lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20080508220215.GO9973@severus.strandboge.com>
Date: Thu, 8 May 2008 18:02:15 -0400
From: Jamie Strandboge <jamie@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk
Subject: [USN-611-3] GStreamer Good Plugins vulnerability

=========================================================== 
Ubuntu Security Notice USN-611-3               May 08, 2008
gst-plugins-good0.10 vulnerability
CVE-2008-1686
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 7.04
Ubuntu 7.10
Ubuntu 8.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  gstreamer0.10-plugins-good      0.10.3-0ubuntu4.1

Ubuntu 7.04:
  gstreamer0.10-plugins-good      0.10.5-1ubuntu2.1

Ubuntu 7.10:
  gstreamer0.10-plugins-good      0.10.6-0ubuntu4.1

Ubuntu 8.04 LTS:
  gstreamer0.10-plugins-good      0.10.7-3ubuntu0.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

USN-611-1 fixed a vulnerability in Speex. This update provides the
corresponding update for GStreamer Good Plugins.

Original advisory details:

 It was discovered that Speex did not properly validate its input when
 processing Speex file headers. If a user or automated system were
 tricked into opening a specially crafted Speex file, an attacker could
 create a denial of service in applications linked against Speex or
 possibly execute arbitrary code as the user invoking the program.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gst-plugins-good0.10_0.10.3-0ubuntu4.1.diff.gz
      Size/MD5:    26587 c28ee0b276b139cd95e08219eae0dfdd
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gst-plugins-good0.10_0.10.3-0ubuntu4.1.dsc
      Size/MD5:     1463 45c1fd3b8ce3651c4abad741ef80f6c1
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gst-plugins-good0.10_0.10.3.orig.tar.gz
      Size/MD5:  1782808 bfac20228cf6e9317a371a5f36feb8ae

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-doc_0.10.3-0ubuntu4.1_all.deb
      Size/MD5:    75038 76c0d219af78c0581ddb03f6b6f16288

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.3-0ubuntu4.1_amd64.deb
      Size/MD5:    32904 258a2047bf718e6e2c4a8ed9156c7352
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.3-0ubuntu4.1_amd64.deb
      Size/MD5:  1670156 6a5b2fa48033860308edcb371f58f683
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.3-0ubuntu4.1_amd64.deb
      Size/MD5:   643072 0eebc1c15a8bf2b568aa946d91b76481

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.3-0ubuntu4.1_i386.deb
      Size/MD5:    32292 8196fe571b62164caf93daf94c5fd4f8
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.3-0ubuntu4.1_i386.deb
      Size/MD5:  1523910 634e36dba05f1713cb2faaf393045af2
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.3-0ubuntu4.1_i386.deb
      Size/MD5:   576984 bd0da0cc976240889a2f87f13cf92a62

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.3-0ubuntu4.1_powerpc.deb
      Size/MD5:    34552 8aae4fe1ead8f621db226cebf49e4356
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.3-0ubuntu4.1_powerpc.deb
      Size/MD5:  1705072 7e123a29b809facd93b51cbecaff0343
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.3-0ubuntu4.1_powerpc.deb
      Size/MD5:   699600 e99fbd684d1ae78030f328d32d20a8d8

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.3-0ubuntu4.1_sparc.deb
      Size/MD5:    32796 bff921c3ce7989d620a8459e45969421
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.3-0ubuntu4.1_sparc.deb
      Size/MD5:  1546334 a66846506ae701840f9b300d76c83168
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.3-0ubuntu4.1_sparc.deb
      Size/MD5:   618960 8a763568d01e8e8550142cc9f79d6938

Updated packages for Ubuntu 7.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gst-plugins-good0.10_0.10.5-1ubuntu2.1.diff.gz
      Size/MD5:    21340 f01a982544378a6c557c047bb77ab244
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gst-plugins-good0.10_0.10.5-1ubuntu2.1.dsc
      Size/MD5:     1633 fe155ca188fa0b07447acd299cfd5ac3
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gst-plugins-good0.10_0.10.5.orig.tar.gz
      Size/MD5:  2070821 c28c334037d73dd79efd7550fe3e6001

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-doc_0.10.5-1ubuntu2.1_all.deb
      Size/MD5:    95388 93f35bb9206ff4ea33950f221d08e0e0

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.5-1ubuntu2.1_amd64.deb
      Size/MD5:    38132 9c03502fddae3db99c0d782a51ea9bcf
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.5-1ubuntu2.1_amd64.deb
      Size/MD5:  1937856 82eecb005419b8eefae5d7daeaca83e9
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.5-1ubuntu2.1_amd64.deb
      Size/MD5:   725752 4ef7781a8cce07669fed638678e5edf2

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.5-1ubuntu2.1_i386.deb
      Size/MD5:    37906 b323df18724846d81da4f55afc65a4d2
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.5-1ubuntu2.1_i386.deb
      Size/MD5:  1837014 df4818adf02517cd50f483a0c8ac63f1
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.5-1ubuntu2.1_i386.deb
      Size/MD5:   676274 21e5abb6fa53b82ce49533ef41fd8b8c

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.5-1ubuntu2.1_powerpc.deb
      Size/MD5:    38886 3198a0d9789c6a2b31741477423a64c6
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.5-1ubuntu2.1_powerpc.deb
      Size/MD5:  1955710 4dbf717c9342620e141caf375115c6d9
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.5-1ubuntu2.1_powerpc.deb
      Size/MD5:   767834 b693df406bc38f521ef824829b117457

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.5-1ubuntu2.1_sparc.deb
      Size/MD5:    38102 296bccc5ee42f283fef5d8e69a56b7c3
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.5-1ubuntu2.1_sparc.deb
      Size/MD5:  1822102 c2b7fa56757d93940ce519338f5a9528
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.5-1ubuntu2.1_sparc.deb
      Size/MD5:   702034 26f832b931d99c939692da1d6c815832

Updated packages for Ubuntu 7.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gst-plugins-good0.10_0.10.6-0ubuntu4.1.diff.gz
      Size/MD5:    66980 83755cd8268384715d4e79c0dadad0c3
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gst-plugins-good0.10_0.10.6-0ubuntu4.1.dsc
      Size/MD5:     1735 0aec0c6b155f8abe72e53661aa085918
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gst-plugins-good0.10_0.10.6.orig.tar.gz
      Size/MD5:  2414361 8cae6351d3b5739104fbc9822eedff79

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-doc_0.10.6-0ubuntu4.1_all.deb
      Size/MD5:   108484 c32d287c32fe20320d72e85baad6cda7

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.6-0ubuntu4.1_amd64.deb
      Size/MD5:    41398 fbcd8aad68b3f09ad059d826dda71bf3
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.6-0ubuntu4.1_amd64.deb
      Size/MD5:  2275126 7db2247b64e5450eb6d621bb1e032441
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.6-0ubuntu4.1_amd64.deb
      Size/MD5:   887380 7218d3007ee4276c5ca1d6188d76587f

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.6-0ubuntu4.1_i386.deb
      Size/MD5:    41032 02fc3bb4a14c8e65ac352ca8603188e7
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.6-0ubuntu4.1_i386.deb
      Size/MD5:  2191236 5e63077c66c8c31e870a937fb4328e76
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.6-0ubuntu4.1_i386.deb
      Size/MD5:   831112 0edc092d8ade9d24f13a6f8a047c98ce

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.6-0ubuntu4.1_lpia.deb
      Size/MD5:    40858 e91f1b91cc525dcabe042ff44f630688
    http://ports.ubuntu.com/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.6-0ubuntu4.1_lpia.deb
      Size/MD5:  2280944 cf5e2e599f6ccfc620102e13944fddb9
    http://ports.ubuntu.com/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.6-0ubuntu4.1_lpia.deb
      Size/MD5:   814556 f09b29051e35370dd6d4bb700e571250

