Login
Newsletter
Werbung

Sicherheit: Pufferüberlauf in ffmpeg-xine-lib
Aktuelle Meldungen Distributionen
Name: Pufferüberlauf in ffmpeg-xine-lib
ID: USN-230-2
Distribution: Ubuntu
Plattformen: Ubuntu 4.10, Ubuntu 5.04, Ubuntu 5.10
Datum: Fr, 16. Dezember 2005, 13:56
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4048
Applikationen: Xine

Originalnachricht


--===============1401213845==
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature";
boundary="y0ulUmNC+osPPQO6"
Content-Disposition: inline


--y0ulUmNC+osPPQO6
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

===========================================================
Ubuntu Security Notice USN-230-2 December 16, 2005
xine-lib vulnerability
CVE-2005-4048
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)

The following packages are affected:

libxine1
libxine1c2

The problem can be corrected by upgrading the affected package to
version 1-rc5-1ubuntu2.4 (for Ubuntu 4.10), 1.0-1ubuntu3.6 (for Ubuntu
5.04), or 1.0.1-1ubuntu10.2 (for Ubuntu 5.10). In general, a standard
system upgrade is sufficient to effect the necessary changes.

Details follow:

USN-230-1 fixed a vulnerability in the ffmpeg library. The Xine
library contains a copy of the ffmpeg code, thus it is vulnerable to
the same flaw.

For reference, this is the original advisory:

Simon Kilvington discovered a buffer overflow in the
avcodec_default_get_buffer() function of the ffmpeg library. By
tricking an user into opening a malicious movie which contains
specially crafted PNG images, this could be exploited to execute
arbitrary code with the user's privileges.


Updated packages for Ubuntu 4.10:

Source archives:

xine-lib_1-rc5-1ubuntu2.4.dsc
Size/MD5: 950 0b0865913672df5c80783279f471bf66
xine-lib_1-rc5-1ubuntu2.4.diff.gz
Size/MD5: 222131 bf99e51c425cfdbac9b6c76e17504ed6

i386 architecture (x86 compatible Intel/AMD)

libxine-dev_1-rc5-1ubuntu2.4_i386.deb
Size/MD5: 101724 195cb67c660bc24a63991c3e69ec381e
libxine1_1-rc5-1ubuntu2.4_i386.deb
Size/MD5: 3729248 596d1f0437b94625ab38770f1086a03e

powerpc architecture (Apple Macintosh G3/G4/G5)

libxine1_1-rc5-1ubuntu2.4_powerpc.deb
Size/MD5: 3886766 1635110e5c74867f1657aacf8ff0e09a
libxine-dev_1-rc5-1ubuntu2.4_powerpc.deb
Size/MD5: 101728 e2960b0070421b8ef2be3f9ee40f6528

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

libxine1_1-rc5-1ubuntu2.4_amd64.deb
Size/MD5: 3543532 82f8b13cd4cf2fc51f6d90a64ad214b4
libxine-dev_1-rc5-1ubuntu2.4_amd64.deb
Size/MD5: 101722 0bb5d4a49d5f04f680dd1a38c5790191

Updated packages for Ubuntu 5.04:

Source archives:

xine-lib_1.0-1ubuntu3.6.diff.gz
Size/MD5: 4401 f6a606d82d9379f6bb6fdf4c0f9e4cb3
xine-lib_1.0-1ubuntu3.6.dsc
Size/MD5: 1070 1fae1b7df974523161bcc5e90bb47912
xine-lib_1.0.orig.tar.gz
Size/MD5: 7384258 96e5195c366064e7778af44c3e71f43a

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

libxine-dev_1.0-1ubuntu3.6_amd64.deb
Size/MD5: 106758 9ce395434edc4bbc07151e13cc018b93
libxine1_1.0-1ubuntu3.6_amd64.deb
Size/MD5: 3567328 45842025ea2de6efdcb07276a78f03ed

i386 architecture (x86 compatible Intel/AMD)

libxine-dev_1.0-1ubuntu3.6_i386.deb
Size/MD5: 106756 e3ed2f29ec5d37f37b238c5d43140bd9
libxine1_1.0-1ubuntu3.6_i386.deb
Size/MD5: 3750250 8df1800276d5e9ba8710c726d511e331

powerpc architecture (Apple Macintosh G3/G4/G5)

libxine-dev_1.0-1ubuntu3.6_powerpc.deb
Size/MD5: 106780 f3310108f59d253cc7c97a2ccdafce95
libxine1_1.0-1ubuntu3.6_powerpc.deb
Size/MD5: 3925408 4801437ecc43845c7096d03c0e8a110d

Updated packages for Ubuntu 5.10:

Source archives:

xine-lib_1.0.1-1ubuntu10.2.diff.gz
Size/MD5: 9220 fa3727a5c30b96fa30214b74901f9b37
xine-lib_1.0.1-1ubuntu10.2.dsc
Size/MD5: 1186 b12c0731582c9ac6016af90a6758b222
xine-lib_1.0.1.orig.tar.gz
Size/MD5: 7774954 9be804b337c6c3a2e202c5a7237cb0f8

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

libxine-dev_1.0.1-1ubuntu10.2_amd64.deb
Size/MD5: 108796 fe4af1d1d64655076434bac4bd4e6121
libxine1c2_1.0.1-1ubuntu10.2_amd64.deb
Size/MD5: 3610978 7fccf1da401ca96a9552b9ba54818919

i386 architecture (x86 compatible Intel/AMD)

libxine-dev_1.0.1-1ubuntu10.2_i386.deb
Size/MD5: 108800 c2ee1c0f1f316bc2aea565fcdf085088
libxine1c2_1.0.1-1ubuntu10.2_i386.deb
Size/MD5: 4003584 927c4619ca803b02b344d2b0f2fa7c80

powerpc architecture (Apple Macintosh G3/G4/G5)

libxine-dev_1.0.1-1ubuntu10.2_powerpc.deb
Size/MD5: 108814 8fc0d0ff3d7465e88158509aea0c6a89
libxine1c2_1.0.1-1ubuntu10.2_powerpc.deb
Size/MD5: 3849320 edbcca0353f5da1a2e76e6d2fba85d92

--y0ulUmNC+osPPQO6
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDoramDecnbV4Fd/IRArhWAJ4kX+ormJVjvaPVeI300LWpHTUiFACePrJn
jaTH4BUc/fktuNk4zfJ4J6Y=
=lROE
-----END PGP SIGNATURE-----

--y0ulUmNC+osPPQO6--


--===============1401213845==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
http://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============1401213845==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung