Debian: New xine-lib packages fix several vulnerabilities

    Date 22 May 2008
    4958
    Posted By LinuxSecurity Advisories
    Integer overflow vulnerabilities exist in xine's FLV, QuickTime, RealMedia, MVE and CAK demuxers, as well as the EBML parser used by the Matroska demuxer. These weaknesses allow an attacker to overflow heap buffers and potentially execute arbitrary code by supplying a maliciously crafted file of those types.
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-1586-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.debian.org/security/                           Devin Carraway
    May 22, 2008                          https://www.debian.org/security/faq
    - ------------------------------------------------------------------------
    
    Package        : xine-lib
    Vulnerability  : multiple
    Problem type   : local (remote)
    Debian-specific: no
    CVE Id(s)      : CVE-2008-1482 CVE-2008-1686 CVE-2008-1878
    
    Multiple vulnerabilities have been discovered in xine-lib, a library
    which supplies most of the application functionality of the xine
    multimedia player.  The Common Vulnerabilities and Exposures project
    identifies the following three problems:
    
    CVE-2008-1482
    
        Integer overflow vulnerabilities exist in xine's FLV, QuickTime,
        RealMedia, MVE and CAK demuxers, as well as the EBML parser used
        by the Matroska demuxer.  These weaknesses allow an attacker to
        overflow heap buffers and potentially execute arbitrary code by
        supplying a maliciously crafted file of those types.
    
    CVE-2008-1686
    
        Insufficient input validation in the Speex implementation used
        by this version of xine enables an invalid array access and the
        execution of arbitrary code by supplying a maliciously crafted
        Speex file.
    
    CVE-2008-1878
    
        Inadequate bounds checking in the NES Sound Format (NSF) demuxer
        enables a stack buffer overflow and the execution of arbitrary
        code through a maliciously crafted NSF file.
    
    For the stable distribution (etch), these problems have been fixed in
    version 1.1.2+dfsg-7.
    
    For the unstable distribution (sid), these problems have been fixed in
    version 1.1.12-2.
    
    We recommend that you upgrade your xine-lib packages.
    
    Upgrade instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 4.0 alias etch
    - -------------------------------
    
    Source archives:
    
      https://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_1.1.2+dfsg.orig.tar.gz
        Size/MD5 checksum:  6716994 ae6525a76280a6e1979c3f4f89fd00f3
      https://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_1.1.2+dfsg-7.diff.gz
        Size/MD5 checksum:    32397 9ef42da73934e6a981151549e97fd396
      https://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_1.1.2+dfsg-7.dsc
        Size/MD5 checksum:     1585 b0949db5082a590b1afa4f477005f79f
    
    alpha architecture (DEC Alpha)
    
      https://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-7_alpha.deb
        Size/MD5 checksum:  3410964 35526481cc816fad2d5692b33f4a3577
      https://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-7_alpha.deb
        Size/MD5 checksum:   118604 cfc8a8c900bd1182b3faddfeb09eba84
      https://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-7_alpha.deb
        Size/MD5 checksum:  3665492 49adcd016edc53b96bbc028bc3e428ae
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      https://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-7_amd64.deb
        Size/MD5 checksum:   117506 f8305c6e72d9fd2a25cb7b144e0d696d
      https://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-7_amd64.deb
        Size/MD5 checksum:  3050404 b94199ba7a4a578db7eb0eefa42b725c
      https://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-7_amd64.deb
        Size/MD5 checksum:  3660324 635669edb747900be1b17a17dba1f564
    
    arm architecture (ARM)
    
      https://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-7_arm.deb
        Size/MD5 checksum:   118774 052c7ceae25865180a966f6e9e4eb573
      https://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-7_arm.deb
        Size/MD5 checksum:  2959500 bb1f326f6451a5681c592a56734b30da
      https://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-7_arm.deb
        Size/MD5 checksum:  2668528 19d061e0cc24b1bf935607207bc8c638
    
    hppa architecture (HP PA RISC)
    
