Linux Security
    Linux Security
    Linux Security

    Debian: New libxine packages fix several vulnerabilities

    Date 31 Mar 2008
    2983
    Posted By LinuxSecurity Advisories
    Several local vulnerabilities have been discovered in Xine, a media player library, allowed for a denial of service or arbitrary code execution, which could be exploited through viewing malicious content. The Common Vulnerabilities and Exposures project identifies the following problems:
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-1536-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.debian.org/security/                          Thijs Kinkhorst
    March 31, 2008                        https://www.debian.org/security/faq
    - ------------------------------------------------------------------------
    
    Package        : xine-lib
    Vulnerability  : several
    Problem type   : local (remote)
    Debian-specific: no
    CVE Id(s)      : CVE-2007-1246 CVE-2007-1387 CVE-2008-0073 CVE-2008-0486
                     CVE-2008-1161 
    Debian Bug     : 464696
    
    Several local vulnerabilities have been discovered in Xine, a
    media player library, allowed for a denial of service or arbitrary code
    execution, which could be exploited through viewing malicious content.
    The Common Vulnerabilities and Exposures project identifies the following
    problems:
    
    CVE-2007-1246 / CVE-2007-1387
    
        The DMO_VideoDecoder_Open function does not set the biSize before use in a
        memcpy, which allows user-assisted remote attackers to cause a buffer overflow
        and possibly execute arbitrary code (applies to sarge only).
    
    CVE-2008-0073
    
        Array index error in the sdpplin_parse function allows remote RTSP servers
        to execute arbitrary code via a large streamid SDP parameter.
    
    CVE-2008-0486
    
        Array index vulnerability in libmpdemux/demux_audio.c might allow remote
        attackers to execute arbitrary code via a crafted FLAC tag, which triggers
        a buffer overflow (applies to etch only).
    
    CVE-2008-1161
    
        Buffer overflow in the Matroska demuxer allows remote attackers to cause a
        denial of service (crash) and possibly execute arbitrary code via a Matroska
        file with invalid frame sizes.
    
    
    For the stable distribution (etch), these problems have been fixed in version
    1.1.2+dfsg-6.
    
    For the old stable distribution (sarge), these problems have been fixed in
    version 1.0.1-1sarge7.
    
    For the unstable distribution (sid), these problems have been fixed in
    version 1.1.11-1.
    
    
    We recommend that you upgrade your xine-lib package.
    
    Upgrade instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 3.1 alias sarge
    - --------------------------------
    
    Source archives:
    
      https://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_1.0.1-1sarge7.diff.gz
        Size/MD5 checksum:     7327 f025acfa0e41de184799393ea9a54e0a
      https://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_1.0.1.orig.tar.gz
        Size/MD5 checksum:  7774954 9be804b337c6c3a2e202c5a7237cb0f8
      https://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_1.0.1-1sarge7.dsc
        Size/MD5 checksum:     1400 e3390f1650e0a1744f1cf81ce2ac30b9
    
    alpha architecture (DEC Alpha)
    
      https://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge7_alpha.deb
        Size/MD5 checksum:   109754 7b340023aa1b1c5bfe45b4b526a4fa6c
      https://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge7_alpha.deb
        Size/MD5 checksum:  4848602 31bb864f2c3dd19f0f7784ec0e2ff06d
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      https://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge7_amd64.deb
        Size/MD5 checksum:   108232 b63b13967d16548548b69363a3a49f51
      https://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge7_amd64.deb
        Size/MD5 checksum:  3934420 08f952ab238388604ca889207f15cacf
    
    arm architecture (ARM)
    
      https://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge7_arm.deb
        Size/MD5 checksum:  3909916 82a6de1aa1262bcd80fb73438442b5e6
      https://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge7_arm.deb
        Size/MD5 checksum:   109454 937b3a480028d81fd21717bd330c48a4
    
    hppa architecture (HP PA RISC)
    
      https://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge7_hppa.deb
        Size/MD5 checksum:  3617652 0ab0c31bceb15b693eeab8a1be842d81
      https://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge7_hppa.deb
        Size/MD5 checksum:   109682 140b39b4f188c7b5d5762482a1487e91
    
    i386 architecture (Intel ia32)
    
