USN-123-1: Xine library vulnerabilities
Posted on: 05/06/2005 10:46 AM

Xine library security update are available for Ubuntu Linux 4.10 and 5.04

==========================================================
Ubuntu Security Notice USN-123-1 May 06, 2005
xine-lib vulnerabilities
CAN-2005-1195
==========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

libxine1

The problem can be corrected by upgrading the affected package to version 1-rc5-1ubuntu2.2 (for Ubuntu 4.10) and 1.0-1ubuntu3.1 (for Ubuntu 5.04). In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

Two buffer overflows have been discovered in the MMS and Real RTSP stream handlers of the Xine library. By tricking a user to connect to a malicious MMS or RTSP video/audio stream source with an application that uses this library, an attacker could crash the client and possibly even execute arbitrary code with the privileges of the player application.

Updated packages for Ubuntu 4.10 (Warty Warthog):

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1-rc5-1ubuntu2.2.diff.gz
Size/MD5: 220602 e22a91dd6602a778a456ac4e75d14a67
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1-rc5-1ubuntu2.2.dsc
Size/MD5: 950 484c40b9a1e254d52f8c2078566cc1c1
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1-rc5.orig.tar.gz
Size/MD5: 7052663 703c3e68d60524598d4d9e527fe38286

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1-rc5-1ubuntu2.2_amd64.deb
Size/MD5: 101412 224c971e640f01ca72dc2dac17e15916
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1-rc5-1ubuntu2.2_amd64.deb
Size/MD5: 3543166 8d2ca25c0e9d364d5a2e4dedf63fba0c

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1-rc5-1ubuntu2.2_i386.deb
Size/MD5: 101406 0cf03b13b797703d594f68d7636138de
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1-rc5-1ubuntu2.2_i386.deb
Size/MD5: 3728804 27dc0b4c3fccefd1f03caa42e4dc6266

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1-rc5-1ubuntu2.2_powerpc.deb
Size/MD5: 101412 931d76d961bc60ce74514348524958e5
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1-rc5-1ubuntu2.2_powerpc.deb
Size/MD5: 3886674 b70a0603c57ad8b2ac977bdea6f9ff9f

Updated packages for Ubuntu 5.04 (Hoary Hedgehog):

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0-1ubuntu3.1.diff.gz
Size/MD5: 2763 a949659041b75d077a5605c5496bfd80
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0-1ubuntu3.1.dsc
Size/MD5: 1070 dffb73537640298a5ba352f4c15f30b4
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0.orig.tar.gz
Size/MD5: 7384258 96e5195c366064e7778af44c3e71f43a

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0-1ubuntu3.1_amd64.deb
Size/MD5: 106364 9ed4670b90056b5983ebe4f4bec06521
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.0-1ubuntu3.1_amd64.deb
Size/MD5: 3566834 f79dfbbf98c7964f23a6f3e2c71a61c3

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0-1ubuntu3.1_i386.deb
Size/MD5: 106362 6cdbdc86a2dbe46bfba98e34078ef29d
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.0-1ubuntu3.1_i386.deb
Size/MD5: 3749688 f0c5bc4161e13a973b39a86138cffa5d

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0-1ubuntu3.1_powerpc.deb
Size/MD5: 106360 0d202d05bcd13bebe3518d5c61216b02
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.0-1ubuntu3.1_powerpc.deb
Size/MD5: 3924810 86ec380434aaab8bbd6f34c101f25a83


Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/usn_123_1_xine_library_vulnerabilities.html)