lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060609104643.GE5115@piware.de>
Date: Fri, 9 Jun 2006 12:46:43 +0200
From: Martin Pitt <martin.pitt@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-295-1] xine-lib vulnerability

=========================================================== 
Ubuntu Security Notice USN-295-1              June 09, 2006
xine-lib vulnerability
CVE-2006-2802
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.04
Ubuntu 5.10
Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.04:
  libxine1                       1.0-1ubuntu3.7

Ubuntu 5.10:
  libxine1c2                     1.0.1-1ubuntu10.3

Ubuntu 6.06 LTS:
  libxine-main1                  1.1.1+ubuntu2-7.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.
XXX OR XXX
After a standard system upgrade you need to reboot your computer to
effect the necessary changes.

Details follow:

Federico L. Bossi Bonin discovered a buffer overflow in the HTTP input
module. By tricking an user into opening a malicious remote media
location, a remote attacker could exploit this to crash Xine library
frontends (like totem-xine, gxine, or xine-ui) and possibly even
execute arbitrary code with the user's privileges.


Updated packages for Ubuntu 5.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0-1ubuntu3.7.diff.gz
      Size/MD5:     4636 5cc6919bd457df6beae53e9a84e9e503
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0-1ubuntu3.7.dsc
      Size/MD5:     1070 1a862dac447d52ecfb8bcdcbb24cf5de
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0.orig.tar.gz
      Size/MD5:  7384258 96e5195c366064e7778af44c3e71f43a

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0-1ubuntu3.7_amd64.deb
      Size/MD5:   106846 edbbcd4d032bb0e3ff692ac7138fe2fb
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.0-1ubuntu3.7_amd64.deb
      Size/MD5:  3567510 0d1ba9ac491e5482d82acb2f776f21bb

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0-1ubuntu3.7_i386.deb
      Size/MD5:   106822 86c3f51b3200996f96131c8c53c67506
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.0-1ubuntu3.7_i386.deb
      Size/MD5:  3750458 eff585a1e98695ae4146cd97c7560fcf

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0-1ubuntu3.7_powerpc.deb
      Size/MD5:   106850 9097246c8357d5a04139bcee0ddbb7b8
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.0-1ubuntu3.7_powerpc.deb
      Size/MD5:  3925536 8d2576a78270fb2806a18e011a18921a

Updated packages for Ubuntu 5.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0.1-1ubuntu10.3.diff.gz
      Size/MD5:     9453 2a3b01a6d858e8623a89e5cce831d392
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0.1-1ubuntu10.3.dsc
      Size/MD5:     1186 47fb3762575e25d037c3e6ba2d3d6744
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0.1.orig.tar.gz
      Size/MD5:  7774954 9be804b337c6c3a2e202c5a7237cb0f8

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0.1-1ubuntu10.3_amd64.deb
      Size/MD5:   108858 8081b6beb283dfefeda7aa0a81d5008e
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1c2_1.0.1-1ubuntu10.3_amd64.deb
      Size/MD5:  3611122 99e0979785b3c7c7001d33ddd5e8bb96

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0.1-1ubuntu10.3_i386.deb
      Size/MD5:   108864 7dfd068cc168dcc55993d70277901b3d
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1c2_1.0.1-1ubuntu10.3_i386.deb
      Size/MD5:  4004210 156188682cd24dbfa922b94d66d2dd63

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0.1-1ubuntu10.3_powerpc.deb
      Size/MD5:   108866 1489e831ed6bb874756e0f2f4a44ecca
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1c2_1.0.1-1ubuntu10.3_powerpc.deb
      Size/MD5:  3849668 6fdbbe888f1c7ee821af81e16352d61b

Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.1.1+ubuntu2-7.1.diff.gz
      Size/MD5:    17494 e751ca0a9c5b41b7c4027bef6ace5c06
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.1.1+ubuntu2-7.1.dsc
      Size/MD5:     1115 6bce2e7e1451f9466a8b18592622257b
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.1.1+ubuntu2.orig.tar.gz
      Size/MD5:  6099365 5d0f3988e4d95f6af6f3caf2130ee992

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.1+ubuntu2-7.1_amd64.deb
      Size/MD5:   115446 eb614aa1d1e7c0233edd761caf964102
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-main1_1.1.1+ubuntu2-7.1_amd64.deb
      Size/MD5:  2614692 52e2b9167da0175dc15432ca3cdf6838

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.1+ubuntu2-7.1_i386.deb
      Size/MD5:   115424 f1339e03fa540de1824dc930d8e30bf8
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-main1_1.1.1+ubuntu2-7.1_i386.deb
      Size/MD5:  2933916 9868711b9c0dfddc8e91bdf5a28dd223

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.1+ubuntu2-7.1_powerpc.deb
      Size/MD5:   115436 e54d0fff77fb6fb9c7f9cbc5454d2c36
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-main1_1.1.1+ubuntu2-7.1_powerpc.deb
      Size/MD5:  2724444 294c1ac85f65238d39695fe77ccb38cc


Download attachment "signature.asc" of type "application/pgp-signature" (192 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