Ubuntu Security Notice USN-739-1
17th March, 2009
amarok vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 8.10
- Ubuntu 8.04 LTS
- Ubuntu 7.10
Software description
- amarok
Details
It was discovered that Amarok did not correctly handle certain malformed
tags in Audible Audio (.aa) files. If a user were tricked into opening a
crafted Audible Audio file, an attacker could execute arbitrary code with
the privileges of the user invoking the program.
Update instructions
The problem can be corrected by updating your system to the following package version:
- Ubuntu 8.10:
- amarok 2:1.4.10-0ubuntu3.1
- Ubuntu 8.04 LTS:
- amarok 2:1.4.9.1-0ubuntu3.2
- Ubuntu 7.10:
- amarok 2:1.4.7-0ubuntu3.2
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system upgrade is sufficient to effect the
necessary changes.