[USN-295-1] xine-lib vulnerability

To: ubuntu-security-announce@xxxxxxxxxxxxxxxx
Subject: [USN-295-1] xine-lib vulnerability
From: Martin Pitt <martin.pitt@xxxxxxxxxxxxx>
Date: Fri, 9 Jun 2006 12:46:43 +0200
Cc: full-disclosure@xxxxxxxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
User-agent: Mutt/1.5.11

=========================================================== 
Ubuntu Security Notice USN-295-1              June 09, 2006
xine-lib vulnerability
CVE-2006-2802
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.04
Ubuntu 5.10
Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.04:
  libxine1                       1.0-1ubuntu3.7

Ubuntu 5.10:
  libxine1c2                     1.0.1-1ubuntu10.3

Ubuntu 6.06 LTS:
  libxine-main1                  1.1.1+ubuntu2-7.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.
XXX OR XXX
After a standard system upgrade you need to reboot your computer to
effect the necessary changes.

Details follow:

Federico L. Bossi Bonin discovered a buffer overflow in the HTTP input
module. By tricking an user into opening a malicious remote media
location, a remote attacker could exploit this to crash Xine library
frontends (like totem-xine, gxine, or xine-ui) and possibly even
execute arbitrary code with the user's privileges.


Updated packages for Ubuntu 5.04:

  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0-1ubuntu3.7.diff.gz
      Size/MD5:     4636 5cc6919bd457df6beae53e9a84e9e503
    
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0-1ubuntu3.7.dsc
      Size/MD5:     1070 1a862dac447d52ecfb8bcdcbb24cf5de
    
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0.orig.tar.gz
      Size/MD5:  7384258 96e5195c366064e7778af44c3e71f43a

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0-1ubuntu3.7_amd64.deb
      Size/MD5:   106846 edbbcd4d032bb0e3ff692ac7138fe2fb
    
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.0-1ubuntu3.7_amd64.deb
      Size/MD5:  3567510 0d1ba9ac491e5482d82acb2f776f21bb

  i386 architecture (x86 compatible Intel/AMD)

    
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0-1ubuntu3.7_i386.deb
      Size/MD5:   106822 86c3f51b3200996f96131c8c53c67506
    
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.0-1ubuntu3.7_i386.deb
      Size/MD5:  3750458 eff585a1e98695ae4146cd97c7560fcf

  powerpc architecture (Apple Macintosh G3/G4/G5)

    
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0-1ubuntu3.7_powerpc.deb
      Size/MD5:   106850 9097246c8357d5a04139bcee0ddbb7b8
    
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.0-1ubuntu3.7_powerpc.deb
      Size/MD5:  3925536 8d2576a78270fb2806a18e011a18921a

Updated packages for Ubuntu 5.10:

  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0.1-1ubuntu10.3.diff.gz
      Size/MD5:     9453 2a3b01a6d858e8623a89e5cce831d392
    
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0.1-1ubuntu10.3.dsc
      Size/MD5:     1186 47fb3762575e25d037c3e6ba2d3d6744
    
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0.1.orig.tar.gz
      Size/MD5:  7774954 9be804b337c6c3a2e202c5a7237cb0f8

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0.1-1ubuntu10.3_amd64.deb
      Size/MD5:   108858 8081b6beb283dfefeda7aa0a81d5008e
    
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1c2_1.0.1-1ubuntu10.3_amd64.deb
      Size/MD5:  3611122 99e0979785b3c7c7001d33ddd5e8bb96

  i386 architecture (x86 compatible Intel/AMD)

    
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0.1-1ubuntu10.3_i386.deb
      Size/MD5:   108864 7dfd068cc168dcc55993d70277901b3d
    
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1c2_1.0.1-1ubuntu10.3_i386.deb
      Size/MD5:  4004210 156188682cd24dbfa922b94d66d2dd63

  powerpc architecture (Apple Macintosh G3/G4/G5)

    
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0.1-1ubuntu10.3_powerpc.deb
      Size/MD5:   108866 1489e831ed6bb874756e0f2f4a44ecca
    
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1c2_1.0.1-1ubuntu10.3_powerpc.deb
      Size/MD5:  3849668 6fdbbe888f1c7ee821af81e16352d61b

Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.1.1+ubuntu2-7.1.diff.gz
      Size/MD5:    17494 e751ca0a9c5b41b7c4027bef6ace5c06
    
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.1.1+ubuntu2-7.1.dsc
      Size/MD5:     1115 6bce2e7e1451f9466a8b18592622257b
    
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.1.1+ubuntu2.orig.tar.gz
      Size/MD5:  6099365 5d0f3988e4d95f6af6f3caf2130ee992

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.1+ubuntu2-7.1_amd64.deb
      Size/MD5:   115446 eb614aa1d1e7c0233edd761caf964102
    
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-main1_1.1.1+ubuntu2-7.1_amd64.deb
      Size/MD5:  2614692 52e2b9167da0175dc15432ca3cdf6838

  i386 architecture (x86 compatible Intel/AMD)

    
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.1+ubuntu2-7.1_i386.deb
      Size/MD5:   115424 f1339e03fa540de1824dc930d8e30bf8
    
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-main1_1.1.1+ubuntu2-7.1_i386.deb
      Size/MD5:  2933916 9868711b9c0dfddc8e91bdf5a28dd223

  powerpc architecture (Apple Macintosh G3/G4/G5)

    
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.1+ubuntu2-7.1_powerpc.deb
      Size/MD5:   115436 e54d0fff77fb6fb9c7f9cbc5454d2c36
    
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-main1_1.1.1+ubuntu2-7.1_powerpc.deb
      Size/MD5:  2724444 294c1ac85f65238d39695fe77ccb38cc

Attachment: signature.asc
Description: Digital signature

Prev by Date: SSL VPNs and security
Next by Date: Re: SSL VPNs and security
Previous by thread: Re: SSL VPNs and security
Next by thread: [USN-294-1] courier vulnerability
Index(es):
- Date
- Thread