM S/390)
    Size/MD5 checksum:    69974 300b343297ec84c5520052014d237df6
    Size/MD5 checksum:   125914 48ca5f8f754297d200c4d87d69d6c345
    Size/MD5 checksum: 17480270 865a5a65b3c5ad28858d7c7538f0bbc7

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
Package info: `apt-cache show ' and

LinuxSecurity Poll

How frequently do you patch/update your system?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum 0 answer(s) and maximum 3 answer(s).
[{"id":"179","title":"As soon as patches\/updates are released - I track advisories for my distro(s) diligently","votes":"64","type":"x","order":"1","pct":76.19,"resources":[]},{"id":"180","title":"Every so often, when I think of it","votes":"13","type":"x","order":"2","pct":15.48,"resources":[]},{"id":"181","title":"Hardly ever","votes":"7","type":"x","order":"3","pct":8.33,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

Please vote first in order to view vote results.



bottom 200

Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.