"-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1821-1 security@debian.org
http://www.debian.org/security/ Steffen Joeris
June 22, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : amule
Vulnerability : insufficient input sanitising
Problem type : remote
Debian-specific: no
CVE Id : CVE-2009-1440
Debian Bug : 525078
Sam Hocevar discovered that amule, a client for the eD2k and Kad
networks, does not properly sanitise the filename, when using the
preview function. This could lead to the injection of arbitrary commands
passed to the video player.
For the stable distribution (lenny), this problem has been fixed in
version 2.2.1-1+lenny2.
The oldstable distribution (etch) is not affected by this issue.
For the testing distribution (squeeze) this problem will be fixed soon.
For the unstable distribution (sid), this problem has been fixed in
version 2.2.5-1.1.
We recommend that you upgrade your amule packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 5.0 alias lenny
- --------------------------------
Debian (stable)
- ---------------
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/a/amule/amule_2.2.1.orig.tar.gz
Size/MD5 checksum: 5945095 4af457cf1112cd2c23f133f98d0b1123
http://security.debian.org/pool/updates/main/a/amule/amule_2.2.1-1+lenny2.diff.gz
Size/MD5 checksum: 21192 cbae4dfde8c2ee4108354ae5a3b33b7c
http://security.debian.org/pool/updates/main/a/amule/amule_2.2.1-1+lenny2.dsc
Size/MD5 checksum: 1360 44eaea8c76492a09197b4764f6602c38
Architecture independent packages:
http://security.debian.org/pool/updates/main/a/amule/amule-common_2.2.1-1+lenny2_all.deb
Size/MD5 checksum: 2253976 3a393eacd88cbe16e4c6714d244b600c
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/a/amule/amule-utils_2.2.1-1+lenny2_alpha.deb
Size/MD5 checksum: 464220 8d763c84917f2591e724d9db0c3bf730
http://security.debian.org/pool/updates/main/a/amule/amule-utils-gui_2.2.1-1+lenny2_alpha.deb
Size/MD5 checksum: 1428344 8924427d6f9f3c7c59b04829b1e689e4
http://security.debian.org/pool/updates/main/a/amule/amule-daemon_2.2.1-1+lenny2_alpha.deb
Size/MD5 checksum: 1350778 af463e0b04b01767c32a4d40cd611065
http://security.debian.org/pool/updates/main/a/amule/amule_2.2.1-1+lenny2_alpha.deb
Size/MD5 checksum: 2094352 e12c37ac77be795df6b6e57503b2085e
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/a/amule/amule-utils-gui_2.2.1-1+lenny2_amd64.deb
Size/MD5 checksum: 1294100 fd70acd8c4b1c86aa09da145450de94b
http://security.debian.org/pool/updates/main/a/amule/amule-utils_2.2.1-1+lenny2_amd64.deb
Size/MD5 checksum: 448166 64d61b24c0307c21e6a13cc676bb7361
http://security.debian.org/pool/updates/main/a/amule/amule-daemon_2.2.1-1+lenny2_amd64.deb
Size/MD5 checksum: 1192552 6a3c91f293913531a70dd4647cffa6e7
http://security.debian.org/pool/updates/main/a/amule/amule_2.2.1-1+lenny2_amd64.deb
Size/MD5 checksum: 1858846 2933a8ad9f7dda33940efff5ee9194b6
arm architecture (ARM)
http://security.debian.org/pool/updates/main/a/amule/amule-utils_2.2.1-1+lenny2_arm.deb
Size/MD5 checksum: 449514 1dee31e34becbb25690e98f5bcb7fc81
