From advisory in $URL: Amarok contains several integer overflows and unchecked allocation vulnerabilities while parsing malformed Audible digital audio files. The vulnerabilities may be exploited by a (remote) attacker to execute arbitrary code in the context of Amarok.
Advisory says amarok < 2.0.1.1, but we need to verify the code. Issue opened because this slipped under the radar and I don't want to forget to file this.
Upstream states: Patches are revision 908415 (for Amarok 1.4.x), 908391 (for trunk) and 908401 (for 2.0.x branch).
CVE-2009-0135 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0135): Multiple integer overflows in the Audible::Tag::readTag function in metadata/audible/audibletag.cpp in Amarok 1.4.10 through 2.0.1 allow remote attackers to execute arbitrary code via an Audible Audio (.aa) file with a large (1) nlen or (2) vlen Tag value, each of which triggers a heap-based buffer overflow. CVE-2009-0136 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0136): Multiple array index errors in the Audible::Tag::readTag function in metadata/audible/audibletag.cpp in Amarok 1.4.10 through 2.0.1 allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via an Audible Audio (.aa) file with a crafted (1) nlen or (2) vlen Tag value, each of which can lead to an invalid pointer dereference, or the writing of a 0x00 byte to an arbitrary memory location, after an allocation failure.
ping, kde herd?
There is ANY older 2series than 2.0.1.1 version in the tree?
Ow i missed it is for 1.4.X too. Dont mind me then. i cant test/fix kde3 packages sorry, but i will get tampakrap here.
i added amarok-1.4.10-r2 to the tree, which can be stabilized. All previous versions can be removed after that. All later versions aren't affected.
Arches, please test and mark stable: =media-sound/amarok-1.4.10-r2 Target keywords : "amd64 ppc ppc64 sparc x86"
configure: WARNING: unrecognized options: --with-x, --enable-mitshm, --without-xinerama, --without-debug apart from that, looks good on amd64/x86.
amd64/x86 stable
sparc stable
ppc64 done
ppc done
Secunia mentions a possibility to execute code, so B2 sounds right to me. Request filed.
GLSA 200903-34, thanks everyone.
