==========================================================Ubuntu Security Notice USN-763-1             April 20, 2009
xine-lib vulnerabilities
CVE-2009-0698, CVE-2009-1274
==========================================================
A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 8.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  libxine-main1                   1.1.1+ubuntu2-7.12

Ubuntu 8.04 LTS:
  libxine1                        1.1.11.1-1ubuntu3.4

Ubuntu 8.10:
  libxine1                        1.1.15-0ubuntu3.3

After a standard system upgrade you need to restart applications linked
against xine-lib, such as Totem-xine and Amarok, to effect the necessary
changes.

Details follow:

It was discovered that the QT demuxer in xine-lib did not correctly handle
a large count value in an STTS atom, resulting in a heap-based buffer
overflow. If a user or automated system were tricked into opening a
specially crafted MOV file, an attacker could execute arbitrary code as the
user invoking the program. (CVE-2009-1274)

USN-746-1 provided updated xine-lib packages to fix multiple security
vulnerabilities. The security patch to fix CVE-2009-0698 was incomplete.
This update corrects the problem.

Original advisory details:
 It was discovered that the 4xm demuxer in xine-lib did not correctly
 handle a large current_track value in a 4xm file, resulting in an integer
 overflow. If a user or automated system were tricked into opening a
 specially crafted 4xm movie file, an attacker could crash xine-lib or
 possibly execute arbitrary code with the privileges of the user invoking
 the program. (CVE-2009-0698)


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

          Size/MD5:    34881 addd781a3b9356668a86dfbad71dfa95
          Size/MD5:     1123 dca333b43cdf67cd217bbc982179115b
          Size/MD5:  6099365 5d0f3988e4d95f6af6f3caf2130ee992

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:   117892 e1b632ebd9979d2047abc7aceb9746d5
          Size/MD5:  2618504 0cad891ecc9f710dfadeb08396c25cce

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:   117896 5a0110ba0021a9f064f46a533285a2e4
          Size/MD5:  2938130 a456e0e7c3530f663b5e5e4c94d5b0be

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:   117900 dbbc39a2abbed46a37e2fba3b0bea06a
          Size/MD5:  2730878 fffec7cd0ec7ce36c8c0b898225159f0

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:   117906 ada7fefff47e72e498b470be39a529a7
          Size/MD5:  2596524 dfb2a156ddb683553db6ee41c303ceac

Updated packages for Ubuntu 8.04 LTS:

  Source archives:

          Size/MD5:   125482 e720f9852a255c6810bdfea7426b0c8e
          Size/MD5:     1876 e08844eb5750f18dee93872ac4248a47
          Size/MD5:  9056527 08f6d8ed03d98ec43a5ee1386ce83a00

  Architecture independent packages:

          Size/MD5:   143490 3bc7ffddfe39eb1c7d2dd6bd4e65c5c0
          Size/MD5:    53672 4634913cc7ae29d5076ff3cd4fd7b6a2
          Size/MD5:    53668 ab6b2ba90bf7068ef5d4e7fa24447577

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:   328608 7ddb81068b27b1f18c1ac3e15ecfec78
          Size/MD5:  1221722 f2a09e486a3920563e87904cded185ca
          Size/MD5:    58114 c4124d655997a84b63827a03e85ca8d5
          Size/MD5:  3965666 3f4f61776795d177f62df72575fbe659
          Size/MD5:   940546 358349e0ba278f871fe0f10c4f905d4a
          Size/MD5:   207570 a3ba4f1e48ef57ef1c05b98311077689
          Size/MD5:     1312 3c1b43b4a80f193c9d6e61d2c39e25c9
          Size/MD5:   393642 0945fa49d472bc256f47d6465d3785ec
          Size/MD5:    15318 cc01d89ffb577dd73ac54c2063ed393b