http://security.debian.org/pool/updates/main/a/amule/amule_2.2.1-1+lenny2_arm.deb
Size/MD5 checksum: 1976994 ebff75684dbab7ac1b6b5f0f217acd35
http://security.debian.org/pool/updates/main/a/amule/amule-daemon_2.2.1-1+lenny2_arm.deb
Size/MD5 checksum: 1266254 a8ca8a7f528ef533baf6a4022f15d625
http://security.debian.org/pool/updates/main/a/amule/amule-utils-gui_2.2.1-1+lenny2_arm.deb
Size/MD5 checksum: 1351714 a66eb56243ef7c70957dbaebfafc0ae7
armel architecture (ARM EABI)
http://security.debian.org/pool/updates/main/a/amule/amule-utils_2.2.1-1+lenny2_armel.deb
Size/MD5 checksum: 429464 ac82fc01cf3792d837b68df26d2509aa
http://security.debian.org/pool/updates/main/a/amule/amule-daemon_2.2.1-1+lenny2_armel.deb
Size/MD5 checksum: 1092808 3a8d674aa4f3c1a5bfb2836e4d5e5d3f
http://security.debian.org/pool/updates/main/a/amule/amule-utils-gui_2.2.1-1+lenny2_armel.deb
Size/MD5 checksum: 1236006 205dae928f6231ce664ce1bde3c222cc
http://security.debian.org/pool/updates/main/a/amule/amule_2.2.1-1+lenny2_armel.deb
Size/MD5 checksum: 1765870 fac2d32b45a4f69d631aedc004103450
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/a/amule/amule-utils-gui_2.2.1-1+lenny2_hppa.deb
Size/MD5 checksum: 1442768 9b34faff8e0338be7a872d24ce6f6116
http://security.debian.org/pool/updates/main/a/amule/amule-daemon_2.2.1-1+lenny2_hppa.deb
Size/MD5 checksum: 1351038 56ed6958e047640353ec93342d522deb
http://security.debian.org/pool/updates/main/a/amule/amule_2.2.1-1+lenny2_hppa.deb
Size/MD5 checksum: 2098164 77a7a340f20e60bd2d9d62126f5da5b4
http://security.debian.org/pool/updates/main/a/amule/amule-utils_2.2.1-1+lenny2_hppa.deb
Size/MD5 checksum: 465580 e9b5ee45e63b84dbd30cdbcb8663c833
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/a/amule/amule-utils_2.2.1-1+lenny2_i386.deb
Size/MD5 checksum: 441412 7d950e97f28fc52a2ad904c97d695647
http://security.debian.org/pool/updates/main/a/amule/amule-utils-gui_2.2.1-1+lenny2_i386.deb
Size/MD5 checksum: 1282022 41cb881f954cfee01544cc79cc637de9
http://security.debian.org/pool/updates/main/a/amule/amule_2.2.1-1+lenny2_i386.deb
Size/MD5 checksum: 1834186 092acc92d4efd8f8cfcdfc20d91bf1e4
http://security.debian.org/pool/updates/main/a/amule/amule-daemon_2.2.1-1+lenny2_i386.deb
Size/MD5 checksum: 1160416 59a189fcb605d3cd53c25157ac08775e
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/a/amule/amule-utils-gui_2.2.1-1+lenny2_ia64.deb
Size/MD5 checksum: 1543554 e48c437c956f1a7fa663bb4f7c86ae98
http://security.debian.org/pool/updates/main/a/amule/amule_2.2.1-1+lenny2_ia64.deb
Size/MD5 checksum: 2354916 49d3399f61a5d25fa53d61093d0d6aa4
http://security.debian.org/pool/updates/main/a/amule/amule-daemon_2.2.1-1+lenny2_ia64.deb
Size/MD5 checksum: 1594620 ae20084bfa0522b83263bab081671835
http://security.debian.org/pool/updates/main/a/amule/amule-utils_2.2.1-1+lenny2_ia64.deb
Size/MD5 checksum: 491456 253e201bce8de74d789c01596a87950d
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/a/amule/amule-daemon_2.2.1-1+lenny2_mips.deb
Size/MD5 checksum: 1244756 95fc39ecfdbe4c8be3b07cc8e26727f3
