[USN-123-1] Xine library vulnerabilities

Martin Pitt martin.pitt at canonical.com
Fri May 6 14:14:19 UTC 2005 

===========================================================
Ubuntu Security Notice USN-123-1	       May 06, 2005
xine-lib vulnerabilities
CAN-2005-1195
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

libxine1

The problem can be corrected by upgrading the affected package to
version 1-rc5-1ubuntu2.2 (for Ubuntu 4.10) and 1.0-1ubuntu3.1 (for
Ubuntu 5.04).  In general, a standard system upgrade is sufficient to
effect the necessary changes.

Details follow:

Two buffer overflows have been discovered in the MMS and Real RTSP
stream handlers of the Xine library. By tricking a user to connect to
a malicious MMS or RTSP video/audio stream source with an application
that uses this library, an attacker could crash the client and
possibly even execute arbitrary code with the privileges of the player
application.

Updated packages for Ubuntu 4.10 (Warty Warthog):

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1-rc5-1ubuntu2.2.diff.gz
      Size/MD5:   220602 e22a91dd6602a778a456ac4e75d14a67
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1-rc5-1ubuntu2.2.dsc
      Size/MD5:      950 484c40b9a1e254d52f8c2078566cc1c1
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1-rc5.orig.tar.gz
      Size/MD5:  7052663 703c3e68d60524598d4d9e527fe38286

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1-rc5-1ubuntu2.2_amd64.deb
      Size/MD5:   101412 224c971e640f01ca72dc2dac17e15916
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1-rc5-1ubuntu2.2_amd64.deb
      Size/MD5:  3543166 8d2ca25c0e9d364d5a2e4dedf63fba0c

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1-rc5-1ubuntu2.2_i386.deb
      Size/MD5:   101406 0cf03b13b797703d594f68d7636138de
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1-rc5-1ubuntu2.2_i386.deb
      Size/MD5:  3728804 27dc0b4c3fccefd1f03caa42e4dc6266

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1-rc5-1ubuntu2.2_powerpc.deb
      Size/MD5:   101412 931d76d961bc60ce74514348524958e5
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1-rc5-1ubuntu2.2_powerpc.deb
      Size/MD5:  3886674 b70a0603c57ad8b2ac977bdea6f9ff9f

Updated packages for Ubuntu 5.04 (Hoary Hedgehog):

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0-1ubuntu3.1.diff.gz
      Size/MD5:     2763 a949659041b75d077a5605c5496bfd80
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0-1ubuntu3.1.dsc
      Size/MD5:     1070 dffb73537640298a5ba352f4c15f30b4
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0.orig.tar.gz
      Size/MD5:  7384258 96e5195c366064e7778af44c3e71f43a

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0-1ubuntu3.1_amd64.deb
      Size/MD5:   106364 9ed4670b90056b5983ebe4f4bec06521
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.0-1ubuntu3.1_amd64.deb
      Size/MD5:  3566834 f79dfbbf98c7964f23a6f3e2c71a61c3

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0-1ubuntu3.1_i386.deb
      Size/MD5:   106362 6cdbdc86a2dbe46bfba98e34078ef29d
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.0-1ubuntu3.1_i386.deb
      Size/MD5:  3749688 f0c5bc4161e13a973b39a86138cffa5d

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0-1ubuntu3.1_powerpc.deb
      Size/MD5:   106360 0d202d05bcd13bebe3518d5c61216b02
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.0-1ubuntu3.1_powerpc.deb
      Size/MD5:  3924810 86ec380434aaab8bbd6f34c101f25a83
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20050506/1c9d7243/attachment.sig>

More information about the ubuntu-security-announce mailing list