lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20061204220210.GI3984@outflux.net>
Date: Mon, 4 Dec 2006 14:02:10 -0800
From: Kees Cook <kees@...ntu.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-392-1] xine-lib vulnerability

=========================================================== 
Ubuntu Security Notice USN-392-1          December 04, 2006
xine-lib vulnerability
CVE-2006-6172
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.10:
  libxine1c2                               1.0.1-1ubuntu10.7

Ubuntu 6.06 LTS:
  libxine-main1                            1.1.1+ubuntu2-7.5

Ubuntu 6.10:
  libxine1                                 1.1.2+repacked1-0ubuntu3.2

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

A buffer overflow was discovered in the Real Media input plugin in 
xine-lib.  If a user were tricked into loading a specially crafted 
stream from a malicious server, the attacker could execute arbitrary 
code with the user's privileges.


Updated packages for Ubuntu 5.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0.1-1ubuntu10.7.diff.gz
      Size/MD5:    11946 ea5e6e40994f219ea88ee46def12b536
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0.1-1ubuntu10.7.dsc
      Size/MD5:     1187 2a4db66f12bce54bfa453e49c4cec531
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0.1.orig.tar.gz
      Size/MD5:  7774954 9be804b337c6c3a2e202c5a7237cb0f8

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0.1-1ubuntu10.7_amd64.deb
      Size/MD5:   109216 0130ccfcc467dfd0bd25886db806c377
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1c2_1.0.1-1ubuntu10.7_amd64.deb
      Size/MD5:  3611828 233e2ab263ec680c67b794d0689d27ee

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0.1-1ubuntu10.7_i386.deb
      Size/MD5:   109210 f2a3fdf298acaa78b74bec58a7090d53
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1c2_1.0.1-1ubuntu10.7_i386.deb
      Size/MD5:  4005142 576a8b340ba09c9241a018ab46cf44e4

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0.1-1ubuntu10.7_powerpc.deb
      Size/MD5:   109230 2719c275e06f4215d7f1b36900ca6411
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1c2_1.0.1-1ubuntu10.7_powerpc.deb
      Size/MD5:  3850402 ff0041a720565876bce10d7a250c1469

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0.1-1ubuntu10.7_sparc.deb
      Size/MD5:   109224 b628e6801a7c0def40d01234a547b07e
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1c2_1.0.1-1ubuntu10.7_sparc.deb
      Size/MD5:  3695786 55a326fd10cc11aed4bdf090b4fdb3fb

Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.1.1+ubuntu2-7.5.diff.gz
      Size/MD5:    19624 bc3bcd25cd87d3acc5cc5b0d2491944c
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.1.1+ubuntu2-7.5.dsc
      Size/MD5:     1113 f5cf8751705551296683836d779341f1
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.1.1+ubuntu2.orig.tar.gz
      Size/MD5:  6099365 5d0f3988e4d95f6af6f3caf2130ee992

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.1+ubuntu2-7.5_amd64.deb
      Size/MD5:   115738 773156901500dd6cdc71738a04545704
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-main1_1.1.1+ubuntu2-7.5_amd64.deb
      Size/MD5:  2615152 023384da81522f625b2f774b9dc66ea8

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.1+ubuntu2-7.5_i386.deb
      Size/MD5:   115744 2690e4f3c56f99d984da7ca0d1bf684c
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-main1_1.1.1+ubuntu2-7.5_i386.deb
      Size/MD5:  2934258 1e93778bed32747a3b2cffe2b4d641b7

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.1+ubuntu2-7.5_powerpc.deb
      Size/MD5:   115746 8f9e092f5ef63abc10e23dc4b611f965
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-main1_1.1.1+ubuntu2-7.5_powerpc.deb
      Size/MD5:  2724898 f144069c4a0f87595b432c8911a1948a

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.1+ubuntu2-7.5_sparc.deb
      Size/MD5:   115746 c4c2748bc59648ebd54764339eb01801
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-main1_1.1.1+ubuntu2-7.5_sparc.deb
      Size/MD5:  2591670 6fb14b10541e18b84757888994abcfc4

Updated packages for Ubuntu 6.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.1.2+repacked1-0ubuntu3.2.diff.gz
      Size/MD5:    71320 7cd3d7f480eb049e33e6c98bd12dcf53
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.1.2+repacked1-0ubuntu3.2.dsc
      Size/MD5:     1445 cc9290432a85b3b4a4f189b264f71083
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.1.2+repacked1.orig.tar.gz
      Size/MD5:  4583422 9c05a6397838e4e2e9c419e898e4b930

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/universe/x/xine-lib/libxine-main1_1.1.2+repacked1-0ubuntu3.2_all.deb
      Size/MD5:    38946 8120c98e3303e118da3bcc72b17c3555

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.2+repacked1-0ubuntu3.2_amd64.deb
      Size/MD5:   118880 d255df065d3f0a4dfdb41fd052002c1b
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1-dbg_1.1.2+repacked1-0ubuntu3.2_amd64.deb
      Size/MD5:  3442784 3a397cd06f001294e87c8a643224e01d
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.1.2+repacked1-0ubuntu3.2_amd64.deb
      Size/MD5:  2914488 a214c7af8d360dfd2c198e6ae1213956

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.2+repacked1-0ubuntu3.2_i386.deb
      Size/MD5:   118874 c9314715a8361ffc0046e981abc49172
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1-dbg_1.1.2+repacked1-0ubuntu3.2_i386.deb
      Size/MD5:  3771764 7e3a534a4ea98ac065dec40376dcc520
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.1.2+repacked1-0ubuntu3.2_i386.deb
      Size/MD5:  3221924 b86497b00c1b4cbad1889aa102ffb779

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.2+repacked1-0ubuntu3.2_powerpc.deb
      Size/MD5:   118888 822c79d2879d62a3119dd5a37bda2df4
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1-dbg_1.1.2+repacked1-0ubuntu3.2_powerpc.deb
      Size/MD5:  3469392 65d938ff9c114b436f9bb2df81da2a9f
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.1.2+repacked1-0ubuntu3.2_powerpc.deb
      Size/MD5:  3043066 280e1c942fb7ee3a66117342f848bcb2

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.2+repacked1-0ubuntu3.2_sparc.deb
      Size/MD5:   118888 1b3224f90d39958a411b23c841d788bb
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1-dbg_1.1.2+repacked1-0ubuntu3.2_sparc.deb
      Size/MD5:  3136330 10a0a1e2261b098fc597c51307a596d9
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.1.2+repacked1-0ubuntu3.2_sparc.deb
      Size/MD5:  2856892 9ba9c8b97177549067dd73631c49430c

Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