http://security.debian.org/pool/updates/main/a/amule/amule-utils-gui_2.2.1-1+lenny2_mips.deb
Size/MD5 checksum: 1329214 09b790f67e09fc528300d137b199f5ce
http://security.debian.org/pool/updates/main/a/amule/amule_2.2.1-1+lenny2_mips.deb
Size/MD5 checksum: 1952694 00cbb0c1cd2710710131f38cf7dd000f
http://security.debian.org/pool/updates/main/a/amule/amule-utils_2.2.1-1+lenny2_mips.deb
Size/MD5 checksum: 444304 42da3ebfcdfaaf6c2f3df7edb9355ef1
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/a/amule/amule_2.2.1-1+lenny2_mipsel.deb
Size/MD5 checksum: 1903990 c593afa800e0d46e565b89a29d9f1d84
http://security.debian.org/pool/updates/main/a/amule/amule-utils-gui_2.2.1-1+lenny2_mipsel.deb
Size/MD5 checksum: 1286918 ab7f0967f74ce64dbbe004c6fbd66ee1
http://security.debian.org/pool/updates/main/a/amule/amule-daemon_2.2.1-1+lenny2_mipsel.deb
Size/MD5 checksum: 1231682 c2c6ffe9862979549089cd7a86b848e9
http://security.debian.org/pool/updates/main/a/amule/amule-utils_2.2.1-1+lenny2_mipsel.deb
Size/MD5 checksum: 443016 961d4bf791fa0fcb6f9e508369370745
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/a/amule/amule-utils-gui_2.2.1-1+lenny2_powerpc.deb
Size/MD5 checksum: 1369070 e7ea8113da751779df3f27c22a290167
http://security.debian.org/pool/updates/main/a/amule/amule-daemon_2.2.1-1+lenny2_powerpc.deb
Size/MD5 checksum: 1233354 5dee3db5c0be3c25fea36c9e0585aabd
http://security.debian.org/pool/updates/main/a/amule/amule_2.2.1-1+lenny2_powerpc.deb
Size/MD5 checksum: 1952042 8be4209ffbc1d92bda69a4a7c225871c
http://security.debian.org/pool/updates/main/a/amule/amule-utils_2.2.1-1+lenny2_powerpc.deb
Size/MD5 checksum: 459252 4f50ff6ebb0c8f51def95a0231231ac3
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/a/amule/amule_2.2.1-1+lenny2_s390.deb
Size/MD5 checksum: 1845666 276351af0fd557f30dddfe163a778a49
http://security.debian.org/pool/updates/main/a/amule/amule-utils_2.2.1-1+lenny2_s390.deb
Size/MD5 checksum: 441768 a18c5708f99b5dc49c0f9a73dc06d153
http://security.debian.org/pool/updates/main/a/amule/amule-utils-gui_2.2.1-1+lenny2_s390.deb
Size/MD5 checksum: 1301370 873dd9d9b0c965c81c4d38b6d2b2073e
http://security.debian.org/pool/updates/main/a/amule/amule-daemon_2.2.1-1+lenny2_s390.deb
Size/MD5 checksum: 1143174 c249ffbc639a4b922f2e85a4ae7cf822
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/a/amule/amule_2.2.1-1+lenny2_sparc.deb
Size/MD5 checksum: 1886608 721e115be6a2739137a6829157152ab5
http://security.debian.org/pool/updates/main/a/amule/amule-daemon_2.2.1-1+lenny2_sparc.deb
Size/MD5 checksum: 1161476 d40bd787ba3017e6378add6127792dfd
http://security.debian.org/pool/updates/main/a/amule/amule-utils-gui_2.2.1-1+lenny2_sparc.deb
Size/MD5 checksum: 1319292 8eca735707f026977e2b949a0e465c4c
http://security.debian.org/pool/updates/main/a/amule/amule-utils_2.2.1-1+lenny2_sparc.deb
Size/MD5 checksum: 442942 d2083c9c69c3279dc70fa5cdd225210c
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkpAFtAACgkQ62zWxYk/rQfSFACfQUGKUm7ztVec8X7NqiqQHIHk
9RsAoJ9luiSBGNWvoXSOKSwhOCSNWu56
=F6dh
-----END PGP SIGNATURE-----
"
This entry was posted
on 3:02 PM
.
