[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20051216124422.GA5087@piware.de>
Date: Fri Dec 16 12:44:33 2005
From: martin.pitt at canonical.com (Martin Pitt)
Subject: [USN-230-2] ffmpeg/xine-lib vulnerability
===========================================================
Ubuntu Security Notice USN-230-2 December 16, 2005
xine-lib vulnerability
CVE-2005-4048
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)
The following packages are affected:
libxine1
libxine1c2
The problem can be corrected by upgrading the affected package to
version 1-rc5-1ubuntu2.4 (for Ubuntu 4.10), 1.0-1ubuntu3.6 (for Ubuntu
5.04), or 1.0.1-1ubuntu10.2 (for Ubuntu 5.10). In general, a standard
system upgrade is sufficient to effect the necessary changes.
Details follow:
USN-230-1 fixed a vulnerability in the ffmpeg library. The Xine
library contains a copy of the ffmpeg code, thus it is vulnerable to
the same flaw.
For reference, this is the original advisory:
Simon Kilvington discovered a buffer overflow in the
avcodec_default_get_buffer() function of the ffmpeg library. By
tricking an user into opening a malicious movie which contains
specially crafted PNG images, this could be exploited to execute
arbitrary code with the user's privileges.
Updated packages for Ubuntu 4.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1-rc5-1ubuntu2.4.dsc
Size/MD5: 950 0b0865913672df5c80783279f471bf66
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1-rc5-1ubuntu2.4.diff.gz
Size/MD5: 222131 bf99e51c425cfdbac9b6c76e17504ed6
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1-rc5-1ubuntu2.4_i386.deb
Size/MD5: 101724 195cb67c660bc24a63991c3e69ec381e
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1-rc5-1ubuntu2.4_i386.deb
Size/MD5: 3729248 596d1f0437b94625ab38770f1086a03e
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1-rc5-1ubuntu2.4_powerpc.deb
Size/MD5: 3886766 1635110e5c74867f1657aacf8ff0e09a
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1-rc5-1ubuntu2.4_powerpc.deb
Size/MD5: 101728 e2960b0070421b8ef2be3f9ee40f6528
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1-rc5-1ubuntu2.4_amd64.deb
Size/MD5: 3543532 82f8b13cd4cf2fc51f6d90a64ad214b4
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1-rc5-1ubuntu2.4_amd64.deb
Size/MD5: 101722 0bb5d4a49d5f04f680dd1a38c5790191
Updated packages for Ubuntu 5.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0-1ubuntu3.6.diff.gz
Size/MD5: 4401 f6a606d82d9379f6bb6fdf4c0f9e4cb3
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0-1ubuntu3.6.dsc
Size/MD5: 1070 1fae1b7df974523161bcc5e90bb47912
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0.orig.tar.gz
Size/MD5: 7384258 96e5195c366064e7778af44c3e71f43a
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0-1ubuntu3.6_amd64.deb
Size/MD5: 106758 9ce395434edc4bbc07151e13cc018b93
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.0-1ubuntu3.6_amd64.deb
Size/MD5: 3567328 45842025ea2de6efdcb07276a78f03ed
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0-1ubuntu3.6_i386.deb
Size/MD5: 106756 e3ed2f29ec5d37f37b238c5d43140bd9
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.0-1ubuntu3.6_i386.deb
Size/MD5: 3750250 8df1800276d5e9ba8710c726d511e331
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0-1ubuntu3.6_powerpc.deb
Size/MD5: 106780 f3310108f59d253cc7c97a2ccdafce95
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.0-1ubuntu3.6_powerpc.deb
Size/MD5: 3925408 4801437ecc43845c7096d03c0e8a110d
Updated packages for Ubuntu 5.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0.1-1ubuntu10.2.diff.gz
Size/MD5: 9220 fa3727a5c30b96fa30214b74901f9b37
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0.1-1ubuntu10.2.dsc
Size/MD5: 1186 b12c0731582c9ac6016af90a6758b222
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0.1.orig.tar.gz
Size/MD5: 7774954 9be804b337c6c3a2e202c5a7237cb0f8
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0.1-1ubuntu10.2_amd64.deb
Size/MD5: 108796 fe4af1d1d64655076434bac4bd4e6121
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1c2_1.0.1-1ubuntu10.2_amd64.deb
Size/MD5: 3610978 7fccf1da401ca96a9552b9ba54818919
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0.1-1ubuntu10.2_i386.deb
Size/MD5: 108800 c2ee1c0f1f316bc2aea565fcdf085088
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1c2_1.0.1-1ubuntu10.2_i386.deb
Size/MD5: 4003584 927c4619ca803b02b344d2b0f2fa7c80
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0.1-1ubuntu10.2_powerpc.deb
Size/MD5: 108814 8fc0d0ff3d7465e88158509aea0c6a89
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1c2_1.0.1-1ubuntu10.2_powerpc.deb
Size/MD5: 3849320 edbcca0353f5da1a2e76e6d2fba85d92
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20051216/93ae5d00/attachment.bin
Powered by blists - more mailing lists