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:   328618 bee9baec5f06a70d537d2db538684a2e
          Size/MD5:  1329668 440e8b3ab62ca83bcd0a34cd224f0207
          Size/MD5:    58112 1b1933658a1ee9a9e1187b80d2c50472
          Size/MD5:  4053662 56af2fc865979af966d0d6d9d2142356
          Size/MD5:   928056 31da597b687ce737d002f9bdb558fe89
          Size/MD5:   203456 d64dd7fafc0f75b2716aa3b2c956e45a
          Size/MD5:     1310 097e8addf4dc8e7e7daa227d09c0f6a5
          Size/MD5:   396772 2fe27f803668905e00831ba69f638f22
          Size/MD5:    14786 75571b0b6b947834f0c651f7f2ea8552

  lpia architecture (Low Power Intel Architecture):

          Size/MD5:   328614 40ae64dd7c2dfede96750002452a0eba
          Size/MD5:  1215840 a2f4e669adb08d361aa3951af49cad8f
          Size/MD5:    58350 6706d2b4c9f30b5b6223ca4b9d30be53
          Size/MD5:  3797358 fe82f4fa3c754a428bd5e5c3b0acdfd3
          Size/MD5:   927848 ca398f65d49ae1ccd949b3c1640a4b65
          Size/MD5:   203666 ff327b971e0eb6cd4b3f6859b4f57cb1
          Size/MD5:     1308 e2fdaffcdbdbde814f284d42de7bfe75
          Size/MD5:   396636 41301e9c88acb1adeae0958d753d0a90
          Size/MD5:    14802 ca99d365e34c3712d75308cb051b036f

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:   328628 0de65674acd8384b2a87c8cbed265615
          Size/MD5:  1228704 538ce6885937c7b7207f9dfae8682fe7
          Size/MD5:    61310 4f89055aefccb32d0b036b046ae130ab
          Size/MD5:  3988574 85c4d15e45a4d281f9895a2d805341e6
          Size/MD5:  1125782 f22e96527adb39783c9f1641b1ba8e0e
          Size/MD5:   218364 60d1bb0fd5904d589aba1c6d39bd51d4
          Size/MD5:     1314 a440279b82a73c7a07ceb1f4abc0caa4
          Size/MD5:   426242 7f8b4164eb62b142a940c6d6e24ed393
          Size/MD5:    21550 510ca1eadf960a177bd0c44cecdf10fb

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:   328628 3b4cf4dddd55e94b90ec3d322568ccfb
          Size/MD5:  1212604 1e4f0a9fc4e8695cdb412583b9d728d1
          Size/MD5:    48612 27625226495c6945a8dba774187064ae
          Size/MD5:  3597250 49eec445cb8854c91b07712a41daaa73
          Size/MD5:   944752 966230eeda60548892bb990d86e8a8fa
          Size/MD5:   176192 eddb29de8ce53b59e82cf2a2b0b53fdc
          Size/MD5:     1316 4594ab22cdb47d23aab00b2e6eb85b12
          Size/MD5:   400864 722709b9ff8de68a6df8f290aa66a35f
          Size/MD5:    14626 e5c327fb96b4b44e50c2998a720accb6

Updated packages for Ubuntu 8.10:

  Source archives:

          Size/MD5:    41890 baf5932a0be5c638cd6327c073cf56bb
          Size/MD5:     2335 e6e92b63be6c97245fad4338973ef42f
          Size/MD5:  9102819 a270252e1a1342e83d1596e2d42a7282

  Architecture independent packages:

          Size/MD5:   145564 17d0c7590fbb2541cca33267b5e0771d
          Size/MD5:    55796 d390229bc35ed3b67b6dc2ac75535613
          Size/MD5:    55788 44fc2a1f24fc1f9e3629defe3e56d9e9

