=========================================================== Ubuntu Security Notice USN-446-1 March 28, 2007 nas vulnerabilities CVE-2007-1543, CVE-2007-1544, CVE-2007-1545, CVE-2007-1546, CVE-2007-1547 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.10 Ubuntu 6.06 LTS Ubuntu 6.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 5.10: nas 1.7-2ubuntu2.1 Ubuntu 6.06 LTS: nas 1.7-3ubuntu3.2 Ubuntu 6.10: nas 1.8-2ubuntu0.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Luigi Auriemma discovered multiple flaws in the Network Audio System server. Remote attackers could send specially crafted network requests that could lead to a denial of service or execution of arbitrary code. Note that default Ubuntu installs do not include the NAS server. Updated packages for Ubuntu 5.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/n/nas/nas_1.7-2ubuntu2.1.diff.gz Size/MD5: 124147 332f758365415875e2fad07237f9278c http://security.ubuntu.com/ubuntu/pool/main/n/nas/nas_1.7-2ubuntu2.1.dsc Size/MD5: 730 ee6f6df697aec1ec7a29d47f6c9a51e6 http://security.ubuntu.com/ubuntu/pool/main/n/nas/nas_1.7.orig.tar.gz Size/MD5: 1288569 c9918e9c9c95d587a95b455bbabe3b49 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/n/nas/nas-doc_1.7-2ubuntu2.1_all.deb Size/MD5: 150542 ae7b918f6a06202e697059870461e187 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/n/nas/libaudio-dev_1.7-2ubuntu2.1_amd64.deb Size/MD5: 540818 c8fa856d7349f9e12534e3d709b6ba07 http://security.ubuntu.com/ubuntu/pool/main/n/nas/libaudio2_1.7-2ubuntu2.1_amd64.deb Size/MD5: 75436 a5e2e99650cae805190432b3c2114b0a http://security.ubuntu.com/ubuntu/pool/universe/n/nas/nas-bin_1.7-2ubuntu2.1_amd64.deb Size/MD5: 529074 4fc9011d47a586d02750bcd9ad84cdb8 http://security.ubuntu.com/ubuntu/pool/universe/n/nas/nas_1.7-2ubuntu2.1_amd64.deb Size/MD5: 103706 e17e40e6e65bccdc622b6d2be87fcc9b i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/n/nas/libaudio-dev_1.7-2ubuntu2.1_i386.deb Size/MD5: 486146 e1f56f4633c4add7c8e4b76cc2e81196 http://security.ubuntu.com/ubuntu/pool/main/n/nas/libaudio2_1.7-2ubuntu2.1_i386.deb Size/MD5: 70132 5664d1a64bdd73ffdeaa0127eec445c5 http://security.ubuntu.com/ubuntu/pool/universe/n/nas/nas-bin_1.7-2ubuntu2.1_i386.deb Size/MD5: 464716 365ea3a2a6bd9a098c3c97d3150b28ca http://security.ubuntu.com/ubuntu/pool/universe/n/nas/nas_1.7-2ubuntu2.1_i386.deb Size/MD5: 91842 c24df4f0fffa84da67e7c8a40031dc0d powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/n/nas/libaudio-dev_1.7-2ubuntu2.1_powerpc.deb Size/MD5: 553780 f5414461809394dafbb5ec087a49e1e6 http://security.ubuntu.com/ubuntu/pool/main/n/nas/libaudio2_1.7-2ubuntu2.1_powerpc.deb Size/MD5: 74904 f354c5adcaf9458f4407007b32374b0c http://security.ubuntu.com/ubuntu/pool/universe/n/nas/nas-bin_1.7-2ubuntu2.1_powerpc.deb Size/MD5: 531104 c60b5d7bf26c6783b9c666ee2c80fcaa http://security.ubuntu.com/ubuntu/pool/universe/n/nas/nas_1.7-2ubuntu2.1_powerpc.deb Size/MD5: 101502 9414403556f37f361431706d25a53322 sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/n/nas/libaudio-dev_1.7-2ubuntu2.1_sparc.deb Size/MD5: 500100 322f31a7d9f6ffd85256d79f9cfbdb73 http://security.ubuntu.com/ubuntu/pool/main/n/nas/libaudio2_1.7-2ubuntu2.1_sparc.deb Size/MD5: 70350 d21dc792aa7c05411bea50cc1ce11c17 http://security.ubuntu.com/ubuntu/pool/universe/n/nas/nas-bin_1.7-2ubuntu2.1_sparc.deb Size/MD5: 473872 d6dfb963b07fecec31a46f6fa5013f79 http://security.ubuntu.com/ubuntu/pool/universe/n/nas/nas_1.7-2ubuntu2.1_sparc.deb Size/MD5: 95996 7e3c2aa190df5cfdb6cddc2d2ef88b8b Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/n/nas/nas_1.7-3ubuntu3.2.diff.gz Size/MD5: 125275 e9316af5b0d46add5e549b33a4bcb1b8 http://security.ubuntu.com/ubuntu/pool/main/n/nas/nas_1.7-3ubuntu3.2.dsc Size/MD5: 738 a4b4807d1594af28ff5e4a0abef06492 http://security.ubuntu.com/ubuntu/pool/main/n/nas/nas_1.7.orig.tar.gz Size/MD5: 1288569 c9918e9c9c95d587a95b455bbabe3b49 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/n/nas/nas-doc_1.7-3ubuntu3.2_all.deb Size/MD5: 150638 187aa7c18e5eb18767a407e70dbdd890 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/n/nas/libaudio-dev_1.7-3ubuntu3.2_amd64.deb Size/MD5: 537496 cf840b32a05e2e222d7b10f90bda7334 http://security.ubuntu.com/ubuntu/pool/main/n/nas/libaudio2_1.7-3ubuntu3.2_amd64.deb Size/MD5: 75578 16b0706a472e0609e05dce510f7f981b http://security.ubuntu.com/ubuntu/pool/universe/n/nas/nas-bin_1.7-3ubuntu3.2_amd64.deb Size/MD5: 529432 48d7008046fa99f8b554e5ab3932ba3e http://security.ubuntu.com/ubuntu/pool/universe/n/nas/nas_1.7-3ubuntu3.2_amd64.deb Size/MD5: 104656 34c02a1947fb76d1fbe9710dd6df5116 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/n/nas/libaudio-dev_1.7-3ubuntu3.2_i386.deb Size/MD5: 483858 4e614dce3393afa53f1fd4ebf38878a1 http://security.ubuntu.com/ubuntu/pool/main/n/nas/libaudio2_1.7-3ubuntu3.2_i386.deb Size/MD5: 70136 b66f4a7250047f1aee828a8b509fb3d3 http://security.ubuntu.com/ubuntu/pool/universe/n/nas/nas-bin_1.7-3ubuntu3.2_i386.deb Size/MD5: 464304 d76701b80c524c9b1cf76e62665e416a http://security.ubuntu.com/ubuntu/pool/universe/n/nas/nas_1.7-3ubuntu3.2_i386.deb Size/MD5: 92824 c238846647d5f2127a08c4c27bdca14f powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/n/nas/libaudio-dev_1.7-3ubuntu3.2_powerpc.deb Size/MD5: 553162 d55bcbb414e5232358542fe2feb00f1d http://security.ubuntu.com/ubuntu/pool/main/n/nas/libaudio2_1.7-3ubuntu3.2_powerpc.deb Size/MD5: 74974 1dcef91879ff0d615273c8469c5820e8 http://security.ubuntu.com/ubuntu/pool/universe/n/nas/nas-bin_1.7-3ubuntu3.2_powerpc.deb Size/MD5: 529856 6acae7ef312e28c23265bc75862f5510 http://security.ubuntu.com/ubuntu/pool/universe/n/nas/nas_1.7-3ubuntu3.2_powerpc.deb Size/MD5: 102642 5e19cf9fe84b8dec4c86b8dc14abc715 sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/n/nas/libaudio-dev_1.7-3ubuntu3.2_sparc.deb Size/MD5: 495218 034c2f89030aaf0665595b77a238c621 http://security.ubuntu.com/ubuntu/pool/main/n/nas/libaudio2_1.7-3ubuntu3.2_sparc.deb Size/MD5: 70282 d486beda5c19b1fee14c34056771cdc3 http://security.ubuntu.com/ubuntu/pool/universe/n/nas/nas-bin_1.7-3ubuntu3.2_sparc.deb Size/MD5: 470660 76d261ee5e688a40b8336c3564465064 http://security.ubuntu.com/ubuntu/pool/universe/n/nas/nas_1.7-3ubuntu3.2_sparc.deb Size/MD5: 96572 468b4ea95fbd35a756dd37209672c81a Updated packages for Ubuntu 6.