drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Pufferüberlauf in ffmpeg-xine-lib
Name: |
Pufferüberlauf in ffmpeg-xine-lib |
|
ID: |
USN-230-2 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 4.10, Ubuntu 5.04, Ubuntu 5.10 |
|
Datum: |
Fr, 16. Dezember 2005, 13:56 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4048 |
|
Applikationen: |
Xine |
|
Originalnachricht |
--===============1401213845== Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="y0ulUmNC+osPPQO6" Content-Disposition: inline
--y0ulUmNC+osPPQO6 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline
=========================================================== Ubuntu Security Notice USN-230-2 December 16, 2005 xine-lib vulnerability CVE-2005-4048 ===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) Ubuntu 5.10 (Breezy Badger)
The following packages are affected:
libxine1 libxine1c2
The problem can be corrected by upgrading the affected package to version 1-rc5-1ubuntu2.4 (for Ubuntu 4.10), 1.0-1ubuntu3.6 (for Ubuntu 5.04), or 1.0.1-1ubuntu10.2 (for Ubuntu 5.10). In general, a standard system upgrade is sufficient to effect the necessary changes.
Details follow:
USN-230-1 fixed a vulnerability in the ffmpeg library. The Xine library contains a copy of the ffmpeg code, thus it is vulnerable to the same flaw.
For reference, this is the original advisory:
Simon Kilvington discovered a buffer overflow in the avcodec_default_get_buffer() function of the ffmpeg library. By tricking an user into opening a malicious movie which contains specially crafted PNG images, this could be exploited to execute arbitrary code with the user's privileges.
Updated packages for Ubuntu 4.10:
Source archives:
xine-lib_1-rc5-1ubuntu2.4.dsc Size/MD5: 950 0b0865913672df5c80783279f471bf66 xine-lib_1-rc5-1ubuntu2.4.diff.gz Size/MD5: 222131 bf99e51c425cfdbac9b6c76e17504ed6
i386 architecture (x86 compatible Intel/AMD)
libxine-dev_1-rc5-1ubuntu2.4_i386.deb Size/MD5: 101724 195cb67c660bc24a63991c3e69ec381e libxine1_1-rc5-1ubuntu2.4_i386.deb Size/MD5: 3729248 596d1f0437b94625ab38770f1086a03e
powerpc architecture (Apple Macintosh G3/G4/G5)
libxine1_1-rc5-1ubuntu2.4_powerpc.deb Size/MD5: 3886766 1635110e5c74867f1657aacf8ff0e09a libxine-dev_1-rc5-1ubuntu2.4_powerpc.deb Size/MD5: 101728 e2960b0070421b8ef2be3f9ee40f6528
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
libxine1_1-rc5-1ubuntu2.4_amd64.deb Size/MD5: 3543532 82f8b13cd4cf2fc51f6d90a64ad214b4 libxine-dev_1-rc5-1ubuntu2.4_amd64.deb Size/MD5: 101722 0bb5d4a49d5f04f680dd1a38c5790191
Updated packages for Ubuntu 5.04:
Source archives:
xine-lib_1.0-1ubuntu3.6.diff.gz Size/MD5: 4401 f6a606d82d9379f6bb6fdf4c0f9e4cb3 xine-lib_1.0-1ubuntu3.6.dsc Size/MD5: 1070 1fae1b7df974523161bcc5e90bb47912 xine-lib_1.0.orig.tar.gz Size/MD5: 7384258 96e5195c366064e7778af44c3e71f43a
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
libxine-dev_1.0-1ubuntu3.6_amd64.deb Size/MD5: 106758 9ce395434edc4bbc07151e13cc018b93 libxine1_1.0-1ubuntu3.6_amd64.deb Size/MD5: 3567328 45842025ea2de6efdcb07276a78f03ed
i386 architecture (x86 compatible Intel/AMD)
libxine-dev_1.0-1ubuntu3.6_i386.deb Size/MD5: 106756 e3ed2f29ec5d37f37b238c5d43140bd9 libxine1_1.0-1ubuntu3.6_i386.deb Size/MD5: 3750250 8df1800276d5e9ba8710c726d511e331
powerpc architecture (Apple Macintosh G3/G4/G5)
libxine-dev_1.0-1ubuntu3.6_powerpc.deb Size/MD5: 106780 f3310108f59d253cc7c97a2ccdafce95 libxine1_1.0-1ubuntu3.6_powerpc.deb Size/MD5: 3925408 4801437ecc43845c7096d03c0e8a110d
Updated packages for Ubuntu 5.10:
Source archives:
xine-lib_1.0.1-1ubuntu10.2.diff.gz Size/MD5: 9220 fa3727a5c30b96fa30214b74901f9b37 xine-lib_1.0.1-1ubuntu10.2.dsc Size/MD5: 1186 b12c0731582c9ac6016af90a6758b222 xine-lib_1.0.1.orig.tar.gz Size/MD5: 7774954 9be804b337c6c3a2e202c5a7237cb0f8
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
libxine-dev_1.0.1-1ubuntu10.2_amd64.deb Size/MD5: 108796 fe4af1d1d64655076434bac4bd4e6121 libxine1c2_1.0.1-1ubuntu10.2_amd64.deb Size/MD5: 3610978 7fccf1da401ca96a9552b9ba54818919
i386 architecture (x86 compatible Intel/AMD)
libxine-dev_1.0.1-1ubuntu10.2_i386.deb Size/MD5: 108800 c2ee1c0f1f316bc2aea565fcdf085088 libxine1c2_1.0.1-1ubuntu10.2_i386.deb Size/MD5: 4003584 927c4619ca803b02b344d2b0f2fa7c80
powerpc architecture (Apple Macintosh G3/G4/G5)
libxine-dev_1.0.1-1ubuntu10.2_powerpc.deb Size/MD5: 108814 8fc0d0ff3d7465e88158509aea0c6a89 libxine1c2_1.0.1-1ubuntu10.2_powerpc.deb Size/MD5: 3849320 edbcca0353f5da1a2e76e6d2fba85d92
--y0ulUmNC+osPPQO6 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFDoramDecnbV4Fd/IRArhWAJ4kX+ormJVjvaPVeI300LWpHTUiFACePrJn jaTH4BUc/fktuNk4zfJ4J6Y= =lROE -----END PGP SIGNATURE-----
--y0ulUmNC+osPPQO6--
--===============1401213845== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com http://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============1401213845==--
|
|
|
|