USN-657-1: Amarok vulnerability
Posted on: 10/21/2008 03:50 PM

A new Amarok vulnerability update is available for Ubuntu Linux. Here the announcement:

Ubuntu Security Notice USN-657-1 October 21, 2008
amarok vulnerability
CVE-2008-3699
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 7.10
Ubuntu 8.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 7.10:
amarok 2:1.4.7-0ubuntu3.1

Ubuntu 8.04 LTS:
amarok 2:1.4.9.1-0ubuntu3.1

After a standard system upgrade you need to restart Amarok to effect
the necessary changes.

Details follow:

Dwayne Litzenberger discovered that Amarok created temporary files in
an insecure way. Local users could exploit a race condition to create
or overwrite files with the privileges of the user invoking the
program. (CVE-2008-3699)


Updated packages for Ubuntu 7.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.7-0ubuntu3.1.diff.gz
Size/MD5: 255918 dca8383f9896834f5d8c54d43f6dc853
http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.7-0ubuntu3.1.dsc
Size/MD5: 1058 d32a20821719c0dfacb5ba8ec075d489
http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.7.orig.tar.gz
Size/MD5: 16103569 74cd355c6d4838695a8d5b914a5b7d77

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok-xine_1.4.7-0ubuntu3.1_amd64.deb
Size/MD5: 62658 45c0cdd1e68c0df745040e6c92200bc6
http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.7-0ubuntu3.1_amd64.deb
Size/MD5: 10059924 2ab0454733d26e134366636e83607a71
http://security.ubuntu.com/ubuntu/pool/universe/a/amarok/amarok-engines_1.4.7-0ubuntu3.1_amd64.deb
Size/MD5: 876 17a40d219de7ed693b1d230b26987602

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok-xine_1.4.7-0ubuntu3.1_i386.deb
Size/MD5: 56628 a523fa49bde0b44b8ff82a36acd9fafa
http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.7-0ubuntu3.1_i386.deb
Size/MD5: 9849030 c5a52dff92e6d187d8593d6570fca417
http://security.ubuntu.com/ubuntu/pool/universe/a/amarok/amarok-engines_1.4.7-0ubuntu3.1_i386.deb
Size/MD5: 882 9587a0db89486eab4aa116d29a0c3d65

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/a/amarok/amarok-xine_1.4.7-0ubuntu3.1_lpia.deb
Size/MD5: 56372 d11e1a501e5d89be4bee9334fd5bd8cc
http://ports.ubuntu.com/pool/main/a/amarok/amarok_1.4.7-0ubuntu3.1_lpia.deb
Size/MD5: 9840212 e378ce3c1f2d7b701e928c238f14513b
http://ports.ubuntu.com/pool/universe/a/amarok/amarok-engines_1.4.7-0ubuntu3.1_lpia.deb
Size/MD5: 880 bc43c874722611add7610d22b7dfca3f

powerpc architecture (Apple Macintosh G3/G4/G5):

http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok-xine_1.4.7-0ubuntu3.1_powerpc.deb
Size/MD5: 62382 a70d875a0d0c181e22013c61ce2d610e
http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.7-0ubuntu3.1_powerpc.deb
Size/MD5: 10058388 f0960ebb25d725c0fee8c60566e2e87b
http://security.ubuntu.com/ubuntu/pool/universe/a/amarok/amarok-engines_1.4.7-0ubuntu3.1_powerpc.deb
Size/MD5: 882 0b34c2be0efc3f69a8df7e4c45af6f91

sparc architecture (Sun SPARC/UltraSPARC):

http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok-xine_1.4.7-0ubuntu3.1_sparc.deb
Size/MD5: 56964 975d09ca95317c2a598e432fa42a6203
http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.7-0ubuntu3.1_sparc.deb
Size/MD5: 9940806 2fa016bd8b2632c0d37c79d2679d960c
http://security.ubuntu.com/ubuntu/pool/universe/a/amarok/amarok-engines_1.4.7-0ubuntu3.1_sparc.deb
Size/MD5: 882 195106c1509ffcb19fd2aadc5e6d198d

