lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20051216124422.GA5087@piware.de>
Date: Fri, 16 Dec 2005 13:44:22 +0100
From: Martin Pitt <martin.pitt@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-230-2] ffmpeg/xine-lib vulnerability

===========================================================
Ubuntu Security Notice USN-230-2	  December 16, 2005
xine-lib vulnerability
CVE-2005-4048
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)

The following packages are affected:

libxine1
libxine1c2

The problem can be corrected by upgrading the affected package to
version 1-rc5-1ubuntu2.4 (for Ubuntu 4.10), 1.0-1ubuntu3.6 (for Ubuntu
5.04), or 1.0.1-1ubuntu10.2 (for Ubuntu 5.10).  In general, a standard
system upgrade is sufficient to effect the necessary changes.

Details follow:

USN-230-1 fixed a vulnerability in the ffmpeg library. The Xine
library contains a copy of the ffmpeg code, thus it is vulnerable to
the same flaw.

For reference, this is the original advisory:

  Simon Kilvington discovered a buffer overflow in the
  avcodec_default_get_buffer() function of the ffmpeg library. By
  tricking an user into opening a malicious movie which contains
  specially crafted PNG images, this could be exploited to execute
  arbitrary code with the user's privileges.


Updated packages for Ubuntu 4.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1-rc5-1ubuntu2.4.dsc
      Size/MD5:  950 0b0865913672df5c80783279f471bf66
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1-rc5-1ubuntu2.4.diff.gz
      Size/MD5:  222131 bf99e51c425cfdbac9b6c76e17504ed6

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1-rc5-1ubuntu2.4_i386.deb
      Size/MD5:  101724 195cb67c660bc24a63991c3e69ec381e
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1-rc5-1ubuntu2.4_i386.deb
      Size/MD5:  3729248 596d1f0437b94625ab38770f1086a03e

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1-rc5-1ubuntu2.4_powerpc.deb
      Size/MD5:  3886766 1635110e5c74867f1657aacf8ff0e09a
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1-rc5-1ubuntu2.4_powerpc.deb
      Size/MD5:  101728 e2960b0070421b8ef2be3f9ee40f6528

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1-rc5-1ubuntu2.4_amd64.deb
      Size/MD5:  3543532 82f8b13cd4cf2fc51f6d90a64ad214b4
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1-rc5-1ubuntu2.4_amd64.deb
      Size/MD5:  101722 0bb5d4a49d5f04f680dd1a38c5790191

Updated packages for Ubuntu 5.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0-1ubuntu3.6.diff.gz
      Size/MD5:     4401 f6a606d82d9379f6bb6fdf4c0f9e4cb3
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0-1ubuntu3.6.dsc
      Size/MD5:     1070 1fae1b7df974523161bcc5e90bb47912
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0.orig.tar.gz
      Size/MD5:  7384258 96e5195c366064e7778af44c3e71f43a

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0-1ubuntu3.6_amd64.deb
      Size/MD5:   106758 9ce395434edc4bbc07151e13cc018b93
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.0-1ubuntu3.6_amd64.deb
      Size/MD5:  3567328 45842025ea2de6efdcb07276a78f03ed

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0-1ubuntu3.6_i386.deb
      Size/MD5:   106756 e3ed2f29ec5d37f37b238c5d43140bd9
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.0-1ubuntu3.6_i386.deb
      Size/MD5:  3750250 8df1800276d5e9ba8710c726d511e331

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0-1ubuntu3.6_powerpc.deb
      Size/MD5:   106780 f3310108f59d253cc7c97a2ccdafce95
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.0-1ubuntu3.6_powerpc.deb
      Size/MD5:  3925408 4801437ecc43845c7096d03c0e8a110d

Updated packages for Ubuntu 5.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0.1-1ubuntu10.2.diff.gz
      Size/MD5:     9220 fa3727a5c30b96fa30214b74901f9b37
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0.1-1ubuntu10.2.dsc
      Size/MD5:     1186 b12c0731582c9ac6016af90a6758b222
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0.1.orig.tar.gz
      Size/MD5:  7774954 9be804b337c6c3a2e202c5a7237cb0f8

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0.1-1ubuntu10.2_amd64.deb
      Size/MD5:   108796 fe4af1d1d64655076434bac4bd4e6121
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1c2_1.0.1-1ubuntu10.2_amd64.deb
      Size/MD5:  3610978 7fccf1da401ca96a9552b9ba54818919

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0.1-1ubuntu10.2_i386.deb
      Size/MD5:   108800 c2ee1c0f1f316bc2aea565fcdf085088
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1c2_1.0.1-1ubuntu10.2_i386.deb
      Size/MD5:  4003584 927c4619ca803b02b344d2b0f2fa7c80

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0.1-1ubuntu10.2_powerpc.deb
      Size/MD5:   108814 8fc0d0ff3d7465e88158509aea0c6a89
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1c2_1.0.1-1ubuntu10.2_powerpc.deb
      Size/MD5:  3849320 edbcca0353f5da1a2e76e6d2fba85d92

Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