Linux Security
Linux Security
Linux Security

Debian: DSA-1821-1: New amule packages fix insufficient input sanitising

Date 23 Jun 2009
Posted By LinuxSecurity Advisories
Sam Hocevar discovered that amule, a client for the eD2k and Kad networks, does not properly sanitise the filename, when using the preview function. This could lead to the injection of arbitrary commands

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1821-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.                      Steffen Joeris
June 22, 2009               
- ------------------------------------------------------------------------

Package        : amule
Vulnerability  : insufficient input sanitising
Problem type   : remote
Debian-specific: no
CVE Id         : CVE-2009-1440
Debian Bug     : 525078

Sam Hocevar discovered that amule, a client for the eD2k and Kad
networks, does not properly sanitise the filename, when using the
preview function. This could lead to the injection of arbitrary commands
passed to the video player.

For the stable distribution (lenny), this problem has been fixed in
version 2.2.1-1+lenny2.

The oldstable distribution (etch) is not affected by this issue.

For the testing distribution (squeeze) this problem will be fixed soon.

For the unstable distribution (sid), this problem has been fixed in
version 2.2.5-1.1.

We recommend that you upgrade your amule packages.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Debian (stable)
- ---------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:
    Size/MD5 checksum:  5945095 4af457cf1112cd2c23f133f98d0b1123
    Size/MD5 checksum:    21192 cbae4dfde8c2ee4108354ae5a3b33b7c
    Size/MD5 checksum:     1360 44eaea8c76492a09197b4764f6602c38

Architecture independent packages:
    Size/MD5 checksum:  2253976 3a393eacd88cbe16e4c6714d244b600c

alpha architecture (DEC Alpha)
    Size/MD5 checksum:   464220 8d763c84917f2591e724d9db0c3bf730
    Size/MD5 checksum:  1428344 8924427d6f9f3c7c59b04829b1e689e4
    Size/MD5 checksum:  1350778 af463e0b04b01767c32a4d40cd611065
    Size/MD5 checksum:  2094352 e12c37ac77be795df6b6e57503b2085e

amd64 architecture (AMD x86_64 (AMD64))
    Size/MD5 checksum:  1294100 fd70acd8c4b1c86aa09da145450de94b
    Size/MD5 checksum:   448166 64d61b24c0307c21e6a13cc676bb7361
    Size/MD5 checksum:  1192552 6a3c91f293913531a70dd4647cffa6e7
    Size/MD5 checksum:  1858846 2933a8ad9f7dda33940efff5ee9194b6

arm architecture (ARM)
    Size/MD5 checksum:   449514 1dee31e34becbb25690e98f5bcb7fc81
    Size/MD5 checksum:  1976994 ebff75684dbab7ac1b6b5f0f217acd35
    Size/MD5 checksum:  1266254 a8ca8a7f528ef533baf6a4022f15d625
    Size/MD5 checksum:  1351714 a66eb56243ef7c70957dbaebfafc0ae7

armel architecture (ARM EABI)
    Size/MD5 checksum:   429464 ac82fc01cf3792d837b68df26d2509aa
    Size/MD5 checksum:  1092808 3a8d674aa4f3c1a5bfb2836e4d5e5d3f
    Size/MD5 checksum:  1236006 205dae928f6231ce664ce1bde3c222cc
    Size/MD5 checksum:  1765870 fac2d32b45a4f69d631aedc004103450

hppa architecture (HP PA RISC)
    Size/MD5 checksum:  1442768 9b34faff8e0338be7a872d24ce6f6116
    Size/MD5 checksum:  1351038 56ed6958e047640353ec93342d522deb
    Size/MD5 checksum:  2098164 77a7a340f20e60bd2d9d62126f5da5b4
    Size/MD5 checksum:   465580 e9b5ee45e63b84dbd30cdbcb8663c833

i386 architecture (Intel ia32)
    Size/MD5 checksum:   441412 7d950e97f28fc52a2ad904c97d695647
    Size/MD5 checksum:  1282022 41cb881f954cfee01544cc79cc637de9
    Size/MD5 checksum:  1834186 092acc92d4efd8f8cfcdfc20d91bf1e4
    Size/MD5 checksum:  1160416 59a189fcb605d3cd53c25157ac08775e

ia64 architecture (Intel ia64)
    Size/MD5 checksum:  1543554 e48c437c956f1a7fa663bb4f7c86ae98
    Size/MD5 checksum:  2354916 49d3399f61a5d25fa53d61093d0d6aa4
    Size/MD5 checksum:  1594620 ae20084bfa0522b83263bab081671835
    Size/MD5 checksum:   491456 253e201bce8de74d789c01596a87950d

mips architecture (MIPS (Big Endian))
    Size/MD5 checksum:  1244756 95fc39ecfdbe4c8be3b07cc8e26727f3
    Size/MD5 checksum:  1329214 09b790f67e09fc528300d137b199f5ce
    Size/MD5 checksum:  1952694 00cbb0c1cd2710710131f38cf7dd000f
    Size/MD5 checksum:   444304 42da3ebfcdfaaf6c2f3df7edb9355ef1

mipsel architecture (MIPS (Little Endian))
    Size/MD5 checksum:  1903990 c593afa800e0d46e565b89a29d9f1d84
    Size/MD5 checksum:  1286918 ab7f0967f74ce64dbbe004c6fbd66ee1
    Size/MD5 checksum:  1231682 c2c6ffe9862979549089cd7a86b848e9
    Size/MD5 checksum:   443016 961d4bf791fa0fcb6f9e508369370745

powerpc architecture (PowerPC)
    Size/MD5 checksum:  1369070 e7ea8113da751779df3f27c22a290167
    Size/MD5 checksum:  1233354 5dee3db5c0be3c25fea36c9e0585aabd
    Size/MD5 checksum:  1952042 8be4209ffbc1d92bda69a4a7c225871c
    Size/MD5 checksum:   459252 4f50ff6ebb0c8f51def95a0231231ac3

s390 architecture (IBM S/390)
    Size/MD5 checksum:  1845666 276351af0fd557f30dddfe163a778a49
    Size/MD5 checksum:   441768 a18c5708f99b5dc49c0f9a73dc06d153
    Size/MD5 checksum:  1301370 873dd9d9b0c965c81c4d38b6d2b2073e
    Size/MD5 checksum:  1143174 c249ffbc639a4b922f2e85a4ae7cf822

sparc architecture (Sun SPARC/UltraSPARC)
    Size/MD5 checksum:  1886608 721e115be6a2739137a6829157152ab5
    Size/MD5 checksum:  1161476 d40bd787ba3017e6378add6127792dfd
    Size/MD5 checksum:  1319292 8eca735707f026977e2b949a0e465c4c
    Size/MD5 checksum:   442942 d2083c9c69c3279dc70fa5cdd225210c

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
Package info: `apt-cache show ' and

LinuxSecurity Poll

How frequently do you patch/update your system?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum 0 answer(s) and maximum 3 answer(s).
[{"id":"179","title":"As soon as patches\/updates are released - I track advisories for my distro(s) diligently","votes":"64","type":"x","order":"1","pct":76.19,"resources":[]},{"id":"180","title":"Every so often, when I think of it","votes":"13","type":"x","order":"2","pct":15.48,"resources":[]},{"id":"181","title":"Hardly ever","votes":"7","type":"x","order":"3","pct":8.33,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

Please vote first in order to view vote results.



bottom 200

Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.