Archives
-
▼
2009
(488)
-
▼
June
(53)
- RHSA-2009:1127-01 Critical: kdelibs security update
- RHSA-2009:1128-01 Important: kdelibs security update
- USN-782-1: Thunderbird vulnerabilities
- RHSA-2009:1125-01 Moderate: thunderbird security u...
- RHSA-2009:1123-01 Moderate: gstreamer-plugins-good...
- USN-791-2: Moodle vulnerability
- RHSA-2009:1130-01 Critical: kdegraphics security u...
- RHSA-2009:1126-01 Moderate: thunderbird security u...
- DSA 1821-1: New amule packages fix insufficient in...
- RHSA-2009:1109-01 Critical: acroread security update
- DSA 1822-1: New mahara packages fix cross-site scr...
- DSA 1817-1: New ctorrent packages fix arbitrary co...
- RHSA-2009:1101-01 Moderate: cscope security update
- USN-788-1: Tomcat vulnerabilities
- DSA 1816-1: New apache2 packages fix privilege esc...
- RHSA-2009:1106-01 Important: kernel security and b...
- RHSA-2009:1102-01 Moderate: cscope security update
- DSA 1818-1: New gforge packages fix insufficient i...
- RHSA-2009:1100-01 Moderate: wireshark security update
- RHSA-2009:1107-01 Moderate: apr-util security update
- USN-775-2: Quagga regression
- DSA 1815-1: New libtorrent-rasterbar packages fix ...
- RHSA-2009:1096-01 Critical: seamonkey security update
- DSA 1814-1: New libsndfile packages fix arbitrary ...
- USN-784-1: ImageMagick vulnerability
- USN-785-1: ipsec-tools vulnerabilities
- RHSA-2009:1087-01 Important: mod_jk security update
- USN-783-1: eCryptfs vulnerability
- USN-781-1: Pidgin vulnerabilities
- RHSA-2009:1081-01 Important: kernel-rt security an...
- DSA 1809-1: New Linux 2.6.26 packages fix several ...
- RHSA-2009:1082-01 Important: cups security update
- USN-780-1: CUPS vulnerability
- USN-780-1: CUPS vulnerability
- DSA 1810-1: New cups/cupsys packages fix denial of...
- DSA 1812-1: New apr-util packages fix several vuln...
- RHSA-2009:1083-01 Important: cups security update
- USN-781-2: Gaim vulnerabilities
- RHSA-2009:1077-01 Important: kernel security and b...
- DSA 1810-1: New libapache-mod-jk packages fix info...
- USN-778-1: cron vulnerability
- RHSA-2009:1076-01 Low: Red Hat Enterprise Linux 2....
- DSA 1807-1: New cyrus-sasl2/cyrus-sasl2-heimdal pa...
- GLSA 200905-06 acpid: Denial of Service
- DSA 1805-1: New pidgin packages fix several vulner...
- GLSA 200905-08 NTP: Remote execution of arbitrary...
- GLSA 200905-07 Pidgin: Multiple vulnerabilities
- RHSA-2009:1067-01 Moderate: Red Hat Application St...
- RHSA-2009:1075-01 Moderate: httpd security update
- GLSA 200905-09 libsndfile: User-assisted executio...
- RHSA-2009:1066-01 Important: squirrelmail security...
- GLSA 200905-03 IPSec Tools: Denial of Service
- GLSA 200905-05 FreeType: Multiple vulnerabilities
-
▼
June
(53)