Summary: | <media-sound/amarok-{1.4.10-r2, 2.0.1.1}: Several integer overflows and unchecked allocation vulnerabilities (CVE-2009-{0135,0136}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Stefan Behte (RETIRED) <craig> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | jmbsvicetto, kde, sound |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.trapkit.de/advisories/TKADV2009-002.txt | ||
Whiteboard: | B2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Stefan Behte (RETIRED)
![]() ![]() Advisory says amarok < 2.0.1.1, but we need to verify the code. Issue opened because this slipped under the radar and I don't want to forget to file this. Upstream states: Patches are revision 908415 (for Amarok 1.4.x), 908391 (for trunk) and 908401 (for 2.0.x branch). CVE-2009-0135 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0135): Multiple integer overflows in the Audible::Tag::readTag function in metadata/audible/audibletag.cpp in Amarok 1.4.10 through 2.0.1 allow remote attackers to execute arbitrary code via an Audible Audio (.aa) file with a large (1) nlen or (2) vlen Tag value, each of which triggers a heap-based buffer overflow. CVE-2009-0136 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0136): Multiple array index errors in the Audible::Tag::readTag function in metadata/audible/audibletag.cpp in Amarok 1.4.10 through 2.0.1 allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via an Audible Audio (.aa) file with a crafted (1) nlen or (2) vlen Tag value, each of which can lead to an invalid pointer dereference, or the writing of a 0x00 byte to an arbitrary memory location, after an allocation failure. ping, kde herd? There is ANY older 2series than 2.0.1.1 version in the tree? Ow i missed it is for 1.4.X too. Dont mind me then. i cant test/fix kde3 packages sorry, but i will get tampakrap here. i added amarok-1.4.10-r2 to the tree, which can be stabilized. All previous versions can be removed after that. All later versions aren't affected. Arches, please test and mark stable: =media-sound/amarok-1.4.10-r2 Target keywords : "amd64 ppc ppc64 sparc x86" configure: WARNING: unrecognized options: --with-x, --enable-mitshm, --without-xinerama, --without-debug apart from that, looks good on amd64/x86. amd64/x86 stable sparc stable ppc64 done ppc done Secunia mentions a possibility to execute code, so B2 sounds right to me. Request filed. GLSA 200903-34, thanks everyone. |