[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [Full-disclosure] [ MDVSA-2009:030 ] amarok
From: security () mandriva ! com
Date: 2009-01-27 16:11:00
Message-ID: E1LRqWj-0001g3-0x () titan ! mandriva ! com
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2009:030
http://www.mandriva.com/security/
_______________________________________________________________________
Package : amarok
Date : January 26, 2009
Affected: 2008.1, 2009.0
_______________________________________________________________________
Problem Description:
Data length values in metadata Audible Audio media file (.aa) can lead
to an integer overflow enabling remote attackers use it to trigger an
heap overflow and enabling the possibility to execute arbitrary code
(CVE-2009-0135).
Failure on checking heap allocation on Audible Audio media files
(.aa) allows remote attackers either to cause denial of service or
execute arbitrary code via a crafted media file (CVE-2009-0136).
This update provide the fix for these security issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0135
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0136
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.1:
1a8246a202bcc785f761a97978599a58 2008.1/i586/amarok-1.4.8-12.2mdv2008.1.i586.rpm
1783e7430e515d4a6144647c50ae8def \
2008.1/i586/amarok-engine-void-1.4.8-12.2mdv2008.1.i586.rpm \
7ea34714db78c48ba57efba24259b1e8 \
2008.1/i586/amarok-engine-xine-1.4.8-12.2mdv2008.1.i586.rpm \
9741e2d710a7f0138b17d8ae5253db3b \
2008.1/i586/amarok-engine-yauap-1.4.8-12.2mdv2008.1.i586.rpm \
07e042b5b18e4d3c7e030d8fcf796b07 \
2008.1/i586/amarok-scripts-1.4.8-12.2mdv2008.1.i586.rpm \
260e9de9cecd888ff2f2d27f2ded127f 2008.1/i586/libamarok0-1.4.8-12.2mdv2008.1.i586.rpm \
2267841689410ebf301431611c626da1 \
2008.1/i586/libamarok0-scripts-1.4.8-12.2mdv2008.1.i586.rpm \
301b052ea6661df51e95cb0e7d616961 \
2008.1/i586/libamarok-devel-1.4.8-12.2mdv2008.1.i586.rpm \
815a7454f91161542127005d1b4d5143 \
2008.1/i586/libamarok-scripts-devel-1.4.8-12.2mdv2008.1.i586.rpm \
e06458ad6529e0be044c136797bfa1c8 2008.1/SRPMS/amarok-1.4.8-12.2mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64:
ffdd3bd41a777732d4e62f816c109df8 \
2008.1/x86_64/amarok-1.4.8-12.2mdv2008.1.x86_64.rpm ec10186c7ede7a88e5b17556cdd2dfb0 \
2008.1/x86_64/amarok-engine-void-1.4.8-12.2mdv2008.1.x86_64.rpm \
43afd708057335d8240d8089dac7b407 \
2008.1/x86_64/amarok-engine-xine-1.4.8-12.2mdv2008.1.x86_64.rpm \
3495536bfa3eb6316bc9f4b3bf0e21d0 \
2008.1/x86_64/amarok-engine-yauap-1.4.8-12.2mdv2008.1.x86_64.rpm \
f686b429164bcf5568c354fe04069aca \
2008.1/x86_64/amarok-scripts-1.4.8-12.2mdv2008.1.x86_64.rpm \
37c16f39f142bbe43f77ebd8662a1241 \
2008.1/x86_64/lib64amarok0-1.4.8-12.2mdv2008.1.x86_64.rpm \
7d655865abe84d513fc6b661f06ca8ef \
2008.1/x86_64/lib64amarok0-scripts-1.4.8-12.2mdv2008.1.x86_64.rpm \
e2e6f738de6f3d4adec513b3fc6fd46d \
2008.1/x86_64/lib64amarok-devel-1.4.8-12.2mdv2008.1.x86_64.rpm \
21a51b57b01ea6e9b2623c8f7b73a20e \
2008.1/x86_64/lib64amarok-scripts-devel-1.4.8-12.2mdv2008.1.x86_64.rpm \
e06458ad6529e0be044c136797bfa1c8 2008.1/SRPMS/amarok-1.4.8-12.2mdv2008.1.src.rpm
Mandriva Linux 2009.0:
dfa1b151504f4f1d300b1c20d2759569 2009.0/i586/amarok-2.0-1.2mdv2009.0.i586.rpm
074f96428803ec95886965de2430b1d7 \
2009.0/i586/amarok-scripts-2.0-1.2mdv2009.0.i586.rpm \
7bc361ce058e5e28f76fffca7b45e804 \
2009.0/i586/libamarok-devel-2.0-1.2mdv2009.0.i586.rpm \
4f3f0f5b6fe7b82722056c60e145e55e 2009.0/i586/libamaroklib1-2.0-1.2mdv2009.0.i586.rpm \
98975dd8bd348c8b497c706550559798 \
2009.0/i586/libamarokplasma2-2.0-1.2mdv2009.0.i586.rpm \
3f411fc8f8a2d5040071e3c5c17e0750 2009.0/i586/libamarokpud1-2.0-1.2mdv2009.0.i586.rpm \
00449f621b74a45337c6edf067155639 \
2009.0/i586/libamarok_taglib1-2.0-1.2mdv2009.0.i586.rpm \
250b512463a015324ae1f7bce6a4381f 2009.0/SRPMS/amarok-2.0-1.2mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
9d3041f66c3c88492c9b217625a3d8b9 2009.0/x86_64/amarok-2.0-1.2mdv2009.0.x86_64.rpm
6336ad0873c72428133dc72499edb386 \
2009.0/x86_64/amarok-scripts-2.0-1.2mdv2009.0.x86_64.rpm \
e2af1726c929428a61cef94c28561f69 \
2009.0/x86_64/lib64amarok-devel-2.0-1.2mdv2009.0.x86_64.rpm \
ecdafc395867d7c62e02015faa000d15 \
2009.0/x86_64/lib64amaroklib1-2.0-1.2mdv2009.0.x86_64.rpm \
c682cd1bd6b557184fe81f1aa2fb2953 \
2009.0/x86_64/lib64amarokplasma2-2.0-1.2mdv2009.0.x86_64.rpm \
76af360ed85f551f6aa8e204ef2f2f43 \
2009.0/x86_64/lib64amarokpud1-2.0-1.2mdv2009.0.x86_64.rpm \
abaf80b0b0d0e7bd5ca32ba7413671aa \
2009.0/x86_64/lib64amarok_taglib1-2.0-1.2mdv2009.0.x86_64.rpm \
250b512463a015324ae1f7bce6a4381f 2009.0/SRPMS/amarok-2.0-1.2mdv2009.0.src.rpm \
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFJfwXHmqjQ0CJFipgRAq8+AJwMdbJCzad1KwNPcu+/ED1ry9VaMQCfd2WN
gnrxNsGlZ3cgoABesY1q0DE=
=8/6v
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic