DSA 1472-1: New xine-lib packages fix arbitrary code execution
Posted on: 01/21/2008 08:00 PM

The Debian Security Team published a new security update for Debian GNU/Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1472-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
January 21, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package : xine-lib
Vulnerability : buffer overflow
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2008-0225

Luigi Auriemma discovered that the Xine media player library performed
insufficient input sanitising during the handling of RTSP streams,
which could lead to the execution of arbitrary code.

For the unstable distribution (sid), this problem will be fixed soon.

For the testing distribution (lenny), this problem has been fixed in
version 1.1.8-3+lenny1.

For the stable distribution (etch), this problem has been fixed in
version 1.1.2+dfsg-5.

For the old stable distribution (sarge), this problem has been fixed
in version 1.0.1-1sarge6.


We recommend that you upgrade your xine-lib packages.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian 3.1 (oldstable)
- ----------------------

Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_1.0.1.orig.tar.gz
Size/MD5 checksum: 7774954 9be804b337c6c3a2e202c5a7237cb0f8
http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_1.0.1-1sarge6.dsc
Size/MD5 checksum: 1059 a71bea7e3fcfb743bdc7add1c3ad2c3a
http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_1.0.1-1sarge6.diff.gz
Size/MD5 checksum: 5983 cf5b621b9730754647d46865e85d1758

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge6_alpha.deb
Size/MD5 checksum: 109438 5d603972a6236872f14a74f9be0fd911
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge6_alpha.deb
Size/MD5 checksum: 4847618 e587d76aaaf2bd501b1d0e4f50b9d358

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge6_amd64.deb
Size/MD5 checksum: 107932 2100c7187289b532dc2bbc875e1f700a
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge6_amd64.deb
Size/MD5 checksum: 3933716 5f7e1e0f992550dcc8c9bf623c806a9e

arm architecture (ARM)

http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge6_arm.deb
Size/MD5 checksum: 109156 8783e6a11aa3a4fa62dcd7c3a339a7cd
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge6_arm.deb
Size/MD5 checksum: 3909402 a0f1f5d912777e5760f9d2e9651cfec9

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge6_hppa.deb
Size/MD5 checksum: 107946 84641c7db3d69aad0f345ea55a8d38fa
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge6_hppa.deb
Size/MD5 checksum: 3601216 287d6f69f8004dee50cfe91ebdd7cb66

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge6_i386.deb
Size/MD5 checksum: 4206292 74a7995d0ddb11d42666e010884c97f0
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge6_i386.deb
Size/MD5 checksum: 107922 f0970164861c2efd8ff11b2f38ebf566

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge6_ia64.deb
Size/MD5 checksum: 5621688 7e2a07669537b34c6fee75ed6117dc47
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge6_ia64.deb
Size/MD5 checksum: 107920 846cb9aa86dd57d444e7895112bf18cc

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge6_mips.deb
Size/MD5 checksum: 107928 d7db55d769fce24e8b487bdfd24867f8
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge6_mips.deb
Size/MD5 checksum: 4067220 c3115be001b9a93b4e02c65c3596f533

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge6_mipsel.deb
Size/MD5 checksum: 107942 8517b34bfa23802386aa154a8c934c35
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge6_mipsel.deb
Size/MD5 checksum: 4125962 431f6ebb4336d1c5a3bedbec05774fca

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge6_powerpc.deb
Size/MD5 checksum: 4306036 300c1d2a63375c1b2317e1db53ae1024
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge6_powerpc.deb
Size/MD5 checksum: 107934 cd7ab4c54c9c3d7c08fe02d21ba16999

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge6_s390.deb
Size/MD5 checksum: 107918 6cc63a6ab1a7246fb5358f79edc9c65d
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge6_s390.deb
Size/MD5 checksum: 3881412 f65dc8ea4d7301a8e7261ef678da8235

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge6_sparc.deb
Size/MD5 checksum: 107942 75cc6e09083965531a69dee4c6ed7f3b
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge6_sparc.deb
Size/MD5 checksum: 4361076 6486c5cd3f62018d223978ef7abc9c3c

Debian (4.0) stable
- -------------------

Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_1.1.2+dfsg-5.dsc
Size/MD5 checksum: 1536 53abacfee8d02a781fe432ea093f61e9
http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_1.1.2+dfsg.orig.tar.gz
Size/MD5 checksum: 6716994 ae6525a76280a6e1979c3f4f89fd00f3
http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_1.1.2+dfsg-5.diff.gz
Size/MD5 checksum: 21827 0e4830926b4339d3d2f0887636cc8267

