[USN-123-1] Xine library vulnerabilities

From: Martin Pitt (martin.pitt_at_canonical.com)
Date: 05/06/05

  • Next message: Sune Kloppenborg Jeppesen: "[ GLSA 200505-03 ] Ethereal: Numerous vulnerabilities"
    Date: Fri, 6 May 2005 16:14:19 +0200
    To: ubuntu-security-announce@lists.ubuntu.com
    
    
    

    ===========================================================
    Ubuntu Security Notice USN-123-1 May 06, 2005
    xine-lib vulnerabilities
    CAN-2005-1195
    ===========================================================

    A security issue affects the following Ubuntu releases:

    Ubuntu 4.10 (Warty Warthog)
    Ubuntu 5.04 (Hoary Hedgehog)

    The following packages are affected:

    libxine1

    The problem can be corrected by upgrading the affected package to
    version 1-rc5-1ubuntu2.2 (for Ubuntu 4.10) and 1.0-1ubuntu3.1 (for
    Ubuntu 5.04). In general, a standard system upgrade is sufficient to
    effect the necessary changes.

    Details follow:

    Two buffer overflows have been discovered in the MMS and Real RTSP
    stream handlers of the Xine library. By tricking a user to connect to
    a malicious MMS or RTSP video/audio stream source with an application
    that uses this library, an attacker could crash the client and
    possibly even execute arbitrary code with the privileges of the player
    application.

    Updated packages for Ubuntu 4.10 (Warty Warthog):

      Source archives:

        http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1-rc5-1ubuntu2.2.diff.gz
          Size/MD5: 220602 e22a91dd6602a778a456ac4e75d14a67
        http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1-rc5-1ubuntu2.2.dsc
          Size/MD5: 950 484c40b9a1e254d52f8c2078566cc1c1
        http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1-rc5.orig.tar.gz
          Size/MD5: 7052663 703c3e68d60524598d4d9e527fe38286

      amd64 architecture (Athlon64, Opteron, EM64T Xeon)

        http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1-rc5-1ubuntu2.2_amd64.deb
          Size/MD5: 101412 224c971e640f01ca72dc2dac17e15916
        http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1-rc5-1ubuntu2.2_amd64.deb
          Size/MD5: 3543166 8d2ca25c0e9d364d5a2e4dedf63fba0c

      i386 architecture (x86 compatible Intel/AMD)

        http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1-rc5-1ubuntu2.2_i386.deb
          Size/MD5: 101406 0cf03b13b797703d594f68d7636138de
        http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1-rc5-1ubuntu2.2_i386.deb
          Size/MD5: 3728804 27dc0b4c3fccefd1f03caa42e4dc6266

      powerpc architecture (Apple Macintosh G3/G4/G5)

        http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1-rc5-1ubuntu2.2_powerpc.deb
          Size/MD5: 101412 931d76d961bc60ce74514348524958e5
        http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1-rc5-1ubuntu2.2_powerpc.deb
          Size/MD5: 3886674 b70a0603c57ad8b2ac977bdea6f9ff9f

    Updated packages for Ubuntu 5.04 (Hoary Hedgehog):

      Source archives:

        http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0-1ubuntu3.1.diff.gz
          Size/MD5: 2763 a949659041b75d077a5605c5496bfd80
        http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0-1ubuntu3.1.dsc
          Size/MD5: 1070 dffb73537640298a5ba352f4c15f30b4
        http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0.orig.tar.gz
          Size/MD5: 7384258 96e5195c366064e7778af44c3e71f43a

      amd64 architecture (Athlon64, Opteron, EM64T Xeon)

        http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0-1ubuntu3.1_amd64.deb
          Size/MD5: 106364 9ed4670b90056b5983ebe4f4bec06521
        http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.0-1ubuntu3.1_amd64.deb
          Size/MD5: 3566834 f79dfbbf98c7964f23a6f3e2c71a61c3

      i386 architecture (x86 compatible Intel/AMD)

        http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0-1ubuntu3.1_i386.deb
          Size/MD5: 106362 6cdbdc86a2dbe46bfba98e34078ef29d
        http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.0-1ubuntu3.1_i386.deb
          Size/MD5: 3749688 f0c5bc4161e13a973b39a86138cffa5d

      powerpc architecture (Apple Macintosh G3/G4/G5)

        http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0-1ubuntu3.1_powerpc.deb
          Size/MD5: 106360 0d202d05bcd13bebe3518d5c61216b02
        http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.0-1ubuntu3.1_powerpc.deb
          Size/MD5: 3924810 86ec380434aaab8bbd6f34c101f25a83

    
    



  • Next message: Sune Kloppenborg Jeppesen: "[ GLSA 200505-03 ] Ethereal: Numerous vulnerabilities"

    Relevant Pages