Forum: >>> Magnum BBS <<<

[SECURITY] [DSA 1821-1] New amule packages fix insufficient input sanit

From Steffen Joeris@1:229/2 to All on Tue Jun 23 01:50:06 2009

From: [email protected]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------ Debian Security Advisory DSA-1821-1 [email protected] http://www.debian.org/security/ Steffen Joeris
June 22, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package : amule
Vulnerability : insufficient input sanitising
Problem type : remote
Debian-specific: no
CVE Id : CVE-2009-1440
Debian Bug : 525078

Sam Hocevar discovered that amule, a client for the eD2k and Kad
networks, does not properly sanitise the filename, when using the
preview function. This could lead to the injection of arbitrary commands
passed to the video player.

For the stable distribution (lenny), this problem has been fixed in
version 2.2.1-1+lenny2.

The oldstable distribution (etch) is not affected by this issue.

For the testing distribution (squeeze) this problem will be fixed soon.

For the unstable distribution (sid), this problem has been fixed in
version 2.2.5-1.1.

We recommend that you upgrade your amule packages.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Debian (stable)
- ---------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/a/amule/amule_2.2.1.orig.tar.gz
Size/MD5 checksum: 5945095 4af457cf1112cd2c23f133f98d0b1123
http://security.debian.org/pool/updates/main/a/amule/amule_2.2.1-1+lenny2.diff.gz
Size/MD5 checksum: 21192 cbae4dfde8c2ee4108354ae5a3b33b7c
http://security.debian.org/pool/updates/main/a/amule/amule_2.2.1-1+lenny2.dsc
Size/MD5 checksum: 1360 44eaea8c76492a09197b4764f6602c38

Architecture independent packages:

http://security.debian.org/pool/updates/main/a/amule/amule-common_2.2.1-1+lenny2_all.deb
Size/MD5 checksum: 2253976 3a393eacd88cbe16e4c6714d244b600c

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/a/amule/amule-utils_2.2.1-1+lenny2_alpha.deb
Size/MD5 checksum: 464220 8d763c84917f2591e724d9db0c3bf730
http://security.debian.org/pool/updates/main/a/amule/amule-utils-gui_2.2.1-1+lenny2_alpha.deb
Size/MD5 checksum: 1428344 8924427d6f9f3c7c59b04829b1e689e4
http://security.debian.org/pool/updates/main/a/amule/amule-daemon_2.2.1-1+lenny2_alpha.deb
Size/MD5 checksum: 1350778 af463e0b04b01767c32a4d40cd611065
http://security.debian.org/pool/updates/main/a/amule/amule_2.2.1-1+lenny2_alpha.deb
Size/MD5 checksum: 2094352 e12c37ac77be795df6b6e57503b2085e

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/a/amule/amule-utils-gui_2.2.1-1+lenny2_amd64.deb
Size/MD5 checksum: 1294100 fd70acd8c4b1c86aa09da145450de94b
http://security.debian.org/pool/updates/main/a/amule/amule-utils_2.2.1-1+lenny2_amd64.deb
Size/MD5 checksum: 448166 64d61b24c0307c21e6a13cc676bb7361
http://security.debian.org/pool/updates/main/a/amule/amule-daemon_2.2.1-1+lenny2_amd64.deb
Size/MD5 checksum: 1192552 6a3c91f293913531a70dd4647cffa6e7
http://security.debian.org/pool/updates/main/a/amule/amule_2.2.1-1+lenny2_amd64.deb
Size/MD5 checksum: 1858846 2933a8ad9f7dda33940efff5ee9194b6

arm architecture (ARM)

http://security.debian.org/pool/updates/main/a/amule/amule-utils_2.2.1-1+lenny2_arm.deb
Size/MD5 checksum: 449514 1dee31e34becbb25690e98f5bcb7fc81
http://security.debian.org/pool/updates/main/a/amule/amule_2.2.1-1+lenny2_arm.deb
Size/MD5 checksum: 1976994 ebff75684dbab7ac1b6b5f0f217acd35
http://security.debian.org/pool/updates/main/a/amule/amule-daemon_2.2.1-1+lenny2_arm.deb
Size/MD5 checksum: 1266254 a8ca8a7f528ef533baf6a4022f15d625
http://security.debian.org/pool/updates/main/a/amule/amule-utils-gui_2.2.1-1+lenny2_arm.deb
Size/MD5 checksum: 1351714 a66eb56243ef7c70957dbaebfafc0ae7

armel architecture (ARM EABI)

http://security.debian.org/pool/updates/main/a/amule/amule-utils_2.2.1-1+lenny2_armel.deb
Size/MD5 checksum: 429464 ac82fc01cf3792d837b68df26d2509aa
http://security.debian.org/pool/updates/main/a/amule/amule-daemon_2.2.1-1+lenny2_armel.deb
Size/MD5 checksum: 1092808 3a8d674aa4f3c1a5bfb2836e4d5e5d3f
http://security.debian.org/pool/updates/main/a/amule/amule-utils-gui_2.2.1-1+lenny2_armel.deb
Size/MD5 checksum: 1236006 205dae928f6231ce664ce1bde3c222cc
http://security.debian.org/pool/updates/main/a/amule/amule_2.2.1-1+lenny2_armel.deb
Size/MD5 checksum: 1765870 fac2d32b45a4f69d631aedc004103450

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/a/amule/amule-utils-gui_2.2.1-1+lenny2_hppa.deb
Size/MD5 checksum: 1442768 9b34faff8e0338be7a872d24ce6f6116
http://security.debian.org/pool/updates/main/a/amule/amule-daemon_2.2.1-1+lenny2_hppa.deb
Size/MD5 checksum: 1351038 56ed6958e047640353ec93342d522deb
http://security.debian.org/pool/updates/main/a/amule/amule_2.2.1-1+lenny2_hppa.deb
Size/MD5 checksum: 2098164 77a7a340f20e60bd2d9d62126f5da5b4
http://security.debian.org/pool/updates/main/a/amule/amule-utils_2.2.1-1+lenny2_hppa.deb
Size/MD5 checksum: 465580 e9b5ee45e63b84dbd30cdbcb8663c833

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/a/amule/amule-utils_2.2.1-1+lenny2_i386.deb
Size/MD5 checksum: 441412 7d950e97f28fc52a2ad904c97d695647
http://security.debian.org/pool/updates/main/a/amule/amule-utils-gui_2.2.1-1+lenny2_i386.deb
Size/MD5 checksum: 1282022 41cb881f954cfee01544cc79cc637de9
http://security.debian.org/pool/updates/main/a/amule/amule_2.2.1-1+lenny2_i386.deb
Size/MD5 checksum: 1834186 092acc92d4efd8f8cfcdfc20d91bf1e4
http://security.debian.org/pool/updates/main/a/amule/amule-daemon_2.2.1-1+lenny2_i386.deb
Size/MD5 checksum: 1160416 59a189fcb605d3cd53c25157ac08775e

[continued in next message]

--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)

Who's Online

System Info

Sysop:	Keyop
Location:	Huddersfield, West Yorkshire, UK
Users:	714
Nodes:	16 (2 / 14)
Uptime:	141:08:30
Calls:	12,087
Files:	14,998
Messages:	6,517,434

[SECURITY] [DSA 1821-1] New amule packages fix insufficient input sanit

Who's Online

System Info