lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060712155632.GG5570@piware.de>
Date: Wed Jul 12 16:55:56 2006
From: martin.pitt at canonical.com (Martin Pitt)
Subject: [USN-315-1] libmms, xine-lib vulnerabilities

=========================================================== 
Ubuntu Security Notice USN-315-1              July 12, 2006
libmms, xine-lib vulnerabilities
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.04
Ubuntu 5.10
Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.04:
  libxine1                                 1.0-1ubuntu3.8

Ubuntu 5.10:
  libmms0                                  0.1-0ubuntu1.2
  libxine1c2                               1.0.1-1ubuntu10.4

Ubuntu 6.06 LTS:
  libxine-main1                            1.1.1+ubuntu2-7.2

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Matthias Hopf discovered several buffer overflows in libmms. By
tricking a user into opening a specially crafted remote multimedia
stream with an application using libmms, a remote attacker could
exploit this to execute arbitrary code with the user's privileges.

The Xine library contains an embedded copy of libmms, and thus needs
the same security update.


Updated packages for Ubuntu 5.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0-1ubuntu3.8.diff.gz
      Size/MD5:     5811 6a41fae784ef1516888d20a8ec08c663
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0-1ubuntu3.8.dsc
      Size/MD5:     1070 9880832522e9ec56d035abe93b4e2471
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0.orig.tar.gz
      Size/MD5:  7384258 96e5195c366064e7778af44c3e71f43a

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0-1ubuntu3.8_amd64.deb
      Size/MD5:   106922 2b8375b1f380d86fcf366a18d1f3b902
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.0-1ubuntu3.8_amd64.deb
      Size/MD5:  3567630 d752e90e7d26650aea95d367dcf84790

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0-1ubuntu3.8_i386.deb
      Size/MD5:   106932 d95e46c206ca84e80a98e01ad404ef71
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.0-1ubuntu3.8_i386.deb
      Size/MD5:  3750548 743fae494abdd778263762de0100a7c9

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0-1ubuntu3.8_powerpc.deb
      Size/MD5:   106944 2719a6a92c6e4cbbbd884ecdbfe7122e
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.0-1ubuntu3.8_powerpc.deb
      Size/MD5:  3925764 979cd9f6ba73ae35cdce5a965f3068a9

Updated packages for Ubuntu 5.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libm/libmms/libmms_0.1-0ubuntu1.2.diff.gz
      Size/MD5:     5750 26bc4a3aa10f4c803fa97f9544ecd0bc
    http://security.ubuntu.com/ubuntu/pool/main/libm/libmms/libmms_0.1-0ubuntu1.2.dsc
      Size/MD5:      607 592210915bc702a6d9e94ecfe0711fa7
    http://security.ubuntu.com/ubuntu/pool/main/libm/libmms/libmms_0.1.orig.tar.gz
      Size/MD5:   317089 ebd88537af9875265e41ee65603ecd1a
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0.1-1ubuntu10.4.diff.gz
      Size/MD5:    10600 1e73a41d99fb1fb4b2eddb43895caeac
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0.1-1ubuntu10.4.dsc
      Size/MD5:     1189 9f04d287f5ba301eaf6fd2f9e066e3ae
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0.1.orig.tar.gz
      Size/MD5:  7774954 9be804b337c6c3a2e202c5a7237cb0f8

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/libm/libmms/libmms-dev_0.1-0ubuntu1.2_amd64.deb
      Size/MD5:    19984 21d4c0a07f60aeb1550f198722d9ec99
    http://security.ubuntu.com/ubuntu/pool/main/libm/libmms/libmms0_0.1-0ubuntu1.2_amd64.deb
      Size/MD5:    16360 bf82acc8e708dbf4605fb6be016e0e40
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0.1-1ubuntu10.4_amd64.deb
      Size/MD5:   108948 92beceb19f7806a47992ca8d6fcb5c9c
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1c2_1.0.1-1ubuntu10.4_amd64.deb
      Size/MD5:  3611402 24bcea7ae2e5a4b5776213fd551851f8

