USN-445-1: XMMS vulnerabilities
Posted on: 03/28/2007 12:15 AM

A new XMMS vulnerabilities update is available for Ubuntu Linux. Here the announcement:

Ubuntu Security Notice USN-445-1 March 27, 2007
xmms vulnerabilities
CVE-2007-0653, CVE-2007-0654
==========================
==========================
=========

A security issue affects the following Ubuntu releases:

Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.10:
xmms 1.2.10+cvs20050209-2ubuntu2.1

Ubuntu 6.06 LTS:
xmms 1.2.10+cvs20050809-4ubuntu5.1

Ubuntu 6.10:
xmms 1.2.10+cvs20060429-1ubuntu2.1

After a standard system upgrade you need to restart XMMS or reboot your
computer to effect the necessary changes.

Details follow:

Sven Krewitt of Secunia Research discovered that XMMS did not correctly
handle BMP images when loading GUI skins. If a user were tricked into
loading a specially crafted skin, a remote attacker could execute
arbitrary code with user privileges.


Updated packages for Ubuntu 5.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms_1.2.10+cvs20050=
209-2ubuntu2.1.diff.gz
Size/MD5: 333129 72ef83d4f52b41558ed91841ddb3b981
http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms_1.2.10+cvs20050=
209-2ubuntu2.1.dsc
Size/MD5: 1045 8b3d745ea4c9fc0e1db52d015c5613c3
http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms_1.2.10+cvs20050=
209.orig.tar.gz
Size/MD5: 2796215 ec03ce185b2fd255d58ef5d2267024eb

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms-dev_1.2.10+cvs2=
0050209-2ubuntu2.1_amd64.deb
Size/MD5: 38878 02123da5ed2da81adcaf8b3dd1380506
http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms_1.2.10+cvs20050=
209-2ubuntu2.1_amd64.deb
Size/MD5: 1095122 5dd89b588b95cc209fb044390efe5289

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms-dev_1.2.10+cvs2=
0050209-2ubuntu2.1_i386.deb
Size/MD5: 32860 b49614977d707df3753028dbac5e7d27
http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms_1.2.10+cvs20050=
209-2ubuntu2.1_i386.deb
Size/MD5: 1001796 d8a97ce8caae0d71701a4b884e5970bb

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms-dev_1.2.10+cvs2=
0050209-2ubuntu2.1_powerpc.deb
Size/MD5: 38072 0db4136bbeaa8a3ff7f387a2f6320c07
http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms_1.2.10+cvs20050=
209-2ubuntu2.1_powerpc.deb
Size/MD5: 1133132 93cf5da1ff18a848d854029ad9ec2696

sparc architecture (Sun SPARC/UltraSPARC)

http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms-dev_1.2.10+cvs2=
0050209-2ubuntu2.1_sparc.deb
Size/MD5: 34968 140189e295996eee72023777d137066f
http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms_1.2.10+cvs20050=
209-2ubuntu2.1_sparc.deb
Size/MD5: 1062062 d1775f3f095dc03a37ab9ded4b768c6f

Updated packages for Ubuntu 6.06 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms_1.2.10+cvs20050=
809-4ubuntu5.1.diff.gz
Size/MD5: 191006 337e790c81d113b8385da0d649123f0e
http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms_1.2.10+cvs20050=
809-4ubuntu5.1.dsc
Size/MD5: 980 a3934c8b60f5810560c2073026f2172e
http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms_1.2.10+cvs20050=
809.orig.tar.gz
Size/MD5: 2798937 f60b948a5394a69b04195c22c9c75a89

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms-dev_1.2.10+cvs2=
0050809-4ubuntu5.1_amd64.deb
Size/MD5: 38904 de7338cb9e157756a1475f16d1de3d3f
http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms_1.2.10+cvs20050=
809-4ubuntu5.1_amd64.deb
Size/MD5: 1158938 4f0d080b8aa8732f674a2cfe6c97b1d2

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms-dev_1.2.10+cvs2=
0050809-4ubuntu5.1_i386.deb
Size/MD5: 32946 16d93ac5daa9da11d4f7dc80dcaea4e9
http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms_1.2.10+cvs20050=
809-4ubuntu5.1_i386.deb
Size/MD5: 1052896 aad130a721051fc69c8a9a6643832019

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms-dev_1.2.10+cvs2=
0050809-4ubuntu5.1_powerpc.deb
Size/MD5: 38012 99027515643537182a3e8910945b960b
http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms_1.2.10+cvs20050=
809-4ubuntu5.1_powerpc.deb
Size/MD5: 1193394 521f3148224f6f96643faf5ab7d96506

sparc architecture (Sun SPARC/UltraSPARC)

http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms-dev_1.2.10+cvs2=
0050809-4ubuntu5.1_sparc.deb
Size/MD5: 35108 8cc7b915ee91b2020d144e3358052d50
http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms_1.2.10+cvs20050=
809-4ubuntu5.1_sparc.deb
Size/MD5: 1127786 3ec068038288108506ee3767cd41cd59

Updated packages for Ubuntu 6.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms_1.2.10+cvs20060=
429-1ubuntu2.1.diff.gz
Size/MD5: 194003 36a8a27753ac35ce35d76697a272855b
http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms_1.2.10+cvs20060=
429-1ubuntu2.1.dsc
Size/MD5: 992 d97a5a09fc238c29c59b8b233644df99
http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms_1.2.10+cvs20060=
429.orig.tar.gz
Size/MD5: 6124267 15710911fae50a8a986b10be07c1951f

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms-dev_1.2.10+cvs2=
0060429-1ubuntu2.1_amd64.deb
Size/MD5: 39202 848a0574bed3305350e4d71f4f11857d
http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms_1.2.10+cvs20060=
429-1ubuntu2.1_amd64.deb
Size/MD5: 1219410 50ab3c73a23647f57a3b6748c4c2c1b0

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms-dev_1.2.10+cvs2=
0060429-1ubuntu2.1_i386.deb
Size/MD5: 33784 1e15c6b47b7287153bd7dd729c165613
http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms_1.2.10+cvs20060=
429-1ubuntu2.1_i386.deb
Size/MD5: 1110970 321668eae4d53449f1269116540bc7ca

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms-dev_1.2.10+cvs2=
0060429-1ubuntu2.1_powerpc.deb
Size/MD5: 38034 9a1bbb7aaa9b23337d0bc093ae461ef6
http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms_1.2.10+cvs20060=
429-1ubuntu2.1_powerpc.deb
Size/MD5: 1322454 e124ffd6707b35afb141573b638aaaa4

sparc architecture (Sun SPARC/UltraSPARC)

http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms-dev_1.2.10+cvs2=
0060429-1ubuntu2.1_sparc.deb
Size/MD5: 35460 72bef6d6e03c9009043badb9db627101
http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms_1.2.10+cvs20060=
429-1ubuntu2.1_sparc.deb
Size/MD5: 1191882 491d7e1c78a200d57e7d51cc2b51a0ed


--8P1HSweYDcXXzwPJ
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGCaO0H/9LqRcGPm0RAj4qAJ48bWpwKAMBLo+xDTeCZXHXWGpsXgCfc0nB
5iS9PGbHdQ0pt2X27Nr3brM=
=iNJO
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/usn_445_1_xmms_vulnerabilities.html)