Amarok media player update fixes vulnerabilities
Amarok 2.0.11, the free media player for Linux, Unix and Mac OS X and Windows, has been released. The new version fixes several vulnerabilities and has a number of small improvements. According to a report by Tobais Klein, the vulnerabilities are two integer overflows and two null pointer dereferences when parsing Audible format (.AAS) files.
Klein reports that the vulnerabilities can cause the player to crash and may allow for code to be executed. The Amarok developers recommend that users upgrade to the new version as soon as possible.
Improvements in the update include the ability to delete multiple tracks from MTP devices, Growl support on Mac OS X and a return of track queuing. There are also a number of bug fixes in the update, which are detailed in the release notes.
- Amarok Integer Overflow and Unchecked Allocation Vulnerabilities, advisory from Tobais Klein