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-5_alpha.deb
Size/MD5 checksum: 3413920 e4052239ba58a4350bf81536fc28917a
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-5_alpha.deb
Size/MD5 checksum: 3670428 85d64f9da9bc3a5e26dd3643482ebc8b
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-5_alpha.deb
Size/MD5 checksum: 118038 56925157d3eff3a5f43e6bc3872dbd06

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-5_amd64.deb
Size/MD5 checksum: 3663402 0dfc07199420e1378c1033728211292d
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-5_amd64.deb
Size/MD5 checksum: 3066526 a2641e4c808259c97196346e6a901a5e
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-5_amd64.deb
Size/MD5 checksum: 118242 7a49e5eebc21c185835b00ba48515b20

arm architecture (ARM)

http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-5_arm.deb
Size/MD5 checksum: 2957806 14001daac9e466f3b66925e1dedd2b81
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-5_arm.deb
Size/MD5 checksum: 118270 944bc8b0cc0883c80cf0c67964efb268
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-5_arm.deb
Size/MD5 checksum: 2666832 535462048ce02252a6be24856119849c

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-5_hppa.deb
Size/MD5 checksum: 3207076 0fe81105d2fed6964caf4749cc8c769b
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-5_hppa.deb
Size/MD5 checksum: 116946 44f779698a4cdf54d7265b25834c2796
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-5_hppa.deb
Size/MD5 checksum: 2680760 f6b3a38ac446df3e8593eddeb38d0a55

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-5_i386.deb
Size/MD5 checksum: 3317848 548e061fb9a63d54fdc19ca022e2bfa8
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-5_i386.deb
Size/MD5 checksum: 116932 7e7561bb3b9913127c4c147688d6b115
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-5_i386.deb
Size/MD5 checksum: 3957048 51c0c12f085d80f1b7da7090e5a6270d

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-5_ia64.deb
Size/MD5 checksum: 2682782 e17d6e904bd005de4ec817dbecc3bb44
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-5_ia64.deb
Size/MD5 checksum: 3763924 f49cdc4340b535c032ad35456e54628e
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-5_ia64.deb
Size/MD5 checksum: 116936 c718d7df74a304e607559643cb50845e

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-5_mips.deb
Size/MD5 checksum: 2837566 c194eb56aed74ad9f3965b77946613b4
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-5_mips.deb
Size/MD5 checksum: 116944 701f83fbbd484885c3727e428e273a6e
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-5_mips.deb
Size/MD5 checksum: 3019196 9bf39c3bf2c34406bacc0d32705c2b0b

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-5_mipsel.deb
Size/MD5 checksum: 116954 d253ddd5c17a8148622aadfaf7d59904
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-5_mipsel.deb
Size/MD5 checksum: 3016036 ec28cd9ca4ca029cb469e67a695cc130
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-5_mipsel.deb
Size/MD5 checksum: 2787232 78c79cf8cae67f4bf19ffe7ba9617a5a

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-5_powerpc.deb
Size/MD5 checksum: 3719092 eef3e1b13623cf1fe5a1aa211106048a
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-5_powerpc.deb
Size/MD5 checksum: 116956 fb9a69a74bc85f1f81e98db5731e1575
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-5_powerpc.deb
Size/MD5 checksum: 3208680 77a72ca13dfb1021838d463125ba3008

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-5_s390.deb
Size/MD5 checksum: 116940 9e1ea979ae856864d64d0f21e7fab9cb
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-5_s390.deb
Size/MD5 checksum: 3171170 719c84080d547d78c36046122d13ebdc
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-5_s390.deb
Size/MD5 checksum: 2717060 6956c86410e02f958473a8b9610f0085

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-5_sparc.deb
Size/MD5 checksum: 116960 cc8b428a478a3196e33fa0266206493e
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-5_sparc.deb
Size/MD5 checksum: 3023954 ba3ebaaba619198d8d57d423248c2ae0
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-5_sparc.deb
Size/MD5 checksum: 3368104 6a7d01bdf85a8836da0ce8faef5c9969


These files will probably be moved into the stable distribution on
its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show lt;pkggt;' and http://packages.debian.org/lt;pkggt;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHlOO7Xm3vHE4uyloRAh3aAJ91WI7v4GgZRFJvBa7kP6Dh7jyWNQCfVkSw
5Cfk/q+bRPKYvsx80kZTa2Q=
=Yjdp
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/dsa_1472_1_new_xine_lib_packages_fix_arbitrary_code_execution.html)