DSA 1105-1: New xine-lib packages fix denial of service
Posted on: 07/07/2006 10:12 AM

The Debian Security Team published a new security update for Debian GNU/Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1105-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
July 7th, 2006 http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package : xine-lib
Vulnerability : buffer overflow
Problem type : remote
Debian-specific: no
CVE ID : CVE-2006-2802
BugTraq ID : 18187
Debian Bug : 369876

Federico L. Bossi Bonin discovered a buffer overflow in the HTTP
Plugin in xine-lib, the xine video/media player library, taht could
allow a remote attacker to cause a denial of service.

For the old stable distribution (woody) this problem has been fixed in
version 0.9.8-2woody5.

For the stable distribution (sarge) this problem has been fixed in
version 1.0.1-1sarge3.

For the unstable distribution (sid) this problem has been fixed in
version 1.1.1-2.

We recommend that you upgrade your libxine packages.


Upgrade Instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_0.9.8-2woody5.dsc
Size/MD5 checksum: 761 113ef134a39e2f37bc6395dc2e43b538
http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_0.9.8-2woody5.diff.gz
Size/MD5 checksum: 2339 194c32b8c93f5e85c873454412f63552
http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_0.9.8.orig.tar.gz
Size/MD5 checksum: 1766178 d8fc9b30e15b50af8ab7552bbda7aeda

Alpha architecture:

http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody5_alpha.deb
Size/MD5 checksum: 261022 3314df47933eadc0af5b5cf4a36afdfe
http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody5_alpha.deb
Size/MD5 checksum: 816024 897664eee06d09f43375f5320be1f17b

ARM architecture:

http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody5_arm.deb
Size/MD5 checksum: 302960 9dee75c3d13aabb5e83978e0d75ec4ce
http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody5_arm.deb
Size/MD5 checksum: 671494 dafc6c14181802dd56c887583bbf5140

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody5_i386.deb
Size/MD5 checksum: 260788 3a98e4d713d1c341fe69a717c8de0072
http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody5_i386.deb
Size/MD5 checksum: 807996 1dd6e453aa93c420a145dd5397ee99bd

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody5_ia64.deb
Size/MD5 checksum: 260864 46ae5bb7b3256421dd7291e7c8898369
http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody5_ia64.deb
Size/MD5 checksum: 953654 887b267a44c50e00f8bf9e2190852ca8

HP Precision architecture:

http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody5_hppa.deb
Size/MD5 checksum: 260968 aa1ee745d7c5c6b9a8271c64f0a587a0
http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody5_hppa.deb
Size/MD5 checksum: 846792 60ed39365a0c67db2d4fba67d2ba1583

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody5_m68k.deb
Size/MD5 checksum: 292718 2a87b508bcc610a01abf8c9c3773d40d
http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody5_m68k.deb
Size/MD5 checksum: 617706 67075fef400071473fa948e5dd89b8fc

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody5_mips.deb
Size/MD5 checksum: 299478 5b0c49b3745472f71725dd052b60d712
http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody5_mips.deb
Size/MD5 checksum: 653086 0044bef2d6ebeb01385d1a20a716046a

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody5_mipsel.deb
Size/MD5 checksum: 299568 79851707d297d94d74b613d5abaa6b3a
http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody5_mipsel.deb
Size/MD5 checksum: 655030 0868f2d006c6b5282c8880a8460fed77

PowerPC architecture:

http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody5_powerpc.deb
Size/MD5 checksum: 261278 fc16e5e2889afdd2c73491714575d53f
http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody5_powerpc.deb
Size/MD5 checksum: 742454 6c2be22417b910c45c0bb113a4f7707b

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody5_s390.deb
Size/MD5 checksum: 302404 9d54d7d12b431358f99fe688e2999cb5
http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody5_s390.deb
Size/MD5 checksum: 662920 5da8cbae8d02f579e8150dde1b07c4f8

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody5_sparc.deb
Size/MD5 checksum: 261104 30717fe03e13e5dfbd5adbf4dafd93eb
http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody5_sparc.deb
Size/MD5 checksum: 803816 fe08139ea1b35f3e7d5b7bcb8de20dd3


