Debian Security Advisory DSA 1706-1 (amarok) Network Vulnerability

Summary

The remote host is missing an update to amarok announced via advisory DSA 1706-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201706-1

Insight

Tobias Klein discovered that integer overflows in the code the Amarok media player uses to parse Audible files may lead to the execution of arbitrary code. For the stable distribution (etch), this problem has been fixed in version 1.4.4-4etch1. Updated packages for sparc and arm will be provided later. For the upcoming stable distribution (lenny) and the unstable distribution (sid), this problem has been fixed in version 1.4.10-2. We recommend that you upgrade your amarok packages.

Severity

Classification

CVE CVE-2009-0135, CVE-2009-0136

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Debian Security Advisory DSA 095-1 (gpm)
Debian Security Advisory DSA 063-1 (xinetd)
Debian Security Advisory DSA 005-1 (slocate)
Debian Security Advisory DSA 1063-1 (phpgroupware)
Debian Security Advisory DSA 018-1 (tinyproxy)

Take action and discover your vulnerabilities