rss-bot
March 17th, 2009, 01:40 PM
Referenced CVEs:
CVE-2009-0135, CVE-2009-0136
Description:
================================================== =========Ubuntu Security Notice USN-739-1 March 17, 2009amarok vulnerabilitiesCVE-2009-0135, CVE-2009-0136============================================== =============A security issue affects the following Ubuntu releases:Ubuntu 7.10Ubuntu 8.04 LTSUbuntu 8.10This advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 7.10: amarok 2:1.4.7-0ubuntu3.2Ubuntu 8.04 LTS: amarok 2:1.4.9.1-0ubuntu3.2Ubuntu 8.10: amarok 2:1.4.10-0ubuntu3.1In general, a standard system upgrade is sufficient to effect thenecessary changes.Details follow:It was discovered that Amarok did not correctly handle certain malformedtags in Audible Audio (.aa) files. If a user were tricked into opening acrafted Audible Audio file, an attacker could execute arbitrary code withthe privileges of the user invoking the program.
More... (http://www.ubuntu.com/usn/USN-739-1)
CVE-2009-0135, CVE-2009-0136
Description:
================================================== =========Ubuntu Security Notice USN-739-1 March 17, 2009amarok vulnerabilitiesCVE-2009-0135, CVE-2009-0136============================================== =============A security issue affects the following Ubuntu releases:Ubuntu 7.10Ubuntu 8.04 LTSUbuntu 8.10This advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 7.10: amarok 2:1.4.7-0ubuntu3.2Ubuntu 8.04 LTS: amarok 2:1.4.9.1-0ubuntu3.2Ubuntu 8.10: amarok 2:1.4.10-0ubuntu3.1In general, a standard system upgrade is sufficient to effect thenecessary changes.Details follow:It was discovered that Amarok did not correctly handle certain malformedtags in Audible Audio (.aa) files. If a user were tricked into opening acrafted Audible Audio file, an attacker could execute arbitrary code withthe privileges of the user invoking the program.
More... (http://www.ubuntu.com/usn/USN-739-1)