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_1.0.1-1sarge3.dsc
Size/MD5 checksum: 1062 998afa8ddece7f06aac69cb8787b8bea
http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_1.0.1-1sarge3.diff.gz
Size/MD5 checksum: 3230 6b65bdac09c698d6dcfc9c01f417714b
http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_1.0.1.orig.tar.gz
Size/MD5 checksum: 7774954 9be804b337c6c3a2e202c5a7237cb0f8

Alpha architecture:

http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge3_alpha.deb
Size/MD5 checksum: 107646 53ba83cd587bed30cdbd5dd96a241e43
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge3_alpha.deb
Size/MD5 checksum: 4829370 83e8d3ed71f20b06d4edcd1a97247903

AMD64 architecture:

http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge3_amd64.deb
Size/MD5 checksum: 107640 9be42e567a232db85ade634a8875cea1
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge3_amd64.deb
Size/MD5 checksum: 3933392 03aaaf4b88fd5cc99ab7048e386a81eb

ARM architecture:

http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge3_arm.deb
Size/MD5 checksum: 107698 857f520bcc947238b6a1732239508e29
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge3_arm.deb
Size/MD5 checksum: 3878442 e505d7fd20cff3d6965e0e55640e5da0

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge3_i386.deb
Size/MD5 checksum: 107702 56fb77a0b6f0d01b3eb7cff160b7fc2e
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge3_i386.deb
Size/MD5 checksum: 4204886 3fb1c5b93a8bd2857f8da12f95a0c144

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge3_ia64.deb
Size/MD5 checksum: 107648 e5540cc5bbe66e9565fc412d7d37a23d
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge3_ia64.deb
Size/MD5 checksum: 5620728 800474cd0356d391f8ac843104de8057

HP Precision architecture:

http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge3_hppa.deb
Size/MD5 checksum: 107676 8f22e952357456fe6f92217a6305a54b
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge3_hppa.deb
Size/MD5 checksum: 3600400 aff888a7efd1cc00072cc3bdd1c88a70

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge3_m68k.deb
Size/MD5 checksum: 107720 97d1027b157b256611e234ce20c76337
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge3_m68k.deb
Size/MD5 checksum: 3175260 ee6cef5deb75f0396b13013602f30b90

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge3_mips.deb
Size/MD5 checksum: 107654 639d0ee2c65047864b5c726dfba30fcf
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge3_mips.deb
Size/MD5 checksum: 4066606 b7beb0cb4615f6ca98b4fbff3be16c06

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge3_mipsel.deb
Size/MD5 checksum: 107678 ba9bb94702fcf451db6dde218e23bc21
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge3_mipsel.deb
Size/MD5 checksum: 4125476 fc4b6816829beff3ba2fbd175e7e1384

PowerPC architecture:

http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge3_powerpc.deb
Size/MD5 checksum: 107686 0ce2a02a85fd72b5bb24213fc025f864
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge3_powerpc.deb
Size/MD5 checksum: 4305544 68c2be929520c8a45439d36ef8d0a2ca

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge3_s390.deb
Size/MD5 checksum: 107652 63c9659dc1e004412faf09d9feafee08
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge3_s390.deb
Size/MD5 checksum: 3880838 b747276fe66ef57341430e10adc32fee

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge3_sparc.deb
Size/MD5 checksum: 107666 045189d3cd49c72f4e4bf26ea391fec1
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge3_sparc.deb
Size/MD5 checksum: 4360438 15333a715e57287c63f2f2f36b40ec80


These files will probably be moved into the stable distribution on
its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show lt;pkggt;' and http://packages.debian.org/lt;pkggt;

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFErgKeW5ql+IAeqTIRAlpvAJ4yapJ+ISmJTUjpPiihYLpFjCXT3gCgsYoT
CWOU1x/y/dGOIGdgvJh3dvI=
=NtJp
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/dsa_1105_1_new_xine_lib_packages_fix_denial_of_service.html)