=========================================================== 
Ubuntu Security Notice USN-433-1             March 09, 2007
xine-lib vulnerability
CVE-2007-1246
==========================================================
A security issue affects the following Ubuntu releases:

Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.10:
  libxine1c2                               1.0.1-1ubuntu10.8

Ubuntu 6.06 LTS:
  libxine-main1                            1.1.1+ubuntu2-7.6

Ubuntu 6.10:
  libxine1                                 1.1.2+repacked1-0ubuntu3.3

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Moritz Jodeit discovered that the DMO loader of Xine did not correctly 
validate the size of an allocated buffer.  By tricking a user into 
opening a specially crafted media file, an attacker could execute 
arbitrary code with the user's privileges.


Updated packages for Ubuntu 5.10:

  Source archives:

          Size/MD5:    12146 b32c486037c9bd487f47677d77057aad
          Size/MD5:     1187 e4c778b992408ec8e46e5500921545af
          Size/MD5:  7774954 9be804b337c6c3a2e202c5a7237cb0f8

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

          Size/MD5:   109296 92a59b50d859f12affc42fee457ed93f
          Size/MD5:  3611908 9e6f2c0dad7b1050a71d1f29d3537ec1

  i386 architecture (x86 compatible Intel/AMD)

          Size/MD5:   109306 3224a1a8c0c259b90add235d58d10a7a
          Size/MD5:  4005002 81fd17d5eabfa12a3dea0d9c8fd79d7f

  powerpc architecture (Apple Macintosh G3/G4/G5)

          Size/MD5:   109320 eb1a5685b7288b8cc9ef6ae09d422aec
          Size/MD5:  3850506 7801ba1b96b888c38b4e72f8fb4ccee1

  sparc architecture (Sun SPARC/UltraSPARC)

          Size/MD5:   109312 22805f01c94ced268bd12cf951447af4
          Size/MD5:  3695682 e0fbc0aa0791685943a5094ea6519b2d

Updated packages for Ubuntu 6.06 LTS:

  Source archives:

          Size/MD5:    19845 149027147eff0f72e1d0af9faa0cd6cf
          Size/MD5:     1113 6fdbc64e22ad7511a80cba1ea840b534
          Size/MD5:  6099365 5d0f3988e4d95f6af6f3caf2130ee992

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

          Size/MD5:   115856 6146578aeeecdf61742b90dca3a97155
          Size/MD5:  2615268 a6cff8bccebfbe51d7b3a6916d9250b1

  i386 architecture (x86 compatible Intel/AMD)

          Size/MD5:   115852 6b404dc405aefcac89ec3eec339f25a0
          Size/MD5:  2934402 ea3a45814952437ac9f792cf1e7586b3

  powerpc architecture (Apple Macintosh G3/G4/G5)

          Size/MD5:   115860 1484daaeb0459a88c1760a1330397e52
          Size/MD5:  2724986 889c6b454382dd63cd89020c87faf547

  sparc architecture (Sun SPARC/UltraSPARC)

          Size/MD5:   115860 b43491e3060c813b3530664cca2acd30
          Size/MD5:  2591802 1e116a509bfd2b93588c48f665b78055

Updated packages for Ubuntu 6.10:

  Source archives:

          Size/MD5:    71537 8eb0120c16f4a7fa6a104906b453f51a
          Size/MD5:     1445 0a0fb0af663abf737e59cb67099e45ef
          Size/MD5:  4583422 9c05a6397838e4e2e9c419e898e4b930

  Architecture independent packages:

          Size/MD5:    39034 4df368ac302eb48b666e8324529fa056

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

          Size/MD5:   118968 17df05fc2764c33e4ba5615cf8962c2a
          Size/MD5:  3442878 b4a5d4fc2bcd737cf0b63d8d3a1ad4b1
          Size/MD5:  2914566 91c324fe56add73266c33cbf38bc4536

  i386 architecture (x86 compatible Intel/AMD)

          Size/MD5:   118966 7c3bf270fba86dee9af4830cf36f41c8
          Size/MD5:  3772104 b85545a9e2aa6b60165d4bd76c8057d3
          Size/MD5:  3222286 14d569c60f5ffcd329ff5d9069ede6d9

  powerpc architecture (Apple Macintosh G3/G4/G5)

          Size/MD5:   118974 a43b661831de4510c30f1c0b96bbfa66
          Size/MD5:  3469556 e27b2c49a649493bc9a93919475af667
          Size/MD5:  3043210 a4cca521e0eff186d3c19a6c96eba3ce

  sparc architecture (Sun SPARC/UltraSPARC)

          Size/MD5:   118978 c993d877a95c8e0a48d610b4883cf9e2
          Size/MD5:  3136598 57d6199ddad2e55bb5d7c0673c7ed5a2
          Size/MD5:  2857016 c79d6bac788a4c0fe262ada727b42c60

Ubuntu: Xine vulnerability USN-433-1

March 8, 2007
Moritz Jodeit discovered that the DMO loader of Xine did not correctly validate the size of an allocated buffer

Summary

Update Instructions

References

Severity
Ubuntu Security Notice USN-433-1 March 09, 2007

Package Information

Related News

23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved