| Thread Previous • Date Previous • Date Next • Thread Next |
This bug is fixed in amarok (2:1.4.9.1-0ubuntu3.2) - generic hardy.
Hardy for the mini is still in version 2:1.4.9.1-0ubuntu3.1
amarok (2:1.4.9.1-0ubuntu3.2) hardy-security; urgency=low
* SECURITY UPDATE: integer overflows allow remote attackers to execute
arbitrary code via an Audible Audio (.aa) file (LP: #318555)
- debian/patches/security_audible_tags.diff fix integer overflow while
reading audible aa file tags. Based on upstream patch.
- http://websvn.kde.org/?view=rev&revision=908415
- http://www.trapkit.de/advisories/TKADV2009-002.txt
- CVE-2009-0135
- CVE-2009-0136
--
Amarok - integer overflows and unchecked allocation vulnerabilities
https://bugs.launchpad.net/bugs/318555
You received this bug notification because you are a member of OEM
Services QA, which is subscribed to The Dell Mini Project.
Status in Dell Inspiron Mini with Custom Dell UI: Confirmed
Status in “amarok” source package in Ubuntu: Fix Released
Status in amarok in Ubuntu Dapper: Invalid
Status in amarok in Ubuntu Gutsy: Fix Released
Status in amarok in Ubuntu Hardy: Fix Released
Status in amarok in Ubuntu Intrepid: Fix Released
Status in amarok in Ubuntu Jaunty: Fix Released
Bug description:
Binary package hint: amarok
Amarok contains several integer overflows and unchecked allocation
vulnerabilities while parsing malformed Audible digital audio files.
The vulnerabilities may be exploited by a (remote) attacker to execute
arbitrary code in the context of Amarok.
http://www.trapkit.de/advisories/TKADV2009-002.txt
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0135
http://lists.grok.org.uk/pipermail/full-disclosure/2009-January/067330.html
http://www.debian.org/security/2009/dsa-1706
| Thread Previous • Date Previous • Date Next • Thread Next |
