Debian Security Advisory
DSA-1706-1 amarok -- integer overflows
- Date Reported:
- 15 Jan 2009
- Affected Packages:
- amarok
- Vulnerable:
- Yes
- Security database references:
- No other external database security references currently available.
- More information:
-
Tobias Klein discovered that integer overflows in the code the Amarok media player uses to parse Audible files may lead to the execution of arbitrary code.
For the stable distribution (etch), this problem has been fixed in version 1.4.4-4etch1. Updated packages for sparc and arm will be provided later.
For the upcoming stable distribution (lenny) and the unstable distribution (sid), this problem has been fixed in version 1.4.10-2.
We recommend that you upgrade your amarok packages.
- Fixed in:
-
Debian GNU/Linux 4.0 (etch)
- Source:
- http://security.debian.org/pool/updates/main/a/amarok/amarok_1.4.4.orig.tar.gz
- http://security.debian.org/pool/updates/main/a/amarok/amarok_1.4.4-4etch1.diff.gz
- http://security.debian.org/pool/updates/main/a/amarok/amarok_1.4.4-4etch1.dsc
- http://security.debian.org/pool/updates/main/a/amarok/amarok_1.4.4-4etch1.diff.gz
- Alpha:
- http://security.debian.org/pool/updates/main/a/amarok/amarok-engines_1.4.4-4etch1_alpha.deb
- http://security.debian.org/pool/updates/main/a/amarok/amarok-xine_1.4.4-4etch1_alpha.deb
- http://security.debian.org/pool/updates/main/a/amarok/amarok_1.4.4-4etch1_alpha.deb
- http://security.debian.org/pool/updates/main/a/amarok/amarok-xine_1.4.4-4etch1_alpha.deb
- AMD64:
- http://security.debian.org/pool/updates/main/a/amarok/amarok-engines_1.4.4-4etch1_amd64.deb
- http://security.debian.org/pool/updates/main/a/amarok/amarok_1.4.4-4etch1_amd64.deb
- http://security.debian.org/pool/updates/main/a/amarok/amarok-xine_1.4.4-4etch1_amd64.deb
- http://security.debian.org/pool/updates/main/a/amarok/amarok_1.4.4-4etch1_amd64.deb
- HP Precision:
- http://security.debian.org/pool/updates/main/a/amarok/amarok-engines_1.4.4-4etch1_hppa.deb
- http://security.debian.org/pool/updates/main/a/amarok/amarok_1.4.4-4etch1_hppa.deb
- http://security.debian.org/pool/updates/main/a/amarok/amarok-xine_1.4.4-4etch1_hppa.deb
- http://security.debian.org/pool/updates/main/a/amarok/amarok_1.4.4-4etch1_hppa.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/a/amarok/amarok-xine_1.4.4-4etch1_i386.deb
- http://security.debian.org/pool/updates/main/a/amarok/amarok-engines_1.4.4-4etch1_i386.deb
- http://security.debian.org/pool/updates/main/a/amarok/amarok_1.4.4-4etch1_i386.deb
- http://security.debian.org/pool/updates/main/a/amarok/amarok-engines_1.4.4-4etch1_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/a/amarok/amarok-engines_1.4.4-4etch1_ia64.deb
- http://security.debian.org/pool/updates/main/a/amarok/amarok-xine_1.4.4-4etch1_ia64.deb
- http://security.debian.org/pool/updates/main/a/amarok/amarok_1.4.4-4etch1_ia64.deb
- http://security.debian.org/pool/updates/main/a/amarok/amarok-xine_1.4.4-4etch1_ia64.deb
- Big-endian MIPS:
- http://security.debian.org/pool/updates/main/a/amarok/amarok-engines_1.4.4-4etch1_mips.deb
- http://security.debian.org/pool/updates/main/a/amarok/amarok-xine_1.4.4-4etch1_mips.deb
- http://security.debian.org/pool/updates/main/a/amarok/amarok_1.4.4-4etch1_mips.deb
- http://security.debian.org/pool/updates/main/a/amarok/amarok-xine_1.4.4-4etch1_mips.deb
- Little-endian MIPS:
- http://security.debian.org/pool/updates/main/a/amarok/amarok-xine_1.4.4-4etch1_mipsel.deb
- http://security.debian.org/pool/updates/main/a/amarok/amarok-engines_1.4.4-4etch1_mipsel.deb
- http://security.debian.org/pool/updates/main/a/amarok/amarok_1.4.4-4etch1_mipsel.deb
- http://security.debian.org/pool/updates/main/a/amarok/amarok-engines_1.4.4-4etch1_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/a/amarok/amarok_1.4.4-4etch1_powerpc.deb
- http://security.debian.org/pool/updates/main/a/amarok/amarok-xine_1.4.4-4etch1_powerpc.deb
- http://security.debian.org/pool/updates/main/a/amarok/amarok-engines_1.4.4-4etch1_powerpc.deb
- http://security.debian.org/pool/updates/main/a/amarok/amarok-xine_1.4.4-4etch1_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/a/amarok/amarok-engines_1.4.4-4etch1_s390.deb
- http://security.debian.org/pool/updates/main/a/amarok/amarok-xine_1.4.4-4etch1_s390.deb
- http://security.debian.org/pool/updates/main/a/amarok/amarok_1.4.4-4etch1_s390.deb
- http://security.debian.org/pool/updates/main/a/amarok/amarok-xine_1.4.4-4etch1_s390.deb
MD5 checksums of the listed files are available in the original advisory.