USN-446-1: NAS vulnerabilities

Ubuntu Security Notice USN-446-1

28th March, 2007

nas vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 6.10
  • Ubuntu 6.06 LTS
  • Ubuntu 5.10


Luigi Auriemma discovered multiple flaws in the Network Audio System
server. Remote attackers could send specially crafted network requests
that could lead to a denial of service or execution of arbitrary code.
Note that default Ubuntu installs do not include the NAS server.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 6.10:
nas 1.8-2ubuntu0.1
Ubuntu 6.06 LTS:
nas 1.7-3ubuntu3.2
Ubuntu 5.10:
nas 1.7-2ubuntu2.1

To update your system, please follow these instructions:

In general, a standard system upgrade is sufficient to effect the
necessary changes.


CVE-2007-1543, CVE-2007-1544, CVE-2007-1545, CVE-2007-1546, CVE-2007-1547