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:   332080 9c7e7a062fac614987073d368e8cc2aa
          Size/MD5:  1232656 07e521a56d3578ec5ed121f2a4df6ac2
          Size/MD5:    58698 7e32db0a8f1167a528aa3a2aab99ac36
          Size/MD5:  4001672 54b492ed0754590fb51b41787a1d1742
          Size/MD5:   393596 a233e0558ef1b6881cbab0cc223d2ca3
          Size/MD5:    15570 d5a14b4151db323e19560cf2e88d567a
          Size/MD5:   924542 4f5e94aa18c4b308d50e52fecc6fc95e
          Size/MD5:   213382 b420997529136c61bdb684de815b97e1
          Size/MD5:     1304 32f614ed74ad723048635519635f85b2

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:   332102 f5034ca1ae54a037070da2f148d2e1a3
          Size/MD5:  1344134 c177be09c08d1381dd8390b1144b7349
          Size/MD5:    61412 a9ba8b6677234571ad6fc272e4c66992
          Size/MD5:  4179816 33b0decdb45913d3a2428351bf916d42
          Size/MD5:   392552 fde8bdfe621fc355d08d8d8337a69f3b
          Size/MD5:    15064 008dda44975fff8203ecf6d5b3d84440
          Size/MD5:   931090 8bd8b25f8bb7fcb448e4a59d66066852
          Size/MD5:   212372 8e58f300038d28c589aadb8f63d016ff
          Size/MD5:     1314 379fc8d632d094f99945e9894cb8555f

  lpia architecture (Low Power Intel Architecture):

          Size/MD5:   332072 64c0587b987f120099d12e137707effc
          Size/MD5:  1227122 03641f8d85f184a2b8d42792bf24e6fb
          Size/MD5:    60788 b5150aa0ff8a84ee9dbeabbef5d1422c
          Size/MD5:  3908286 a33586ae92571f8b5bd09a9ccdccea11
          Size/MD5:   392482 c2fc6a0c1942e6dde143740c065c01cb
          Size/MD5:    15038 a8353873d0306287b993c43aa717d9ed
          Size/MD5:   930644 337fe5785c186a31d78081a9f7e39618
          Size/MD5:   211426 cae0b6e62e4d66e7c5f5f572cb4c5be5
          Size/MD5:     1302 ead6eb6f7fa3bac17e9b669fc6bc1443

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:   332110 282a67e92db50dd8318e95f0b05de805
          Size/MD5:  1240942 217c3cba8b56be489dcd05ade9f9c764
          Size/MD5:    64686 2b18b0900d1731ac3ea3ef4a499fa30e
          Size/MD5:  4016932 ffd240a3740b71c5a5c849183619fb64
          Size/MD5:   425984 3395a43c5ef6f46a6c22e6707dcacd7b
          Size/MD5:    21618 2d26257d273f6be8cb005590f8bc9538
          Size/MD5:  1119446 b363fa9f614098baf4852ffd38cb6c58
          Size/MD5:   225622 8eb0c15eab9676aec5a3c1f22df06fac
          Size/MD5:     1314 171241993c91588efda089e7122040d2

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:   332090 a9ddb2b7aad6503b561e55c1db748bd0
          Size/MD5:  1221010 5c9d14214948efa6a5c85e253224117b
          Size/MD5:    51184 48a79d22b68868e29b2225af474b8e30
          Size/MD5:  3583100 d4ef5fac4b6162e3ada1a147f24a7512
          Size/MD5:   400706 19e537856a692cc12b194f7fa6557c3a
          Size/MD5:    14666 be8169ae410ee9c49382b3f83694232f
          Size/MD5:   933880 c3404fd122cbf5b9869b4d0a2bf2fd63
          Size/MD5:   185912 8ed0f15205a547e86e3a4735783929c2
          Size/MD5:     1310 6e8db5ab151dbbda110b764f816fe0b4

Ubuntu 763-1: xine-lib vulnerabilities

April 20, 2009
It was discovered that the QT demuxer in xine-lib did not correctly handle a large count value in an STTS atom, resulting in a heap-based buffer overflow

Summary

Update Instructions

References

Severity
xine-lib vulnerabilities

Package Information

Related News

4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved