USN-446-1: NAS vulnerabilities

28 March 2007

NAS vulnerabilities

Releases

Details

Luigi Auriemma discovered multiple flaws in the Network Audio System
server. Remote attackers could send specially crafted network requests
that could lead to a denial of service or execution of arbitrary code.
Note that default Ubuntu installs do not include the NAS server.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 6.10
  • nas - 1.8-2ubuntu0.1
Ubuntu 6.06
  • nas - 1.7-3ubuntu3.2
Ubuntu 5.10
  • nas - 1.7-2ubuntu2.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.