=========================================================== Ubuntu Security Notice USN-435-1 March 12, 2007 xine-lib vulnerability CVE-2007-1387 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.10 Ubuntu 6.06 LTS Ubuntu 6.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 5.10: libxine1c2 1.0.1-1ubuntu10.9 Ubuntu 6.06 LTS: libxine-main1 1.1.1+ubuntu2-7.7 Ubuntu 6.10: libxine1 1.1.2+repacked1-0ubuntu3.4 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Moritz Jodeit discovered that the DirectShow loader of Xine did not correctly validate the size of an allocated buffer. By tricking a user into opening a specially crafted media file, an attacker could execute arbitrary code with the user's privileges. Updated packages for Ubuntu 5.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0.1-1ubuntu10.9.diff.gz Size/MD5: 12233 675e1e62de2463b908fd32aeb9bfe60a http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0.1-1ubuntu10.9.dsc Size/MD5: 1187 f9cdbdaba61da69e0b938dce158b0f3d http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0.1.orig.tar.gz Size/MD5: 7774954 9be804b337c6c3a2e202c5a7237cb0f8 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0.1-1ubuntu10.9_amd64.deb Size/MD5: 109360 2fdbe1a14a39938370da76ba8bab0536 http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1c2_1.0.1-1ubuntu10.9_amd64.deb Size/MD5: 3611982 be994d0cc19f633ec74871cbd8a8d354 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0.1-1ubuntu10.9_i386.deb Size/MD5: 109366 7b4eca37fe190aa0efbab7cfe66d6dcb http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1c2_1.0.1-1ubuntu10.9_i386.deb Size/MD5: 4005084 2826411084dff3fe99d72478646bc9ed powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0.1-1ubuntu10.9_powerpc.deb Size/MD5: 109354 8748b83cbdca49037a48236bf0a29192 http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1c2_1.0.1-1ubuntu10.9_powerpc.deb Size/MD5: 3850630 4fe2ded6b53b4f814cecef7929e94643 sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0.1-1ubuntu10.9_sparc.deb Size/MD5: 109372 01d4c3f30fea1f692476f92560c18e2b http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1c2_1.0.1-1ubuntu10.9_sparc.deb Size/MD5: 3695886 c272d0b130739cbb690c2916ef246880 Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.1.1+ubuntu2-7.7.diff.gz Size/MD5: 19938 47e5b5f3b185adb45ad836e183a95c46 http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.1.1+ubuntu2-7.7.dsc Size/MD5: 1113 143dcfd0208da129a9f6b553be5774be http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.1.1+ubuntu2.orig.tar.gz Size/MD5: 6099365 5d0f3988e4d95f6af6f3caf2130ee992 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.1+ubuntu2-7.7_amd64.deb Size/MD5: 115898 155554542eec0dab285f5cc34b9704bf http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-main1_1.1.1+ubuntu2-7.7_amd64.deb Size/MD5: 2615330 5cf4471e1563637f4d9f6b084b6b365a i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.1+ubuntu2-7.7_i386.deb Size/MD5: 115910 05ac35f926ba3f47d0d2eba8875bd3f8 http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-main1_1.1.1+ubuntu2-7.7_i386.deb Size/MD5: 2934426 3206757c9cf743813477ff214be1e769 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.1+ubuntu2-7.7_powerpc.deb Size/MD5: 115900 2f093ac6c4b3a0709a054ea9daca3a27 http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-main1_1.1.1+ubuntu2-7.7_powerpc.deb Size/MD5: 2725058 a0cc602a29cc664c32d0cf5694112683 sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.1+ubuntu2-7.7_sparc.deb Size/MD5: 115904 8011e1182c9ae79001083f4215cc208d http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-main1_1.1.1+ubuntu2-7.7_sparc.deb Size/MD5: 2591836 cc1d268ee97f26872181c53c35323147 Updated packages for Ubuntu 6.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.1.2+repacked1-0ubuntu3.4.diff.gz Size/MD5: 71623 ebe35a66a8d80fb8425d04667aa2dd7a http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.1.2+repacked1-0ubuntu3.4.dsc Size/MD5: 1445 fbd4b9208b9aa1ae17ffb695d8a4a1f8 http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.1.2+repacked1.orig.tar.gz Size/MD5: 4583422 9c05a6397838e4e2e9c419e898e4b930 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/universe/x/xine-lib/libxine-main1_1.1.2+repacked1-0ubuntu3.4_all.deb Size/MD5: 39094 b038215bac1e84adc156a310d15c4caf amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.2+repacked1-0ubuntu3.4_amd64.deb Size/MD5: 119040 3f1ec2c36475a53f39fa9d9bc2b57c3f http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1-dbg_1.1.2+repacked1-0ubuntu3.4_amd64.deb Size/MD5: 3443132 57f239a84d5b64ec8e69138771bb552e http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.1.2+repacked1-0ubuntu3.4_amd64.deb Size/MD5: 2914616 8f3917f4a14166c826c3f6af13e899d3 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.2+repacked1-0ubuntu3.4_i386.deb Size/MD5: 119036 707d317b42b46693e62ed780b75447a2 http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1-dbg_1.1.2+repacked1-0ubuntu3.4_i386.deb Size/MD5: 3772102 95e2953730396910d2779014b1162cad http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.1.2+repacked1-0ubuntu3.4_i386.deb Size/MD5: 3222320 6755a5b24b420e33913ee87e8ba79506 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.2+repacked1-0ubuntu3.4_powerpc.deb Size/MD5: 119048 abeed7884e45749fb1a5f3ba63e343d2 http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1-dbg_1.1.2+repacked1-0ubuntu3.4_powerpc.deb Size/MD5: 3469630 2dd5e21da5efcc1905e4de5949e6d551 http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.1.2+repacked1-0ubuntu3.4_powerpc.deb Size/MD5: 3043218 5f14c87b113723ebd45d869fdd691679 sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.2+repacked1-0ubuntu3.4_sparc.deb Size/MD5: 119050 ca4592904b009e44625953027da5b23b http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1-dbg_1.1.2+repacked1-0ubuntu3.4_sparc.deb Size/MD5: 3136760 cc8d9ce0cdf296eca70284609fe7642f http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.1.2+repacked1-0ubuntu3.4_sparc.deb Size/MD5: 2857100 0f8e4b35211aebfbcc2bdb2cc12e6c4d
Attachment:
signature.asc
Description: Digital signature