=========================================================== Ubuntu Security Notice USN-123-1 May 06, 2005 xine-lib vulnerabilities CAN-2005-1195 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) The following packages are affected: libxine1 The problem can be corrected by upgrading the affected package to version 1-rc5-1ubuntu2.2 (for Ubuntu 4.10) and 1.0-1ubuntu3.1 (for Ubuntu 5.04). In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Two buffer overflows have been discovered in the MMS and Real RTSP stream handlers of the Xine library. By tricking a user to connect to a malicious MMS or RTSP video/audio stream source with an application that uses this library, an attacker could crash the client and possibly even execute arbitrary code with the privileges of the player application. Updated packages for Ubuntu 4.10 (Warty Warthog): Source archives: http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1-rc5-1ubuntu2.2.diff.gz Size/MD5: 220602 e22a91dd6602a778a456ac4e75d14a67 http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1-rc5-1ubuntu2.2.dsc Size/MD5: 950 484c40b9a1e254d52f8c2078566cc1c1 http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1-rc5.orig.tar.gz Size/MD5: 7052663 703c3e68d60524598d4d9e527fe38286 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1-rc5-1ubuntu2.2_amd64.deb Size/MD5: 101412 224c971e640f01ca72dc2dac17e15916 http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1-rc5-1ubuntu2.2_amd64.deb Size/MD5: 3543166 8d2ca25c0e9d364d5a2e4dedf63fba0c i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1-rc5-1ubuntu2.2_i386.deb Size/MD5: 101406 0cf03b13b797703d594f68d7636138de http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1-rc5-1ubuntu2.2_i386.deb Size/MD5: 3728804 27dc0b4c3fccefd1f03caa42e4dc6266 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1-rc5-1ubuntu2.2_powerpc.deb Size/MD5: 101412 931d76d961bc60ce74514348524958e5 http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1-rc5-1ubuntu2.2_powerpc.deb Size/MD5: 3886674 b70a0603c57ad8b2ac977bdea6f9ff9f Updated packages for Ubuntu 5.04 (Hoary Hedgehog): Source archives: http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0-1ubuntu3.1.diff.gz Size/MD5: 2763 a949659041b75d077a5605c5496bfd80 http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0-1ubuntu3.1.dsc Size/MD5: 1070 dffb73537640298a5ba352f4c15f30b4 http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0.orig.tar.gz Size/MD5: 7384258 96e5195c366064e7778af44c3e71f43a amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0-1ubuntu3.1_amd64.deb Size/MD5: 106364 9ed4670b90056b5983ebe4f4bec06521 http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.0-1ubuntu3.1_amd64.deb Size/MD5: 3566834 f79dfbbf98c7964f23a6f3e2c71a61c3 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0-1ubuntu3.1_i386.deb Size/MD5: 106362 6cdbdc86a2dbe46bfba98e34078ef29d http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.0-1ubuntu3.1_i386.deb Size/MD5: 3749688 f0c5bc4161e13a973b39a86138cffa5d powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0-1ubuntu3.1_powerpc.deb Size/MD5: 106360 0d202d05bcd13bebe3518d5c61216b02 http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.0-1ubuntu3.1_powerpc.deb Size/MD5: 3924810 86ec380434aaab8bbd6f34c101f25a83