USN-739-1: Amarok vulnerabilities

Ubuntu Security Notice USN-739-1

17th March, 2009

amarok vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 8.10
  • Ubuntu 8.04 LTS
  • Ubuntu 7.10

Software description

  • amarok

Details

It was discovered that Amarok did not correctly handle certain malformed
tags in Audible Audio (.aa) files. If a user were tricked into opening a
crafted Audible Audio file, an attacker could execute arbitrary code with
the privileges of the user invoking the program.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 8.10:
amarok 2:1.4.10-0ubuntu3.1
Ubuntu 8.04 LTS:
amarok 2:1.4.9.1-0ubuntu3.2
Ubuntu 7.10:
amarok 2:1.4.7-0ubuntu3.2

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system upgrade is sufficient to effect the
necessary changes.

References

CVE-2009-0135, CVE-2009-0136