      https://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge7_i386.deb
        Size/MD5 checksum:   107842 36c35bdbcdafb36c96052c67915d3e83
      https://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge7_i386.deb
        Size/MD5 checksum:  4206034 2f670ca7711c7621e92ce6ff47f89128
    
    ia64 architecture (Intel ia64)
    
      https://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge7_ia64.deb
        Size/MD5 checksum:   108224 f5894b6e2a742713e305f0ae448f46b8
      https://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge7_ia64.deb
        Size/MD5 checksum:  5622238 e956948854e8333957a45679e3f1ca75
    
    m68k architecture (Motorola Mc680x0)
    
      https://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge7_m68k.deb
        Size/MD5 checksum:   108336 60e727a36d3f5bb0c961240ebfc7504e
      https://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge7_m68k.deb
        Size/MD5 checksum:  3176142 feccde602d192b462c146f5731a13a0f
    
    mips architecture (MIPS (Big Endian))
    
      https://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge7_mips.deb
        Size/MD5 checksum:  4091032 9f999ef7a57a9b0a860e06b146c5bf1a
      https://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge7_mips.deb
        Size/MD5 checksum:   110384 3fc17b89430ed3c84a3f144ed22b9fb0
    
    mipsel architecture (MIPS (Little Endian))
    
      https://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge7_mipsel.deb
        Size/MD5 checksum:  4126650 bbeecc6ce5709f5e7d21ee198cae076e
      https://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge7_mipsel.deb
        Size/MD5 checksum:   108234 cddeda4e920f778b2549de5fdaf40c07
    
    powerpc architecture (PowerPC)
    
      https://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge7_powerpc.deb
        Size/MD5 checksum:   108250 3370e7a1e7efc80ef348cc265c5c35f3
      https://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge7_powerpc.deb
        Size/MD5 checksum:  4306536 f62ca73d63fccd4b49d3ac2fb23345ca
    
    s390 architecture (IBM S/390)
    
      https://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge7_s390.deb
        Size/MD5 checksum:  3881906 6fed320fac7a9d73ca2a6b8191967ec9
      https://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge7_s390.deb
        Size/MD5 checksum:   108210 eb7f718923695c69594fa768af371815
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      https://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge7_sparc.deb
        Size/MD5 checksum:   108244 5f8edb59c5625822e314a65e1f606b34
      https://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge7_sparc.deb
        Size/MD5 checksum:  4361586 7e4fe726b38796ac92e72dccf3de263c
    
    
    Debian GNU/Linux 4.0 alias etch
    - -------------------------------
    
    Source archives:
    
      https://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_1.1.2+dfsg-6.dsc
        Size/MD5 checksum:     1877 318b9a5c7e265ceecd379c1bf78cc59d
      https://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_1.1.2+dfsg.orig.tar.gz
        Size/MD5 checksum:  6716994 ae6525a76280a6e1979c3f4f89fd00f3
      https://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_1.1.2+dfsg-6.diff.gz
        Size/MD5 checksum:    23720 41569cc160815132939b2700db086b97
    
    alpha architecture (DEC Alpha)
    
      https://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-6_alpha.deb
        Size/MD5 checksum:  3671136 121d4c4f366ead1efe2e51f442a01925
      https://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-6_alpha.deb
        Size/MD5 checksum:  3415068 c4c828f603c98ae9c196d62ae55fc067
      https://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-6_alpha.deb
        Size/MD5 checksum:   118364 fd21e7568f52042d7b5fa90bedb86175
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      https://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-6_amd64.deb
        Size/MD5 checksum:   117242 ba9ab3b1f580ee330b4648a6e19189bc
      https://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-6_amd64.deb
        Size/MD5 checksum:  3659052 c4d7e60c377627b0ab13e9d6a3a104c7
      https://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-6_amd64.deb
        Size/MD5 checksum:  3048320 7f2b4fc1c76ff16a0b2ec9c568c56dd0
    
    arm architecture (ARM)
    
      https://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-6_arm.deb
        Size/MD5 checksum:  2668018 7cf2fd0b431bdf32d3daed3b02144cdf
      https://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-6_arm.deb
        Size/MD5 checksum:   118582 87e83a8ed3872efca0f6c3c95ba0050b
      https://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-6_arm.deb
        Size/MD5 checksum:  2958562 b16adcf345bd2dbc0f8c3ac21b7d6e3b
    
