United States : 
Unknown Browser
www.ltdw.net 
Articles Sécurité Mandriva Security [Security Announce] [ MDVSA-2009:030-1 ] amarok
Articles Sécurité Mandriva Security [Security Announce] [ MDVSA-2009:030-1 ] amarok
| [Security Announce] [ MDVSA-2009:030-1 ] amarok |
 |
 |
 |
(0 Votes)| Écrit par Administrator |
| Samedi, 12 Décembre 2009 21:21 |
|
_______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:030-1 http://www.mandriva.com/security/ _______________________________________________________________________ Package : amarok Date : December 8, 2009 Affected: 2008.0 _______________________________________________________________________ Problem Description: Data length values in metadata Audible Audio media file (.aa) can lead to an integer overflow enabling remote attackers use it to trigger an heap overflow and enabling the possibility to execute arbitrary code (CVE-2009-0135). Failure on checking heap allocation on Audible Audio media files (.aa) allows remote attackers either to cause denial of service or execute arbitrary code via a crafted media file (CVE-2009-0136). This update provide the fix for these security issues. Update: Packages for 2008.0 are being provided due to extended support for Corporate products. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0135 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0136 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: 5d4a1812335988e95cc4cba99e9b7d73 2008.0/i586/amarok-1.4.7-9.2mdv2008.0.i586.rpm a730a11d80fb19d7329e15f4dc6cff1c 2008.0/i586/amarok-engine-xine-1.4.7-9.2mdv2008.0.i586.rpm 69826607a40905091018209f8c930bab 2008.0/i586/amarok-scripts-1.4.7-9.2mdv2008.0.i586.rpm 7e9b9c20bb271a287577b59341dbf97a 2008.0/i586/libamarok0-1.4.7-9.2mdv2008.0.i586.rpm b24da47d83b04b7b0d812a191ddbc095 2008.0/i586/libamarok0-scripts-1.4.7-9.2mdv2008.0.i586.rpm 52ed5091555d74f3d5ccc284818b85fb 2008.0/i586/libamarok-devel-1.4.7-9.2mdv2008.0.i586.rpm 9448366d5e2c5f9771aeb53d379df474 2008.0/i586/libamarok-scripts-devel-1.4.7-9.2mdv2008.0.i586.rpm 11f909f385d8ad0fb42cf68f31cad182 2008.0/SRPMS/amarok-1.4.7-9.2mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 9c6bfc8f2110a1f27ae2bc2b0bab21e5 2008.0/x86_64/amarok-1.4.7-9.2mdv2008.0.x86_64.rpm 482f1c53549167d61159ae0ffc710937 2008.0/x86_64/amarok-engine-xine-1.4.7-9.2mdv2008.0.x86_64.rpm 85ec22879570c26edcb037d0340ed216 2008.0/x86_64/amarok-scripts-1.4.7-9.2mdv2008.0.x86_64.rpm 0ccf503aba621cfb9e851bbc80570f28 2008.0/x86_64/lib64amarok0-1.4.7-9.2mdv2008.0.x86_64.rpm 482d8e9b042defc49d2b0a0e50e14f66 2008.0/x86_64/lib64amarok0-scripts-1.4.7-9.2mdv2008.0.x86_64.rpm 5a9007fc767db46ebf4fb2e68732160d 2008.0/x86_64/lib64amarok-devel-1.4.7-9.2mdv2008.0.x86_64.rpm e9055588c1dbb15dbc8cec10001e33b1 2008.0/x86_64/lib64amarok-scripts-devel-1.4.7-9.2mdv2008.0.x86_64.rpm 11f909f385d8ad0fb42cf68f31cad182 2008.0/SRPMS/amarok-1.4.7-9.2mdv2008.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ 
|