Ubuntu
amarok package

Amarok - integer overflows and unchecked allocation vulnerabilities

Bug #318555 reported by Harald Sitter
252
Affects Status Importance Assigned to Milestone
The Dell Mini Project
Confirmed
Undecided
Unassigned
amarok (Ubuntu)
Fix Released
Undecided
Unassigned
Dapper
Invalid
Undecided
Unassigned
Gutsy
Fix Released
Undecided
Marc Deslauriers
Hardy
Fix Released
Undecided
Unassigned
Intrepid
Fix Released
Undecided
Unassigned
Jaunty
Fix Released
Undecided
Unassigned

Bug Description

Binary package hint: amarok

Amarok contains several integer overflows and unchecked allocation
vulnerabilities while parsing malformed Audible digital audio files.
The vulnerabilities may be exploited by a (remote) attacker to execute
arbitrary code in the context of Amarok.

http://www.trapkit.de/advisories/TKADV2009-002.txt
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0135
http://lists.grok.org.uk/pipermail/full-disclosure/2009-January/067330.html
http://www.debian.org/security/2009/dsa-1706

Revision history for this message
Harald Sitter (apachelogger) wrote :

Jaunty fixed via 2.0.1.1

Changed in amarok:
status: New → Fix Released
Revision history for this message
Harald Sitter (apachelogger) wrote :

Built in pbuilder. Tested in updated Intrepid VM (VirtualBox).

Revision history for this message
Harald Sitter (apachelogger) wrote :

Only built in pbuilder, no runtime testing done.

Please also note that at least Gutsy seems to be affected as well, but something is very weird about it's patches, there seem to be quite some naming problems... no clue how that ever built.

I didn't check the dapper package yet.

Marc Deslauriers (mdeslaur)
Changed in amarok:
status: New → In Progress
status: New → In Progress
Kees Cook (kees)
Changed in amarok:
status: New → Triaged
status: New → Triaged
Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

code not present in Dapper's version

Changed in amarok:
status: Triaged → Invalid
assignee: nobody → mdeslaur
status: Triaged → In Progress
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package amarok - 2:1.4.7-0ubuntu3.2

---------------
amarok (2:1.4.7-0ubuntu3.2) gutsy-security; urgency=low

  * SECURITY UPDATE: Code execution via multiple integer overflows and array
    index errors in the metadata parser for audible files. (LP: #318555)
    - debian/patches/100_security_CVE-2009-0135-0136.patch: improve error handling
      and set a maximum tag size in amarok/src/metadata/audible/audibletag.cpp.
    - CVE-2009-0135
    - CVE-2009-0136

 -- Marc Deslauriers <email address hidden> Thu, 12 Mar 2009 11:16:08 -0400

Changed in amarok:
status: In Progress → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package amarok - 2:1.4.9.1-0ubuntu3.2

---------------
amarok (2:1.4.9.1-0ubuntu3.2) hardy-security; urgency=low

  * SECURITY UPDATE: integer overflows allow remote attackers to execute
    arbitrary code via an Audible Audio (.aa) file (LP: #318555)
    - debian/patches/security_audible_tags.diff fix integer overflow while
      reading audible aa file tags. Based on upstream patch.
    - http://websvn.kde.org/?view=rev&revision=908415
    - http://www.trapkit.de/advisories/TKADV2009-002.txt
    - CVE-2009-0135
    - CVE-2009-0136

 -- Harald Sitter <email address hidden> Mon, 19 Jan 2009 22:13:53 +0100

Changed in amarok:
status: In Progress → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package amarok - 2:1.4.10-0ubuntu3.1

---------------
amarok (2:1.4.10-0ubuntu3.1) intrepid-security; urgency=low

  * SECURITY UPDATE: integer overflows allow remote attackers to execute
    arbitrary code via an Audible Audio (.aa) file (LP: #318555)
    - debian/patches/security_audible_tags.diff fix integer overflow while
      reading audible aa file tags. Based on upstream patch.
    - http://websvn.kde.org/?view=rev&revision=908415
    - http://www.trapkit.de/advisories/TKADV2009-002.txt
    - CVE-2009-0135
    - CVE-2009-0136

 -- Harald Sitter <email address hidden> Mon, 19 Jan 2009 22:05:24 +0100

Changed in amarok:
status: In Progress → Fix Released
Nicola Ferralis (feranick)
Changed in dell-mini:
status: New → Confirmed
Revision history for this message
Nicola Ferralis (feranick) wrote :

This bug is fixed in amarok (2:1.4.9.1-0ubuntu3.2) - generic hardy. Hardy for the mini is still in version 2:1.4.9.1-0ubuntu3.1

 amarok (2:1.4.9.1-0ubuntu3.2) hardy-security; urgency=low

  * SECURITY UPDATE: integer overflows allow remote attackers to execute
    arbitrary code via an Audible Audio (.aa) file (LP: #318555)
    - debian/patches/security_audible_tags.diff fix integer overflow while
      reading audible aa file tags. Based on upstream patch.
    - http://websvn.kde.org/?view=rev&revision=908415
    - http://www.trapkit.de/advisories/TKADV2009-002.txt
    - CVE-2009-0135
    - CVE-2009-0136

To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.