Gentoo Archives: gentoo-announce

From: Tobias Heinlein <keytoaster@g.o>
To: gentoo-announce@g.o
Cc: bugtraq@×××××××××××××.com, full-disclosure@××××××××××××××.uk, security-alerts@×××××××××××××.com
Subject: [gentoo-announce] [ GLSA 200903-34 ] Amarok: User-assisted execution of arbitrary code
Date: Fri, 20 Mar 2009 20:30:11
Message-Id: 49C3FAF5.1040307@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 200903-34
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 http://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: Amarok: User-assisted execution of arbitrary code
9 Date: March 20, 2009
10 Bugs: #254896
11 ID: 200903-34
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities in Amarok might allow for user-assisted
19 execution of arbitrary code.
20
21 Background
22 ==========
23
24 Amarok is an advanced music player.
25
26 Affected packages
27 =================
28
29 -------------------------------------------------------------------
30 Package / Vulnerable / Unaffected
31 -------------------------------------------------------------------
32 1 media-sound/amarok < 1.4.10-r2 >= 1.4.10-r2
33
34 Description
35 ===========
36
37 Tobias Klein has discovered multiple vulnerabilities in Amarok:
38
39 * Multiple integer overflows in the Audible::Tag::readTag() function
40 in metadata/audible/audibletag.cpp trigger heap-based buffer
41 overflows (CVE-2009-0135).
42
43 * Multiple array index errors in the Audible::Tag::readTag() function
44 in metadata/audible/audibletag.cpp can lead to invalid pointer
45 dereferences, or the writing of a 0x00 byte to an arbitrary memory
46 location after an allocation failure (CVE-2009-0136).
47
48 Impact
49 ======
50
51 A remote attacker could entice a user to open a specially crafted
52 Audible Audio (.aa) file with a large "nlen" or "vlen" tag value to
53 execute arbitrary code or cause a Denial of Service.
54
55 Workaround
56 ==========
57
58 There is no known workaround at this time.
59
60 Resolution
61 ==========
62
63 All Amarok users should upgrade to the latest version:
64
65 # emerge --sync
66 # emerge --ask --oneshot --verbose ">=media-sound/amarok-1.4.10-r2"
67
68 References
69 ==========
70
71 [ 1 ] CVE-2009-0135
72 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0135
73 [ 2 ] CVE-2009-0136
74 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0136
75
76 Availability
77 ============
78
79 This GLSA and any updates to it are available for viewing at
80 the Gentoo Security Website:
81
82 http://security.gentoo.org/glsa/glsa-200903-34.xml
83
84 Concerns?
85 =========
86
87 Security is a primary focus of Gentoo Linux and ensuring the
88 confidentiality and security of our users machines is of utmost
89 importance to us. Any security concerns should be addressed to
90 security@g.o or alternatively, you may file a bug at
91 http://bugs.gentoo.org.
92
93 License
94 =======
95
96 Copyright 2009 Gentoo Foundation, Inc; referenced text
97 belongs to its owner(s).
98
99 The contents of this document are licensed under the
100 Creative Commons - Attribution / Share Alike license.
101
102 http://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature