Säkerhetsbulletin från Debian

DSA-1277-1 XMMS -- flera sårbarheter

Rapporterat den:

2007-04-04

Berörda paket:

Sårbara:

Referenser i säkerhetsdatabaser:

I Debians felrapporteringssystem: Fel 416423.
I Bugtraq-databasen (hos SecurityFocus): BugTraq-id 23078.
I Mitres CVE-förteckning: CVE-2007-0654, CVE-2007-0653.

Ytterligare information:

Flera fel har upptäckts i skalhanteringsrutinerna i xmms, X Multimedia System. Dessa sårbarheter kunde göra det möjligt för en angripare att utföra godtycklig kod som användaren som kör xmms genom att lura offret att läsa in specialskrivna skalfiler.

För den stabila utgåvan (Sarge) har dessa problem rättats i version 1.2.10+cvs20050209-2sarge1.

För den kommande stabila utgåvan (Etch) och den instabila utgåvan (Sid) har dessa problem rättats i version 1:1.2.10+20061101-1etch1 respektive 1:1.2.10+20070401-1.

Vi rekommenderar att ni uppgraderar era xmms-paket.

Rättat i:

Debian GNU/Linux 3.1 (stable)

Källkod:: http://security.debian.org/pool/updates/main/x/xmms/xmms_1.2.10+cvs20050209-2sarge1.diff.gz; http://security.debian.org/pool/updates/main/x/xmms/xmms_1.2.10+cvs20050209.orig.tar.gz; http://security.debian.org/pool/updates/main/x/xmms/xmms_1.2.10+cvs20050209-2sarge1.dsc
Alpha:: http://security.debian.org/pool/updates/main/x/xmms/xmms_1.2.10+cvs20050209-2sarge1_alpha.deb; http://security.debian.org/pool/updates/main/x/xmms/xmms-dev_1.2.10+cvs20050209-2sarge1_alpha.deb
AMD64:: http://security.debian.org/pool/updates/main/x/xmms/xmms_1.2.10+cvs20050209-2sarge1_amd64.deb; http://security.debian.org/pool/updates/main/x/xmms/xmms-dev_1.2.10+cvs20050209-2sarge1_amd64.deb
ARM:: http://security.debian.org/pool/updates/main/x/xmms/xmms_1.2.10+cvs20050209-2sarge1_arm.deb; http://security.debian.org/pool/updates/main/x/xmms/xmms-dev_1.2.10+cvs20050209-2sarge1_arm.deb
HP Precision:: http://security.debian.org/pool/updates/main/x/xmms/xmms_1.2.10+cvs20050209-2sarge1_hppa.deb; http://security.debian.org/pool/updates/main/x/xmms/xmms-dev_1.2.10+cvs20050209-2sarge1_hppa.deb
Intel IA-32:: http://security.debian.org/pool/updates/main/x/xmms/xmms-dev_1.2.10+cvs20050209-2sarge1_i386.deb; http://security.debian.org/pool/updates/main/x/xmms/xmms_1.2.10+cvs20050209-2sarge1_i386.deb
Intel IA-64:: http://security.debian.org/pool/updates/main/x/xmms/xmms_1.2.10+cvs20050209-2sarge1_ia64.deb; http://security.debian.org/pool/updates/main/x/xmms/xmms-dev_1.2.10+cvs20050209-2sarge1_ia64.deb
Motorola 680x0:: http://security.debian.org/pool/updates/main/x/xmms/xmms_1.2.10+cvs20050209-2sarge1_m68k.deb; http://security.debian.org/pool/updates/main/x/xmms/xmms-dev_1.2.10+cvs20050209-2sarge1_m68k.deb
Big-endian MIPS:: http://security.debian.org/pool/updates/main/x/xmms/xmms_1.2.10+cvs20050209-2sarge1_mips.deb; http://security.debian.org/pool/updates/main/x/xmms/xmms-dev_1.2.10+cvs20050209-2sarge1_mips.deb
Little-endian MIPS:: http://security.debian.org/pool/updates/main/x/xmms/xmms_1.2.10+cvs20050209-2sarge1_mipsel.deb; http://security.debian.org/pool/updates/main/x/xmms/xmms-dev_1.2.10+cvs20050209-2sarge1_mipsel.deb
PowerPC:: http://security.debian.org/pool/updates/main/x/xmms/xmms-dev_1.2.10+cvs20050209-2sarge1_powerpc.deb; http://security.debian.org/pool/updates/main/x/xmms/xmms_1.2.10+cvs20050209-2sarge1_powerpc.deb
IBM S/390:: http://security.debian.org/pool/updates/main/x/xmms/xmms_1.2.10+cvs20050209-2sarge1_s390.deb; http://security.debian.org/pool/updates/main/x/xmms/xmms-dev_1.2.10+cvs20050209-2sarge1_s390.deb
Sun Sparc:: http://security.debian.org/pool/updates/main/x/xmms/xmms-dev_1.2.10+cvs20050209-2sarge1_sparc.deb; http://security.debian.org/pool/updates/main/x/xmms/xmms_1.2.10+cvs20050209-2sarge1_sparc.deb

MD5-kontrollsummor för dessa filer finns i originalbulletinen.