About Ubuntu

=========================================================== Ubuntu Security Notice USN-318-1 July 13, 2006 libtunepimp vulnerability CVE-2006-3600 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.04 Ubuntu 5.10 Ubuntu 6.06 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 5.04: libtunepimp2 0.3.0-2ubuntu5.1 Ubuntu 5.10: libtunepimp2c2 0.3.0-2ubuntu7.1 Ubuntu 6.06 LTS: libtunepimp2c2a 0.3.0-9.1ubuntu3.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Kevin Kofler discovered several buffer overflows in the tag parser. By tricking a user into opening a specially crafted tagged multimedia file (such as .ogg or .mp3 music) with an application that uses libtunepimp, this could be exploited to execute arbitrary code with the user's privileges. This particularly affects the KDE applications 'Amarok' and 'Juk'.