[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20061204220210.GI3984@outflux.net>
Date: Mon, 4 Dec 2006 14:02:10 -0800
From: Kees Cook <kees@...ntu.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-392-1] xine-lib vulnerability
===========================================================
Ubuntu Security Notice USN-392-1 December 04, 2006
xine-lib vulnerability
CVE-2006-6172
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 5.10:
libxine1c2 1.0.1-1ubuntu10.7
Ubuntu 6.06 LTS:
libxine-main1 1.1.1+ubuntu2-7.5
Ubuntu 6.10:
libxine1 1.1.2+repacked1-0ubuntu3.2
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
A buffer overflow was discovered in the Real Media input plugin in
xine-lib. If a user were tricked into loading a specially crafted
stream from a malicious server, the attacker could execute arbitrary
code with the user's privileges.
Updated packages for Ubuntu 5.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0.1-1ubuntu10.7.diff.gz
Size/MD5: 11946 ea5e6e40994f219ea88ee46def12b536
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0.1-1ubuntu10.7.dsc
Size/MD5: 1187 2a4db66f12bce54bfa453e49c4cec531
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0.1.orig.tar.gz
Size/MD5: 7774954 9be804b337c6c3a2e202c5a7237cb0f8
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0.1-1ubuntu10.7_amd64.deb
Size/MD5: 109216 0130ccfcc467dfd0bd25886db806c377
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1c2_1.0.1-1ubuntu10.7_amd64.deb
Size/MD5: 3611828 233e2ab263ec680c67b794d0689d27ee
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0.1-1ubuntu10.7_i386.deb
Size/MD5: 109210 f2a3fdf298acaa78b74bec58a7090d53
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1c2_1.0.1-1ubuntu10.7_i386.deb
Size/MD5: 4005142 576a8b340ba09c9241a018ab46cf44e4
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0.1-1ubuntu10.7_powerpc.deb
Size/MD5: 109230 2719c275e06f4215d7f1b36900ca6411
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1c2_1.0.1-1ubuntu10.7_powerpc.deb
Size/MD5: 3850402 ff0041a720565876bce10d7a250c1469
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0.1-1ubuntu10.7_sparc.deb
Size/MD5: 109224 b628e6801a7c0def40d01234a547b07e
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1c2_1.0.1-1ubuntu10.7_sparc.deb
Size/MD5: 3695786 55a326fd10cc11aed4bdf090b4fdb3fb
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.1.1+ubuntu2-7.5.diff.gz
Size/MD5: 19624 bc3bcd25cd87d3acc5cc5b0d2491944c
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.1.1+ubuntu2-7.5.dsc
Size/MD5: 1113 f5cf8751705551296683836d779341f1
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.1.1+ubuntu2.orig.tar.gz
Size/MD5: 6099365 5d0f3988e4d95f6af6f3caf2130ee992
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.1+ubuntu2-7.5_amd64.deb
Size/MD5: 115738 773156901500dd6cdc71738a04545704
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-main1_1.1.1+ubuntu2-7.5_amd64.deb
Size/MD5: 2615152 023384da81522f625b2f774b9dc66ea8
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.1+ubuntu2-7.5_i386.deb
Size/MD5: 115744 2690e4f3c56f99d984da7ca0d1bf684c
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-main1_1.1.1+ubuntu2-7.5_i386.deb
Size/MD5: 2934258 1e93778bed32747a3b2cffe2b4d641b7
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.1+ubuntu2-7.5_powerpc.deb
Size/MD5: 115746 8f9e092f5ef63abc10e23dc4b611f965
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-main1_1.1.1+ubuntu2-7.5_powerpc.deb
Size/MD5: 2724898 f144069c4a0f87595b432c8911a1948a
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.1+ubuntu2-7.5_sparc.deb
Size/MD5: 115746 c4c2748bc59648ebd54764339eb01801
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-main1_1.1.1+ubuntu2-7.5_sparc.deb
Size/MD5: 2591670 6fb14b10541e18b84757888994abcfc4
Updated packages for Ubuntu 6.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.1.2+repacked1-0ubuntu3.2.diff.gz
Size/MD5: 71320 7cd3d7f480eb049e33e6c98bd12dcf53
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.1.2+repacked1-0ubuntu3.2.dsc
Size/MD5: 1445 cc9290432a85b3b4a4f189b264f71083
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.1.2+repacked1.orig.tar.gz
Size/MD5: 4583422 9c05a6397838e4e2e9c419e898e4b930
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/universe/x/xine-lib/libxine-main1_1.1.2+repacked1-0ubuntu3.2_all.deb
Size/MD5: 38946 8120c98e3303e118da3bcc72b17c3555
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.2+repacked1-0ubuntu3.2_amd64.deb
Size/MD5: 118880 d255df065d3f0a4dfdb41fd052002c1b
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1-dbg_1.1.2+repacked1-0ubuntu3.2_amd64.deb
Size/MD5: 3442784 3a397cd06f001294e87c8a643224e01d
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.1.2+repacked1-0ubuntu3.2_amd64.deb
Size/MD5: 2914488 a214c7af8d360dfd2c198e6ae1213956
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.2+repacked1-0ubuntu3.2_i386.deb
Size/MD5: 118874 c9314715a8361ffc0046e981abc49172
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1-dbg_1.1.2+repacked1-0ubuntu3.2_i386.deb
Size/MD5: 3771764 7e3a534a4ea98ac065dec40376dcc520
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.1.2+repacked1-0ubuntu3.2_i386.deb
Size/MD5: 3221924 b86497b00c1b4cbad1889aa102ffb779
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.2+repacked1-0ubuntu3.2_powerpc.deb
Size/MD5: 118888 822c79d2879d62a3119dd5a37bda2df4
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1-dbg_1.1.2+repacked1-0ubuntu3.2_powerpc.deb
Size/MD5: 3469392 65d938ff9c114b436f9bb2df81da2a9f
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.1.2+repacked1-0ubuntu3.2_powerpc.deb
Size/MD5: 3043066 280e1c942fb7ee3a66117342f848bcb2
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.2+repacked1-0ubuntu3.2_sparc.deb
Size/MD5: 118888 1b3224f90d39958a411b23c841d788bb
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1-dbg_1.1.2+repacked1-0ubuntu3.2_sparc.deb
Size/MD5: 3136330 10a0a1e2261b098fc597c51307a596d9
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.1.2+repacked1-0ubuntu3.2_sparc.deb
Size/MD5: 2856892 9ba9c8b97177549067dd73631c49430c
Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists