<<< Date Index >>>     <<< Thread Index >>>

[SECURITY] [DSA 1472-1] New xine-lib packages fix arbitrary code execution



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1472-1                  security@xxxxxxxxxx
http://www.debian.org/security/                       Moritz Muehlenhoff
January 21, 2008                      http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : xine-lib
Vulnerability  : buffer overflow
Problem type   : remote
Debian-specific: no
CVE Id(s)      : CVE-2008-0225

Luigi Auriemma discovered that the Xine media player library performed
insufficient input sanitising during the handling of RTSP streams,
which could lead to the execution of arbitrary code.

For the unstable distribution (sid), this problem will be fixed soon.

For the testing distribution (lenny), this problem has been fixed in
version 1.1.8-3+lenny1.

For the stable distribution (etch), this problem has been fixed in
version 1.1.2+dfsg-5.

For the old stable distribution (sarge), this problem has been fixed
in version 1.0.1-1sarge6.


We recommend that you upgrade your xine-lib packages.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian 3.1 (oldstable)
- ----------------------

Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, m68k, 
mips, mipsel, powerpc, s390 and sparc.

Source archives:

  
http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_1.0.1.orig.tar.gz
    Size/MD5 checksum:  7774954 9be804b337c6c3a2e202c5a7237cb0f8
  
http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_1.0.1-1sarge6.dsc
    Size/MD5 checksum:     1059 a71bea7e3fcfb743bdc7add1c3ad2c3a
  
http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_1.0.1-1sarge6.diff.gz
    Size/MD5 checksum:     5983 cf5b621b9730754647d46865e85d1758

alpha architecture (DEC Alpha)

  
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge6_alpha.deb
    Size/MD5 checksum:   109438 5d603972a6236872f14a74f9be0fd911
  
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge6_alpha.deb
    Size/MD5 checksum:  4847618 e587d76aaaf2bd501b1d0e4f50b9d358

amd64 architecture (AMD x86_64 (AMD64))

  
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge6_amd64.deb
    Size/MD5 checksum:   107932 2100c7187289b532dc2bbc875e1f700a
  
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge6_amd64.deb
    Size/MD5 checksum:  3933716 5f7e1e0f992550dcc8c9bf623c806a9e

arm architecture (ARM)

  
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge6_arm.deb
    Size/MD5 checksum:   109156 8783e6a11aa3a4fa62dcd7c3a339a7cd
  
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge6_arm.deb
    Size/MD5 checksum:  3909402 a0f1f5d912777e5760f9d2e9651cfec9

hppa architecture (HP PA RISC)

  
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge6_hppa.deb
    Size/MD5 checksum:   107946 84641c7db3d69aad0f345ea55a8d38fa
  
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge6_hppa.deb
    Size/MD5 checksum:  3601216 287d6f69f8004dee50cfe91ebdd7cb66

i386 architecture (Intel ia32)

  
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge6_i386.deb
    Size/MD5 checksum:  4206292 74a7995d0ddb11d42666e010884c97f0
  
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge6_i386.deb
    Size/MD5 checksum:   107922 f0970164861c2efd8ff11b2f38ebf566

ia64 architecture (Intel ia64)

  
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge6_ia64.deb
    Size/MD5 checksum:  5621688 7e2a07669537b34c6fee75ed6117dc47
  
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge6_ia64.deb
    Size/MD5 checksum:   107920 846cb9aa86dd57d444e7895112bf18cc

mips architecture (MIPS (Big Endian))

  
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge6_mips.deb
    Size/MD5 checksum:   107928 d7db55d769fce24e8b487bdfd24867f8
  
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge6_mips.deb
    Size/MD5 checksum:  4067220 c3115be001b9a93b4e02c65c3596f533

mipsel architecture (MIPS (Little Endian))

  
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge6_mipsel.deb
    Size/MD5 checksum:   107942 8517b34bfa23802386aa154a8c934c35
  
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge6_mipsel.deb
    Size/MD5 checksum:  4125962 431f6ebb4336d1c5a3bedbec05774fca

powerpc architecture (PowerPC)

  
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge6_powerpc.deb
    Size/MD5 checksum:  4306036 300c1d2a63375c1b2317e1db53ae1024
  
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge6_powerpc.deb
    Size/MD5 checksum:   107934 cd7ab4c54c9c3d7c08fe02d21ba16999

s390 architecture (IBM S/390)

  
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge6_s390.deb
    Size/MD5 checksum:   107918 6cc63a6ab1a7246fb5358f79edc9c65d
  
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge6_s390.deb
    Size/MD5 checksum:  3881412 f65dc8ea4d7301a8e7261ef678da8235

sparc architecture (Sun SPARC/UltraSPARC)

  
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge6_sparc.deb
    Size/MD5 checksum:   107942 75cc6e09083965531a69dee4c6ed7f3b
  
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge6_sparc.deb
    Size/MD5 checksum:  4361076 6486c5cd3f62018d223978ef7abc9c3c

Debian (4.0) stable
- -------------------

Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, 
mipsel, powerpc, s390 and sparc.

