|
|
|
>>
VUPEN Security / Public Mailing Lists Mirror |
Assigned : VUPEN/ADV-2005-2953
From : Martin Pitt <martin.pitt at canonical.com>
Subject : [USN-230-2] ffmpeg/xine-lib vulnerability
Date : 2005-12-16
Original Message
===========================================================
Ubuntu Security Notice USN-230-2 December 16, 2005
xine-lib vulnerability
CVE-2005-4048
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)
The following packages are affected:
libxine1
libxine1c2
The problem can be corrected by upgrading the affected package to
version 1-rc5-1ubuntu2.4 (for Ubuntu 4.10), 1.0-1ubuntu3.6 (for Ubuntu
5.04), or 1.0.1-1ubuntu10.2 (for Ubuntu 5.10). In general, a standard
system upgrade is sufficient to effect the necessary changes.
Details follow:
USN-230-1 fixed a vulnerability in the ffmpeg library. The Xine
library contains a copy of the ffmpeg code, thus it is vulnerable to
the same flaw.
For reference, this is the original advisory:
Simon Kilvington discovered a buffer overflow in the
avcodec_default_get_buffer() function of the ffmpeg library. By
tricking an user into opening a malicious movie which contains
specially crafted PNG images, this could be exploited to execute
arbitrary code with the user's privileges.
Updated packages for Ubuntu 4.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1-rc5-1ubuntu2.4.dsc
Size/MD5: 950 0b0865913672df5c80783279f471bf66
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1-rc5-1ubuntu2.4.diff.gz
Size/MD5: 222131 bf99e51c425cfdbac9b6c76e17504ed6
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1-rc5-1ubuntu2.4_i386.deb
Size/MD5: 101724 195cb67c660bc24a63991c3e69ec381e
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1-rc5-1ubuntu2.4_i386.deb
Size/MD5: 3729248 596d1f0437b94625ab38770f1086a03e
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1-rc5-1ubuntu2.4_powerpc.deb
Size/MD5: 3886766 1635110e5c74867f1657aacf8ff0e09a
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1-rc5-1ubuntu2.4_powerpc.deb
Size/MD5: 101728 e2960b0070421b8ef2be3f9ee40f6528
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1-rc5-1ubuntu2.4_amd64.deb
Size/MD5: 3543532 82f8b13cd4cf2fc51f6d90a64ad214b4
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1-rc5-1ubuntu2.4_amd64.deb
Size/MD5: 101722 0bb5d4a49d5f04f680dd1a38c5790191
Updated packages for Ubuntu 5.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0-1ubuntu3.6.diff.gz
Size/MD5: 4401 f6a606d82d9379f6bb6fdf4c0f9e4cb3
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0-1ubuntu3.6.dsc
Size/MD5: 1070 1fae1b7df974523161bcc5e90bb47912
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0.orig.tar.gz
Size/MD5: 7384258 96e5195c366064e7778af44c3e71f43a
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0-1ubuntu3.6_amd64.deb
Size/MD5: 106758 9ce395434edc4bbc07151e13cc018b93
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.0-1ubuntu3.6_amd64.deb
Size/MD5: 3567328 45842025ea2de6efdcb07276a78f03ed
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0-1ubuntu3.6_i386.deb
Size/MD5: 106756 e3ed2f29ec5d37f37b238c5d43140bd9
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.0-1ubuntu3.6_i386.deb
Size/MD5: 3750250 8df1800276d5e9ba8710c726d511e331
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0-1ubuntu3.6_powerpc.deb
Size/MD5: 106780 f3310108f59d253cc7c97a2ccdafce95
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.0-1ubuntu3.6_powerpc.deb
Size/MD5: 3925408 4801437ecc43845c7096d03c0e8a110d
Updated packages for Ubuntu 5.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0.1-1ubuntu10.2.diff.gz
Size/MD5: 9220 fa3727a5c30b96fa30214b74901f9b37
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0.1-1ubuntu10.2.dsc
Size/MD5: 1186 b12c0731582c9ac6016af90a6758b222
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0.1.orig.tar.gz
Size/MD5: 7774954 9be804b337c6c3a2e202c5a7237cb0f8
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0.1-1ubuntu10.2_amd64.deb
Size/MD5: 108796 fe4af1d1d64655076434bac4bd4e6121
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1c2_1.0.1-1ubuntu10.2_amd64.deb
Size/MD5: 3610978 7fccf1da401ca96a9552b9ba54818919
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0.1-1ubuntu10.2_i386.deb
Size/MD5: 108800 c2ee1c0f1f316bc2aea565fcdf085088
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1c2_1.0.1-1ubuntu10.2_i386.deb
Size/MD5: 4003584 927c4619ca803b02b344d2b0f2fa7c80
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0.1-1ubuntu10.2_powerpc.deb
Size/MD5: 108814 8fc0d0ff3d7465e88158509aea0c6a89
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1c2_1.0.1-1ubuntu10.2_powerpc.deb
Size/MD5: 3849320 edbcca0353f5da1a2e76e6d2fba85d92
Disclaimer : VUPEN Security does not endorse the content of this
message submitted by others to public mailinglists. Messages submitted to public
mailinglists do not necessarily reflect the opinions or policies of VUPEN Security.
VUPEN Security makes no warranties, express or implied, as to the content of the message
in this page or the accuracy and reliability of any messages and other materials
submitted to public mailinglists. Any questions or comments regarding this page
should be sent to
team@vupen.com
|
|
|
|
|
|
Monthly Statistics |
 |
|
|
|
| |
|
Try VUPEN
VNS |
 |
|
 |
|
| |
|
 |
| |
|
|
|
|