    hppa architecture (HP PA RISC)
    
      https://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-6_hppa.deb
        Size/MD5 checksum:  2693766 0cfdb3fa5d216045eedde26f1412b3a6
      https://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-6_hppa.deb
        Size/MD5 checksum:  3219780 d38636b531e0e0396452f45a14e554c2
      https://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-6_hppa.deb
        Size/MD5 checksum:   119608 2b8a9ebea2a5037a666f8f2e086dbf17
    
    i386 architecture (Intel ia32)
    
      https://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-6_i386.deb
        Size/MD5 checksum:  3966468 68d095257a9674e8a27fc6a148cc6d5d
      https://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-6_i386.deb
        Size/MD5 checksum:  3349368 2381a282eb893d3e76eef69cc84479eb
      https://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-6_i386.deb
        Size/MD5 checksum:   117232 66690a0765f0093dff0526b85faf0322
    
    ia64 architecture (Intel ia64)
    
      https://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-6_ia64.deb
        Size/MD5 checksum:  3764630 d132f9ef4697f2c1a79054ced0309a7f
      https://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-6_ia64.deb
        Size/MD5 checksum:   117166 852e09242638daad38bbbc3ae239c9a8
      https://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-6_ia64.deb
        Size/MD5 checksum:  2684364 35d53a480f2d70eb171009873fbc490e
    
    mips architecture (MIPS (Big Endian))
    
      https://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-6_mips.deb
        Size/MD5 checksum:   119198 54129191862d2b613901399fedad7ade
      https://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-6_mips.deb
        Size/MD5 checksum:  3035424 2c7d9278440527980b2c8b4e07b4c961
      https://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-6_mips.deb
        Size/MD5 checksum:  2844004 430a6d794aee0cce2f807329166f8a9a
    
    mipsel architecture (MIPS (Little Endian))
    
      https://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-6_mipsel.deb
        Size/MD5 checksum:   117194 af4c9978178f97bafd92b66d48ab4427
      https://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-6_mipsel.deb
        Size/MD5 checksum:  3016652 5c2d3287ca0b782d5f14fa38fe9fea6f
      https://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-6_mipsel.deb
        Size/MD5 checksum:  2788460 032171f0e18822b961d4f8b8350c82f9
    
    powerpc architecture (PowerPC)
    
      https://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-6_powerpc.deb
        Size/MD5 checksum:  3209288 c144f257184eab9fb24326bd2216a87e
      https://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-6_powerpc.deb
        Size/MD5 checksum:   117204 0f6c2509636f5b94f9e0859a9d588dc2
      https://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-6_powerpc.deb
        Size/MD5 checksum:  3719086 4cec9416f1f449abfdf874bcc9e9ef57
    
    s390 architecture (IBM S/390)
    
      https://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-6_s390.deb
        Size/MD5 checksum:  2718672 dcfb54adcaf89425c83c3a32799d06dd
      https://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-6_s390.deb
        Size/MD5 checksum:   117170 405f873efab3ae50acd27eb3802c6fa8
      https://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-6_s390.deb
        Size/MD5 checksum:  3171836 486dfcf6a50e8562cc36163ae9a6ae7d
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      https://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-6_sparc.deb
        Size/MD5 checksum:  3368898 e7a09bb2b060da52f9d5a51479186748
      https://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-6_sparc.deb
        Size/MD5 checksum:  3024748 be3f7a4b8fa8da203c4b72bfb0830e22
      https://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-6_sparc.deb
        Size/MD5 checksum:   117202 fb2c1a027f3cb3eeaf76cd0a6cfb74e6
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb https://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    

    Advisories

    LinuxSecurity Poll

    I agree with Linus Torvalds - Apple's new M1-powered laptops should run on Linux.

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /main-polls/45-i-agree-with-linus-torvalds-apple-s-new-m1-powered-laptops-should-run-on-linux?task=poll.vote&format=json
    45
    radio
    [{"id":"158","title":"True","votes":"17","type":"x","order":"1","pct":3.32,"resources":[]},{"id":"159","title":"False","votes":"495","type":"x","order":"2","pct":96.68,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.