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.6-0ubuntu4.1_powerpc.deb
      Size/MD5:    42100 618d4e53fed3b843887f32193118b294
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.6-0ubuntu4.1_powerpc.deb
      Size/MD5:  2316016 1e34b945d00bc9071dbafceb4452e6e9
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.6-0ubuntu4.1_powerpc.deb
      Size/MD5:   940724 b3696538b218ab60d1a3c22fa54b3543

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.6-0ubuntu4.1_sparc.deb
      Size/MD5:    41290 9e057a7a98aab9756649a40cf26038c5
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.6-0ubuntu4.1_sparc.deb
      Size/MD5:  2158886 7f9ca30293540d08026cfd66ed1cc8a5
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.6-0ubuntu4.1_sparc.deb
      Size/MD5:   869388 85474c31b8d1f128f5077210023ec22b

Updated packages for Ubuntu 8.04 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gst-plugins-good0.10_0.10.7-3ubuntu0.1.diff.gz
      Size/MD5:    26063 f789d0115e0cc19453e3d096cb383c52
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gst-plugins-good0.10_0.10.7-3ubuntu0.1.dsc
      Size/MD5:     2069 4862dac7936f34756a2edab1cfe00e53
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gst-plugins-good0.10_0.10.7.orig.tar.gz
      Size/MD5:  2679804 2832ded1d6be0356d77689b6ca1b5f83

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-doc_0.10.7-3ubuntu0.1_all.deb
      Size/MD5:   149968 c265e6c51796688a384c8f1ef881f93d

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.7-3ubuntu0.1_amd64.deb
      Size/MD5:    44998 93620f1b2476459723abdcb840615d6a
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.7-3ubuntu0.1_amd64.deb
      Size/MD5:  2409630 cfd69cd30e697fdb8fbfeb5285f23989
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.7-3ubuntu0.1_amd64.deb
      Size/MD5:   932962 18d7dadedb46d3364e7cb362c2485017

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.7-3ubuntu0.1_i386.deb
      Size/MD5:    44684 9889cb9ea0330e0c6d2afbf37814881b
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.7-3ubuntu0.1_i386.deb
      Size/MD5:  2314338 8a73f849bf62c6619d37816918a7865c
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.7-3ubuntu0.1_i386.deb
      Size/MD5:   873074 846a215cad96a4a9c50b3a28f4451572

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.7-3ubuntu0.1_lpia.deb
      Size/MD5:    44500 84aa4a81f6266bd0eaaaca92231898ec
    http://ports.ubuntu.com/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.7-3ubuntu0.1_lpia.deb
      Size/MD5:  2344148 9c316ad9c0b5eb43387e121e3bd89fdf
    http://ports.ubuntu.com/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.7-3ubuntu0.1_lpia.deb
      Size/MD5:   859876 d4986caefbd02b780e5eb31ae1f9dc22

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.7-3ubuntu0.1_powerpc.deb
      Size/MD5:    45640 8de3e87763017b90424f0bf348c7b623
    http://ports.ubuntu.com/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.7-3ubuntu0.1_powerpc.deb
      Size/MD5:  2441410 f25046e5fe500ed03cfaa3cd683b2760
    http://ports.ubuntu.com/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.7-3ubuntu0.1_powerpc.deb
      Size/MD5:   991944 65b7cc2d20583221910e2cd4bdfab873

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.7-3ubuntu0.1_sparc.deb
      Size/MD5:    44714 5ab724f2993b9aee9e40145bb710cfe5
    http://ports.ubuntu.com/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.7-3ubuntu0.1_sparc.deb
      Size/MD5:  2280982 9bda887a2ac622b11a5a5bdb39a3f31d
    http://ports.ubuntu.com/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.7-3ubuntu0.1_sparc.deb
      Size/MD5:   904902 1d227c55e7cff2ffb678c65c1e9a09c0



Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