=========================================================== Ubuntu Security Notice USN-295-1 June 09, 2006 xine-lib vulnerability CVE-2006-2802 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.04 Ubuntu 5.10 Ubuntu 6.06 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 5.04: libxine1 1.0-1ubuntu3.7 Ubuntu 5.10: libxine1c2 1.0.1-1ubuntu10.3 Ubuntu 6.06 LTS: libxine-main1 1.1.1+ubuntu2-7.1 In general, a standard system upgrade is sufficient to effect the necessary changes. XXX OR XXX After a standard system upgrade you need to reboot your computer to effect the necessary changes. Details follow: Federico L. Bossi Bonin discovered a buffer overflow in the HTTP input module. By tricking an user into opening a malicious remote media location, a remote attacker could exploit this to crash Xine library frontends (like totem-xine, gxine, or xine-ui) and possibly even execute arbitrary code with the user's privileges. Updated packages for Ubuntu 5.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0-1ubuntu3.7.diff.gz Size/MD5: 4636 5cc6919bd457df6beae53e9a84e9e503 http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0-1ubuntu3.7.dsc Size/MD5: 1070 1a862dac447d52ecfb8bcdcbb24cf5de http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0.orig.tar.gz Size/MD5: 7384258 96e5195c366064e7778af44c3e71f43a amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0-1ubuntu3.7_amd64.deb Size/MD5: 106846 edbbcd4d032bb0e3ff692ac7138fe2fb http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.0-1ubuntu3.7_amd64.deb Size/MD5: 3567510 0d1ba9ac491e5482d82acb2f776f21bb i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0-1ubuntu3.7_i386.deb Size/MD5: 106822 86c3f51b3200996f96131c8c53c67506 http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.0-1ubuntu3.7_i386.deb Size/MD5: 3750458 eff585a1e98695ae4146cd97c7560fcf powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0-1ubuntu3.7_powerpc.deb Size/MD5: 106850 9097246c8357d5a04139bcee0ddbb7b8 http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.0-1ubuntu3.7_powerpc.deb Size/MD5: 3925536 8d2576a78270fb2806a18e011a18921a Updated packages for Ubuntu 5.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0.1-1ubuntu10.3.diff.gz Size/MD5: 9453 2a3b01a6d858e8623a89e5cce831d392 http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0.1-1ubuntu10.3.dsc Size/MD5: 1186 47fb3762575e25d037c3e6ba2d3d6744 http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0.1.orig.tar.gz Size/MD5: 7774954 9be804b337c6c3a2e202c5a7237cb0f8 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0.1-1ubuntu10.3_amd64.deb Size/MD5: 108858 8081b6beb283dfefeda7aa0a81d5008e http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1c2_1.0.1-1ubuntu10.3_amd64.deb Size/MD5: 3611122 99e0979785b3c7c7001d33ddd5e8bb96 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0.1-1ubuntu10.3_i386.deb Size/MD5: 108864 7dfd068cc168dcc55993d70277901b3d http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1c2_1.0.1-1ubuntu10.3_i386.deb Size/MD5: 4004210 156188682cd24dbfa922b94d66d2dd63 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0.1-1ubuntu10.3_powerpc.deb Size/MD5: 108866 1489e831ed6bb874756e0f2f4a44ecca http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1c2_1.0.1-1ubuntu10.3_powerpc.deb Size/MD5: 3849668 6fdbbe888f1c7ee821af81e16352d61b Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.1.1+ubuntu2-7.1.diff.gz Size/MD5: 17494 e751ca0a9c5b41b7c4027bef6ace5c06 http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.1.1+ubuntu2-7.1.dsc Size/MD5: 1115 6bce2e7e1451f9466a8b18592622257b http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.1.1+ubuntu2.orig.tar.gz Size/MD5: 6099365 5d0f3988e4d95f6af6f3caf2130ee992 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.1+ubuntu2-7.1_amd64.deb Size/MD5: 115446 eb614aa1d1e7c0233edd761caf964102 http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-main1_1.1.1+ubuntu2-7.1_amd64.deb Size/MD5: 2614692 52e2b9167da0175dc15432ca3cdf6838 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.1+ubuntu2-7.1_i386.deb Size/MD5: 115424 f1339e03fa540de1824dc930d8e30bf8 http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-main1_1.1.1+ubuntu2-7.1_i386.deb Size/MD5: 2933916 9868711b9c0dfddc8e91bdf5a28dd223 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.1+ubuntu2-7.1_powerpc.deb Size/MD5: 115436 e54d0fff77fb6fb9c7f9cbc5454d2c36 http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-main1_1.1.1+ubuntu2-7.1_powerpc.deb Size/MD5: 2724444 294c1ac85f65238d39695fe77ccb38cc
Attachment:
signature.asc
Description: Digital signature