Tuesday, October 1, 2013

[USN-1986-1] Network Audio System (NAS) vulnerabilities

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCgAGBQJSSwlHAAoJEGVp2FWnRL6TvpcP/2VNa7w7HM/qbbXCJpxWkkjT
RNwGJDu8VwS6ahNrivp7Wn9GHFoXYVTVp+6NywGwqiNUvZLNgfSxsQeUihhVZeR9
tQGD2kv/jAWrvX1BPtHJl7ATQHiYLv9Wp/xBnRGXzlqVymMLq1Hc8OVvFKvNRQh8
D/t5gJNCHq3bU5ENHUasMgPDptkzKvO+6TQ3bBdYFOYR5GKiSzV7qvX9NU4doRPI
bF8wEEx9J2i8JhWUlhRgNgzIrDmmT4/KxtdelE038O0A3iAeh+lhzprZlX5mE2ax
JpF9DTBp9jho3Eu0KOK/0W9swsbPSVDVBdEMQhjvBcQH+Gg6iaNBWTUi3+SkY4s0
jViPQUFhM/Mg513S3QPVf+IWHIvp4Tdp3ZW/pNeejmWEof9ZL1SaJy+nD4Vv0RLe
x8iy587QMMFJuz1c5OYDCaOvF54mIqe53g18fL4CMb3GznxNRP7CIlpIjPyQLdTk
vKtTe9w3ckWZqdfCq75KceuoiG3minYrk+mUNs1cO4V8tj77WxYtlYrZ32F8qLcQ
DLRi4n7GHhiiyc6+jlhmXgBqFVfvQWyK+1mgeZR52hqNpUJ5LK9bSY0mX/ABETMo
1NeNHu6k24EH3UZ/EDvFcrlX/Di1S45yhBQ0fSOBBI3i71AvpfDm4BmZxk9bMXWO
CxmglghLoB+9tedzdk8z
=FRmT
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1986-1
October 01, 2013

nas vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 13.04
- Ubuntu 12.10
- Ubuntu 12.04 LTS

Summary:

Several security issues were fixed in Network Audio System (NAS).

Software Description:
- nas: Network Audio System

Details:

Hamid Zamani discovered multiple security issues in the Network Audio
System (NAS) server. An attacker could possibly use these issues to cause a
denial of service or execute arbitrary code. (CVE-2013-4256, CVE-2013-4257)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 13.04:
nas 1.9.3-5ubuntu0.13.04.1

Ubuntu 12.10:
nas 1.9.3-5ubuntu0.12.10.1

Ubuntu 12.04 LTS:
nas 1.9.3-4ubuntu0.1

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1986-1
CVE-2013-4256, CVE-2013-4257

Package Information:
https://launchpad.net/ubuntu/+source/nas/1.9.3-5ubuntu0.13.04.1
https://launchpad.net/ubuntu/+source/nas/1.9.3-5ubuntu0.12.10.1
https://launchpad.net/ubuntu/+source/nas/1.9.3-4ubuntu0.1

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)