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/libm/libmms/libmms-dev_0.1-0ubuntu1.2_i386.deb
      Size/MD5:    18312 bbe36a4ac6b616c24be2c7417a44bf26
    http://security.ubuntu.com/ubuntu/pool/main/libm/libmms/libmms0_0.1-0ubuntu1.2_i386.deb
      Size/MD5:    15116 0ed843f14b406370a7a2426ba5c8f459
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0.1-1ubuntu10.4_i386.deb
      Size/MD5:   108956 2c9357c05d883747cb7c1c8218e7a257
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1c2_1.0.1-1ubuntu10.4_i386.deb
      Size/MD5:  4004566 a6eadc42261b15feb9aaaf9a516edaca

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/libm/libmms/libmms-dev_0.1-0ubuntu1.2_powerpc.deb
      Size/MD5:    20550 88be072a4d9968f6a758d20fba33fb81
    http://security.ubuntu.com/ubuntu/pool/main/libm/libmms/libmms0_0.1-0ubuntu1.2_powerpc.deb
      Size/MD5:    18054 ecafbce4e2a05da7adacd1b8a716f614
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0.1-1ubuntu10.4_powerpc.deb
      Size/MD5:   108966 d29c1cdfad3738f47441a25be906f7b3
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1c2_1.0.1-1ubuntu10.4_powerpc.deb
      Size/MD5:  3849922 360cf1cbe7d3188a64c371734b2e1f73

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/libm/libmms/libmms-dev_0.1-0ubuntu1.2_sparc.deb
      Size/MD5:    20194 d4a2b3a78581779856656d9d0613d7bd
    http://security.ubuntu.com/ubuntu/pool/main/libm/libmms/libmms0_0.1-0ubuntu1.2_sparc.deb
      Size/MD5:    16508 9c210d92de01363a6ea9e37f5728f7a9
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0.1-1ubuntu10.4_sparc.deb
      Size/MD5:   108972 e28a162c5dc38955bea35bdf69101d08
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1c2_1.0.1-1ubuntu10.4_sparc.deb
      Size/MD5:  3695506 e0113a7af33228a79f4f1439f7ec9c3d

Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.1.1+ubuntu2-7.2.diff.gz
      Size/MD5:    18634 6ac5ed28ef6bec0091a5febc5e40db8a
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.1.1+ubuntu2-7.2.dsc
      Size/MD5:     1115 8d62a6c7dc5904bb75c013b07864203d
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.1.1+ubuntu2.orig.tar.gz
      Size/MD5:  6099365 5d0f3988e4d95f6af6f3caf2130ee992

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.1+ubuntu2-7.2_amd64.deb
      Size/MD5:   115520 4a424ffcb5eb8e99f1f4656e5a68f980
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-main1_1.1.1+ubuntu2-7.2_amd64.deb
      Size/MD5:  2614906 607d5b21edde0264b69edf200f6221a4

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.1+ubuntu2-7.2_i386.deb
      Size/MD5:   115526 a151a6d291e2cbc73245b7c6d0c9ca8e
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-main1_1.1.1+ubuntu2-7.2_i386.deb
      Size/MD5:  2933994 a6d1202077f5df87ddde0492fb782945

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.1+ubuntu2-7.2_powerpc.deb
      Size/MD5:   115532 ab63a178081fc483865a96129fc14351
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-main1_1.1.1+ubuntu2-7.2_powerpc.deb
      Size/MD5:  2724624 1f29b24069707f1bc2c6b3fad7bfa92e

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.1+ubuntu2-7.2_sparc.deb
      Size/MD5:   115536 5713fb50b7d4b6cdc0e8ee83855e22f8
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-main1_1.1.1+ubuntu2-7.2_sparc.deb
      Size/MD5:  2591402 8bcbbf3ca6e56a52274126cab5e3c846

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060712/ae093f01/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