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/n/nas/nas_1.8-2ubuntu0.1.diff.gz Size/MD5: 486360 6f70fb0b12d28fc4047bafab1f05ad4e http://security.ubuntu.com/ubuntu/pool/main/n/nas/nas_1.8-2ubuntu0.1.dsc Size/MD5: 741 f6364e27c83d39993587fa6df5d33fcf http://security.ubuntu.com/ubuntu/pool/main/n/nas/nas_1.8.orig.tar.gz Size/MD5: 1290578 7e5ecab75a48c75b0c6305fcced34a97 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/n/nas/nas-doc_1.8-2ubuntu0.1_all.deb Size/MD5: 151512 47a5b58301b632434c20f7e676e2b8b8 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/n/nas/libaudio-dev_1.8-2ubuntu0.1_amd64.deb Size/MD5: 530554 95e890a585ccb1a5bf5f2f11c2a0f3f3 http://security.ubuntu.com/ubuntu/pool/main/n/nas/libaudio2_1.8-2ubuntu0.1_amd64.deb Size/MD5: 76418 b0cbe51548e3be240c8e28a79e3358e7 http://security.ubuntu.com/ubuntu/pool/universe/n/nas/nas-bin_1.8-2ubuntu0.1_amd64.deb Size/MD5: 531858 6fb0694366e749673ef394cd6d8034fa http://security.ubuntu.com/ubuntu/pool/universe/n/nas/nas_1.8-2ubuntu0.1_amd64.deb Size/MD5: 107686 86dcdb055ed7565066936ffe447c285f i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/n/nas/libaudio-dev_1.8-2ubuntu0.1_i386.deb Size/MD5: 500982 b7f07eda337d5ca9d6b7a0e7f045c795 http://security.ubuntu.com/ubuntu/pool/main/n/nas/libaudio2_1.8-2ubuntu0.1_i386.deb Size/MD5: 73154 f2479e362021178cd58f32ee1e047b58 http://security.ubuntu.com/ubuntu/pool/universe/n/nas/nas-bin_1.8-2ubuntu0.1_i386.deb Size/MD5: 491312 f692b013ec19670122bb0d08a85c73d2 http://security.ubuntu.com/ubuntu/pool/universe/n/nas/nas_1.8-2ubuntu0.1_i386.deb Size/MD5: 98656 60ee6df2b99ff93aab4f6f291d00f260 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/n/nas/libaudio-dev_1.8-2ubuntu0.1_powerpc.deb Size/MD5: 554626 3f0e29a26c43ded0b67b08a326b377eb http://security.ubuntu.com/ubuntu/pool/main/n/nas/libaudio2_1.8-2ubuntu0.1_powerpc.deb Size/MD5: 76554 9690b68e179d84688fd483983f8ad661 http://security.ubuntu.com/ubuntu/pool/universe/n/nas/nas-bin_1.8-2ubuntu0.1_powerpc.deb Size/MD5: 540452 6e69ca01a4471838ee5dbdafd480e969 http://security.ubuntu.com/ubuntu/pool/universe/n/nas/nas_1.8-2ubuntu0.1_powerpc.deb Size/MD5: 107366 26369bf75e7292029a0fe138df14c251 sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/n/nas/libaudio-dev_1.8-2ubuntu0.1_sparc.deb Size/MD5: 492578 3005b9b8efce6ce23d88affd0080e5ae http://security.ubuntu.com/ubuntu/pool/main/n/nas/libaudio2_1.8-2ubuntu0.1_sparc.deb Size/MD5: 71502 ff149d04c07b629e87826eeb5bc30750 http://security.ubuntu.com/ubuntu/pool/universe/n/nas/nas-bin_1.8-2ubuntu0.1_sparc.deb Size/MD5: 477328 79742d8dfa73f401215bead40576e81c http://security.ubuntu.com/ubuntu/pool/universe/n/nas/nas_1.8-2ubuntu0.1_sparc.deb Size/MD5: 100758 137f01e00b44096dfb33e13dd2fe584f