      https://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-7_hppa.deb
        Size/MD5 checksum:  3225530 ac2abcd37fe278b730a7a52db4690e2c
      https://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-7_hppa.deb
        Size/MD5 checksum:   119646 5190a9fd4691a7523f1ae2734d81691f
      https://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-7_hppa.deb
        Size/MD5 checksum:  2697042 ea3479f6dc14ed23f90fbb653ea714aa
    
    i386 architecture (Intel ia32)
    
      https://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-7_i386.deb
        Size/MD5 checksum:   117466 6bd9177c7a51abe868c0c4f4dfb1b6d7
      https://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-7_i386.deb
        Size/MD5 checksum:  3967634 5a85d97914a5bcb3033e8d3eaec4af4b
      https://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-7_i386.deb
        Size/MD5 checksum:  3350218 88382dafa93891b720985435619e1bee
    
    ia64 architecture (Intel ia64)
    
      https://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-7_ia64.deb
        Size/MD5 checksum:  3765616 e38586e9ef6c7b1997679198cc263b9f
      https://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-7_ia64.deb
        Size/MD5 checksum:  2685148 2bbd6abfaa59b6d5d238916e1fe588c1
      https://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-7_ia64.deb
        Size/MD5 checksum:   117500 c6038901ade50caa3a84254f51b43081
    
    mips architecture (MIPS (Big Endian))
    
      https://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-7_mips.deb
        Size/MD5 checksum:  3036512 2e2b54ad4b4b45715528981791ce85c6
      https://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-7_mips.deb
        Size/MD5 checksum:  2844538 03835764ba28aa277cf33b994ac2c515
      https://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-7_mips.deb
        Size/MD5 checksum:   119386 292683637eeb0e0922516c27069b0a4a
    
    mipsel architecture (MIPS (Little Endian))
    
      https://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-7_mipsel.deb
        Size/MD5 checksum:  3017710 0fd6b63681e496817a5a741b942b3642
      https://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-7_mipsel.deb
        Size/MD5 checksum:  2788988 e9bc0450d264dfc9f3522bc38f27fa61
      https://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-7_mipsel.deb
        Size/MD5 checksum:   117528 656913c22767f942ea3ef2f8ad0edc80
    
    powerpc architecture (PowerPC)
    
      https://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-7_powerpc.deb
        Size/MD5 checksum:  3719568 4bf9a41390aa91305a7de075d8d2c52a
      https://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-7_powerpc.deb
        Size/MD5 checksum:  3209842 ee37b66a198c890770fcda734e30fab8
      https://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-7_powerpc.deb
        Size/MD5 checksum:   117512 e952851e820d0634de013e598c61c432
    
    s390 architecture (IBM S/390)
    
      https://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-7_s390.deb
        Size/MD5 checksum:  3173064 c1210b83707d76a4256c42393ef1e2d4
      https://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-7_s390.deb
        Size/MD5 checksum:  2719306 125a96fd91fc8cf88c69280500230e0e
      https://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-7_s390.deb
        Size/MD5 checksum:   117502 babe974673968538886456d4f5345cce
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      https://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-7_sparc.deb
        Size/MD5 checksum:  3025332 591637b97267686c199c074ce3e92aba
      https://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-7_sparc.deb
        Size/MD5 checksum:   117520 f3b076031d34e283445c27fcb9031e63
      https://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-7_sparc.deb
        Size/MD5 checksum:  3369250 d8e3d16b7c014187398029cf2e75f0da
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb https://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    

    LinuxSecurity Poll

    If you are using full-disk encryption: are you concerned about the resulting performance hit?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /main-polls/34-if-you-are-using-full-disk-encryption-are-you-concerned-about-the-resulting-performance-hit?task=poll.vote&format=json
    34
    radio
    [{"id":"120","title":"Yes","votes":"13","type":"x","order":"1","pct":65,"resources":[]},{"id":"121","title":"No ","votes":"7","type":"x","order":"2","pct":35,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
    bottom 200

    Advisories

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.