USN-295-1: xine-lib vulnerability
Posted on: 06/09/2006 02:12 PM

A new xine-lib vulnerability update is available for Ubuntu Linux. Here the announcement:

Ubuntu Security Notice USN-295-1 June 09, 2006
xine-lib vulnerability
CVE-2006-2802
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D

A security issue affects the following Ubuntu releases:

Ubuntu 5.04
Ubuntu 5.10
Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.04:
libxine1 1.0-1ubuntu3.7

Ubuntu 5.10:
libxine1c2 1.0.1-1ubuntu10.3

Ubuntu 6.06 LTS:
libxine-main1 1.1.1+ubuntu2-7.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.
XXX OR XXX
After a standard system upgrade you need to reboot your computer to
effect the necessary changes.

Details follow:

Federico L. Bossi Bonin discovered a buffer overflow in the HTTP input
module. By tricking an user into opening a malicious remote media
location, a remote attacker could exploit this to crash Xine library
frontends (like totem-xine, gxine, or xine-ui) and possibly even
execute arbitrary code with the user's privileges.


Updated packages for Ubuntu 5.04:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0-1ub=
untu3.7.diff.gz
Size/MD5: 4636 5cc6919bd457df6beae53e9a84e9e503
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0-1ub=
untu3.7.dsc
Size/MD5: 1070 1a862dac447d52ecfb8bcdcbb24cf5de
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0.ori=
g.tar.gz
Size/MD5: 7384258 96e5195c366064e7778af44c3e71f43a

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0-=
1ubuntu3.7_amd64.deb
Size/MD5: 106846 edbbcd4d032bb0e3ff692ac7138fe2fb
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.0-1ub=
untu3.7_amd64.deb
Size/MD5: 3567510 0d1ba9ac491e5482d82acb2f776f21bb

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0-=
1ubuntu3.7_i386.deb
Size/MD5: 106822 86c3f51b3200996f96131c8c53c67506
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.0-1ub=
untu3.7_i386.deb
Size/MD5: 3750458 eff585a1e98695ae4146cd97c7560fcf

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0-=
1ubuntu3.7_powerpc.deb
Size/MD5: 106850 9097246c8357d5a04139bcee0ddbb7b8
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.0-1ub=
untu3.7_powerpc.deb
Size/MD5: 3925536 8d2576a78270fb2806a18e011a18921a

Updated packages for Ubuntu 5.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0.1-1=
ubuntu10.3.diff.gz
Size/MD5: 9453 2a3b01a6d858e8623a89e5cce831d392
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0.1-1=
ubuntu10.3.dsc
Size/MD5: 1186 47fb3762575e25d037c3e6ba2d3d6744
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0.1.o=
rig.tar.gz
Size/MD5: 7774954 9be804b337c6c3a2e202c5a7237cb0f8

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0.=
1-1ubuntu10.3_amd64.deb
Size/MD5: 108858 8081b6beb283dfefeda7aa0a81d5008e
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1c2_1.0.1=
-1ubuntu10.3_amd64.deb
Size/MD5: 3611122 99e0979785b3c7c7001d33ddd5e8bb96

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0.=
1-1ubuntu10.3_i386.deb
Size/MD5: 108864 7dfd068cc168dcc55993d70277901b3d
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1c2_1.0.1=
-1ubuntu10.3_i386.deb
Size/MD5: 4004210 156188682cd24dbfa922b94d66d2dd63

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0.=
1-1ubuntu10.3_powerpc.deb
Size/MD5: 108866 1489e831ed6bb874756e0f2f4a44ecca
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1c2_1.0.1=
-1ubuntu10.3_powerpc.deb
Size/MD5: 3849668 6fdbbe888f1c7ee821af81e16352d61b

Updated packages for Ubuntu 6.06 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.1.1+u=
buntu2-7.1.diff.gz
Size/MD5: 17494 e751ca0a9c5b41b7c4027bef6ace5c06
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.1.1+u=
buntu2-7.1.dsc
Size/MD5: 1115 6bce2e7e1451f9466a8b18592622257b
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.1.1+u=
buntu2.orig.tar.gz
Size/MD5: 6099365 5d0f3988e4d95f6af6f3caf2130ee992

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.=
1+ubuntu2-7.1_amd64.deb
Size/MD5: 115446 eb614aa1d1e7c0233edd761caf964102
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-main1_1.=
1.1+ubuntu2-7.1_amd64.deb
Size/MD5: 2614692 52e2b9167da0175dc15432ca3cdf6838

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.=
1+ubuntu2-7.1_i386.deb
Size/MD5: 115424 f1339e03fa540de1824dc930d8e30bf8
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-main1_1.=
1.1+ubuntu2-7.1_i386.deb
Size/MD5: 2933916 9868711b9c0dfddc8e91bdf5a28dd223

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.=
1+ubuntu2-7.1_powerpc.deb
Size/MD5: 115436 e54d0fff77fb6fb9c7f9cbc5454d2c36
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-main1_1.=
1.1+ubuntu2-7.1_powerpc.deb
Size/MD5: 2724444 294c1ac85f65238d39695fe77ccb38cc


--FN+gV9K+162wdwwF
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEiVGTDecnbV4Fd/IRAmenAJsHR/UhLmHXhDX3Iez6PtzN/wyDNACffzth
SEQr883+fKdpL6iCMvbHQgA=
=gdhA
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/usn_295_1_xine_lib_vulnerability.html)