Source archives:

  
http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_1.1.2+dfsg-5.dsc
    Size/MD5 checksum:     1536 53abacfee8d02a781fe432ea093f61e9
  
http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_1.1.2+dfsg.orig.tar.gz
    Size/MD5 checksum:  6716994 ae6525a76280a6e1979c3f4f89fd00f3
  
http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_1.1.2+dfsg-5.diff.gz
    Size/MD5 checksum:    21827 0e4830926b4339d3d2f0887636cc8267

alpha architecture (DEC Alpha)

  
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-5_alpha.deb
    Size/MD5 checksum:  3413920 e4052239ba58a4350bf81536fc28917a
  
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-5_alpha.deb
    Size/MD5 checksum:  3670428 85d64f9da9bc3a5e26dd3643482ebc8b
  
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-5_alpha.deb
    Size/MD5 checksum:   118038 56925157d3eff3a5f43e6bc3872dbd06

amd64 architecture (AMD x86_64 (AMD64))

  
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-5_amd64.deb
    Size/MD5 checksum:  3663402 0dfc07199420e1378c1033728211292d
  
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-5_amd64.deb
    Size/MD5 checksum:  3066526 a2641e4c808259c97196346e6a901a5e
  
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-5_amd64.deb
    Size/MD5 checksum:   118242 7a49e5eebc21c185835b00ba48515b20

arm architecture (ARM)

  
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-5_arm.deb
    Size/MD5 checksum:  2957806 14001daac9e466f3b66925e1dedd2b81
  
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-5_arm.deb
    Size/MD5 checksum:   118270 944bc8b0cc0883c80cf0c67964efb268
  
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-5_arm.deb
    Size/MD5 checksum:  2666832 535462048ce02252a6be24856119849c

hppa architecture (HP PA RISC)

  
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-5_hppa.deb
    Size/MD5 checksum:  3207076 0fe81105d2fed6964caf4749cc8c769b
  
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-5_hppa.deb
    Size/MD5 checksum:   116946 44f779698a4cdf54d7265b25834c2796
  
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-5_hppa.deb
    Size/MD5 checksum:  2680760 f6b3a38ac446df3e8593eddeb38d0a55

i386 architecture (Intel ia32)

  
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-5_i386.deb
    Size/MD5 checksum:  3317848 548e061fb9a63d54fdc19ca022e2bfa8
  
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-5_i386.deb
    Size/MD5 checksum:   116932 7e7561bb3b9913127c4c147688d6b115
  
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-5_i386.deb
    Size/MD5 checksum:  3957048 51c0c12f085d80f1b7da7090e5a6270d

ia64 architecture (Intel ia64)

  
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-5_ia64.deb
    Size/MD5 checksum:  2682782 e17d6e904bd005de4ec817dbecc3bb44
  
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-5_ia64.deb
    Size/MD5 checksum:  3763924 f49cdc4340b535c032ad35456e54628e
  
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-5_ia64.deb
    Size/MD5 checksum:   116936 c718d7df74a304e607559643cb50845e

mips architecture (MIPS (Big Endian))

  
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-5_mips.deb
    Size/MD5 checksum:  2837566 c194eb56aed74ad9f3965b77946613b4
  
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-5_mips.deb
    Size/MD5 checksum:   116944 701f83fbbd484885c3727e428e273a6e
  
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-5_mips.deb
    Size/MD5 checksum:  3019196 9bf39c3bf2c34406bacc0d32705c2b0b

mipsel architecture (MIPS (Little Endian))

  
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-5_mipsel.deb
    Size/MD5 checksum:   116954 d253ddd5c17a8148622aadfaf7d59904
  
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-5_mipsel.deb
    Size/MD5 checksum:  3016036 ec28cd9ca4ca029cb469e67a695cc130
  
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-5_mipsel.deb
    Size/MD5 checksum:  2787232 78c79cf8cae67f4bf19ffe7ba9617a5a

powerpc architecture (PowerPC)

  
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-5_powerpc.deb
    Size/MD5 checksum:  3719092 eef3e1b13623cf1fe5a1aa211106048a
  
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-5_powerpc.deb
    Size/MD5 checksum:   116956 fb9a69a74bc85f1f81e98db5731e1575
  
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-5_powerpc.deb
    Size/MD5 checksum:  3208680 77a72ca13dfb1021838d463125ba3008

s390 architecture (IBM S/390)

  
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-5_s390.deb
    Size/MD5 checksum:   116940 9e1ea979ae856864d64d0f21e7fab9cb
  
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-5_s390.deb
    Size/MD5 checksum:  3171170 719c84080d547d78c36046122d13ebdc
  
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-5_s390.deb
    Size/MD5 checksum:  2717060 6956c86410e02f958473a8b9610f0085

sparc architecture (Sun SPARC/UltraSPARC)

  
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-5_sparc.deb
    Size/MD5 checksum:   116960 cc8b428a478a3196e33fa0266206493e
  
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-5_sparc.deb
    Size/MD5 checksum:  3023954 ba3ebaaba619198d8d57d423248c2ae0
  
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-5_sparc.deb
    Size/MD5 checksum:  3368104 6a7d01bdf85a8836da0ce8faef5c9969


  These files will probably be moved into the stable distribution on
  its next update.

- 
---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security 
dists/stable/updates/main
Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHlOO7Xm3vHE4uyloRAh3aAJ91WI7v4GgZRFJvBa7kP6Dh7jyWNQCfVkSw
5Cfk/q+bRPKYvsx80kZTa2Q=
=Yjdp
-----END PGP SIGNATURE-----