Updated packages for Ubuntu 8.04 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.9.1-0ubuntu3.1.diff.gz
Size/MD5: 34120 2c031e3190574baeb16b582e7fe38976
http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.9.1-0ubuntu3.1.dsc
Size/MD5: 1228 3577bdf77bb6c68421d9d5385027ee00
http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.9.1.orig.tar.gz
Size/MD5: 16055681 a4365f559f0d42a0a09c3e9a17f9a140

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok-xine_1.4.9.1-0ubuntu3.1_amd64.deb
Size/MD5: 61968 ae5a016b12762819e66614720e16e8d1
http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.9.1-0ubuntu3.1_amd64.deb
Size/MD5: 9852594 e90e8b066df459977b24a333ac1180a8
http://security.ubuntu.com/ubuntu/pool/universe/a/amarok/amarok-engines_1.4.9.1-0ubuntu3.1_amd64.deb
Size/MD5: 892 8b8a41d47eaad009f3c998e8ffed8588

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok-xine_1.4.9.1-0ubuntu3.1_i386.deb
Size/MD5: 55158 94c5c5098ac8bc2387657d5f2a356817
http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.9.1-0ubuntu3.1_i386.deb
Size/MD5: 9612898 d424575a5b2fe32df2d7bf68f7e3dc92
http://security.ubuntu.com/ubuntu/pool/universe/a/amarok/amarok-engines_1.4.9.1-0ubuntu3.1_i386.deb
Size/MD5: 894 389f3799120c338a915fde145a9fdd0a

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/a/amarok/amarok-xine_1.4.9.1-0ubuntu3.1_lpia.deb
Size/MD5: 55426 12c2f3f742b268bfdce0d0b0924e0b9e
http://ports.ubuntu.com/pool/main/a/amarok/amarok_1.4.9.1-0ubuntu3.1_lpia.deb
Size/MD5: 9633456 4ecea3bb7e762bc2ac626a301a6e6317
http://ports.ubuntu.com/pool/universe/a/amarok/amarok-engines_1.4.9.1-0ubuntu3.1_lpia.deb
Size/MD5: 892 fab140bcaba2326e5c85286d10052ad0

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/a/amarok/amarok-xine_1.4.9.1-0ubuntu3.1_powerpc.deb
Size/MD5: 60482 a55ed07da11d9af83ca402df70c358ce
http://ports.ubuntu.com/pool/main/a/amarok/amarok_1.4.9.1-0ubuntu3.1_powerpc.deb
Size/MD5: 9813852 50d2c59b2d3d76a5be2fa39febdb486c
http://ports.ubuntu.com/pool/universe/a/amarok/amarok-engines_1.4.9.1-0ubuntu3.1_powerpc.deb
Size/MD5: 896 90b290b69b1fbfc3ef7d2a3ec1d63f5e

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/a/amarok/amarok-xine_1.4.9.1-0ubuntu3.1_sparc.deb
Size/MD5: 55458 68477ffe9fa8ed27ed604f2f96cfafa2
http://ports.ubuntu.com/pool/main/a/amarok/amarok_1.4.9.1-0ubuntu3.1_sparc.deb
Size/MD5: 9703360 cc313fc4e1a9ef9fd585241251c29eea
http://ports.ubuntu.com/pool/universe/a/amarok/amarok-engines_1.4.9.1-0ubuntu3.1_sparc.deb
Size/MD5: 896 67db1063d70af6b8f5f4f1fa1e5c058e



--EeQfGwPcQSOJBaQU
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFI/dpeW0JvuRdL8BoRAu0KAJ9Re3T0Dhz8OepJEQprBpyqi5gsKwCfbu98
htLcbWHDS2O7MvfXEAFnXaQ=
=NKrd
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/usn_657_1_amarok_vulnerability.html)