[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060712155632.GG5570@piware.de>
Date: Wed, 12 Jul 2006 17:56:32 +0200
From: Martin Pitt <martin.pitt@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-315-1] libmms, xine-lib vulnerabilities
===========================================================
Ubuntu Security Notice USN-315-1 July 12, 2006
libmms, xine-lib vulnerabilities
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 5.04
Ubuntu 5.10
Ubuntu 6.06 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 5.04:
libxine1 1.0-1ubuntu3.8
Ubuntu 5.10:
libmms0 0.1-0ubuntu1.2
libxine1c2 1.0.1-1ubuntu10.4
Ubuntu 6.06 LTS:
libxine-main1 1.1.1+ubuntu2-7.2
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
Matthias Hopf discovered several buffer overflows in libmms. By
tricking a user into opening a specially crafted remote multimedia
stream with an application using libmms, a remote attacker could
exploit this to execute arbitrary code with the user's privileges.
The Xine library contains an embedded copy of libmms, and thus needs
the same security update.
Updated packages for Ubuntu 5.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0-1ubuntu3.8.diff.gz
Size/MD5: 5811 6a41fae784ef1516888d20a8ec08c663
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0-1ubuntu3.8.dsc
Size/MD5: 1070 9880832522e9ec56d035abe93b4e2471
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0.orig.tar.gz
Size/MD5: 7384258 96e5195c366064e7778af44c3e71f43a
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0-1ubuntu3.8_amd64.deb
Size/MD5: 106922 2b8375b1f380d86fcf366a18d1f3b902
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.0-1ubuntu3.8_amd64.deb
Size/MD5: 3567630 d752e90e7d26650aea95d367dcf84790
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0-1ubuntu3.8_i386.deb
Size/MD5: 106932 d95e46c206ca84e80a98e01ad404ef71
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.0-1ubuntu3.8_i386.deb
Size/MD5: 3750548 743fae494abdd778263762de0100a7c9
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0-1ubuntu3.8_powerpc.deb
Size/MD5: 106944 2719a6a92c6e4cbbbd884ecdbfe7122e
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.0-1ubuntu3.8_powerpc.deb
Size/MD5: 3925764 979cd9f6ba73ae35cdce5a965f3068a9
Updated packages for Ubuntu 5.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/libm/libmms/libmms_0.1-0ubuntu1.2.diff.gz
Size/MD5: 5750 26bc4a3aa10f4c803fa97f9544ecd0bc
http://security.ubuntu.com/ubuntu/pool/main/libm/libmms/libmms_0.1-0ubuntu1.2.dsc
Size/MD5: 607 592210915bc702a6d9e94ecfe0711fa7
http://security.ubuntu.com/ubuntu/pool/main/libm/libmms/libmms_0.1.orig.tar.gz
Size/MD5: 317089 ebd88537af9875265e41ee65603ecd1a
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0.1-1ubuntu10.4.diff.gz
Size/MD5: 10600 1e73a41d99fb1fb4b2eddb43895caeac
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0.1-1ubuntu10.4.dsc
Size/MD5: 1189 9f04d287f5ba301eaf6fd2f9e066e3ae
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0.1.orig.tar.gz
Size/MD5: 7774954 9be804b337c6c3a2e202c5a7237cb0f8
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/libm/libmms/libmms-dev_0.1-0ubuntu1.2_amd64.deb
Size/MD5: 19984 21d4c0a07f60aeb1550f198722d9ec99
http://security.ubuntu.com/ubuntu/pool/main/libm/libmms/libmms0_0.1-0ubuntu1.2_amd64.deb
Size/MD5: 16360 bf82acc8e708dbf4605fb6be016e0e40
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0.1-1ubuntu10.4_amd64.deb
Size/MD5: 108948 92beceb19f7806a47992ca8d6fcb5c9c
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1c2_1.0.1-1ubuntu10.4_amd64.deb
Size/MD5: 3611402 24bcea7ae2e5a4b5776213fd551851f8
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/libm/libmms/libmms-dev_0.1-0ubuntu1.2_i386.deb
Size/MD5: 18312 bbe36a4ac6b616c24be2c7417a44bf26
http://security.ubuntu.com/ubuntu/pool/main/libm/libmms/libmms0_0.1-0ubuntu1.2_i386.deb
Size/MD5: 15116 0ed843f14b406370a7a2426ba5c8f459
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0.1-1ubuntu10.4_i386.deb
Size/MD5: 108956 2c9357c05d883747cb7c1c8218e7a257
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1c2_1.0.1-1ubuntu10.4_i386.deb
Size/MD5: 4004566 a6eadc42261b15feb9aaaf9a516edaca
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/libm/libmms/libmms-dev_0.1-0ubuntu1.2_powerpc.deb
Size/MD5: 20550 88be072a4d9968f6a758d20fba33fb81
http://security.ubuntu.com/ubuntu/pool/main/libm/libmms/libmms0_0.1-0ubuntu1.2_powerpc.deb
Size/MD5: 18054 ecafbce4e2a05da7adacd1b8a716f614
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0.1-1ubuntu10.4_powerpc.deb
Size/MD5: 108966 d29c1cdfad3738f47441a25be906f7b3
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1c2_1.0.1-1ubuntu10.4_powerpc.deb
Size/MD5: 3849922 360cf1cbe7d3188a64c371734b2e1f73
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/libm/libmms/libmms-dev_0.1-0ubuntu1.2_sparc.deb
Size/MD5: 20194 d4a2b3a78581779856656d9d0613d7bd
http://security.ubuntu.com/ubuntu/pool/main/libm/libmms/libmms0_0.1-0ubuntu1.2_sparc.deb
Size/MD5: 16508 9c210d92de01363a6ea9e37f5728f7a9
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0.1-1ubuntu10.4_sparc.deb
Size/MD5: 108972 e28a162c5dc38955bea35bdf69101d08
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1c2_1.0.1-1ubuntu10.4_sparc.deb
Size/MD5: 3695506 e0113a7af33228a79f4f1439f7ec9c3d
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.1.1+ubuntu2-7.2.diff.gz
Size/MD5: 18634 6ac5ed28ef6bec0091a5febc5e40db8a
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.1.1+ubuntu2-7.2.dsc
Size/MD5: 1115 8d62a6c7dc5904bb75c013b07864203d
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.1.1+ubuntu2.orig.tar.gz
Size/MD5: 6099365 5d0f3988e4d95f6af6f3caf2130ee992
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.1+ubuntu2-7.2_amd64.deb
Size/MD5: 115520 4a424ffcb5eb8e99f1f4656e5a68f980
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-main1_1.1.1+ubuntu2-7.2_amd64.deb
Size/MD5: 2614906 607d5b21edde0264b69edf200f6221a4
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.1+ubuntu2-7.2_i386.deb
Size/MD5: 115526 a151a6d291e2cbc73245b7c6d0c9ca8e
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-main1_1.1.1+ubuntu2-7.2_i386.deb
Size/MD5: 2933994 a6d1202077f5df87ddde0492fb782945
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.1+ubuntu2-7.2_powerpc.deb
Size/MD5: 115532 ab63a178081fc483865a96129fc14351
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-main1_1.1.1+ubuntu2-7.2_powerpc.deb
Size/MD5: 2724624 1f29b24069707f1bc2c6b3fad7bfa92e
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.1+ubuntu2-7.2_sparc.deb
Size/MD5: 115536 5713fb50b7d4b6cdc0e8ee83855e22f8
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-main1_1.1.1+ubuntu2-7.2_sparc.deb
Size/MD5: 2591402 8bcbbf3ca6e56a52274126cab5e3c846
Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists