=========================================================== Ubuntu Security Notice USN-392-1 December 04, 2006 xine-lib vulnerability CVE-2006-6172 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.10 Ubuntu 6.06 LTS Ubuntu 6.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 5.10: libxine1c2 1.0.1-1ubuntu10.7 Ubuntu 6.06 LTS: libxine-main1 1.1.1+ubuntu2-7.5 Ubuntu 6.10: libxine1 1.1.2+repacked1-0ubuntu3.2 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: A buffer overflow was discovered in the Real Media input plugin in xine-lib. If a user were tricked into loading a specially crafted stream from a malicious server, the attacker could execute arbitrary code with the user's privileges. Updated packages for Ubuntu 5.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0.1-1ubuntu10.7.diff.gz Size/MD5: 11946 ea5e6e40994f219ea88ee46def12b536 http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0.1-1ubuntu10.7.dsc Size/MD5: 1187 2a4db66f12bce54bfa453e49c4cec531 http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0.1.orig.tar.gz Size/MD5: 7774954 9be804b337c6c3a2e202c5a7237cb0f8 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0.1-1ubuntu10.7_amd64.deb Size/MD5: 109216 0130ccfcc467dfd0bd25886db806c377 http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1c2_1.0.1-1ubuntu10.7_amd64.deb Size/MD5: 3611828 233e2ab263ec680c67b794d0689d27ee i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0.1-1ubuntu10.7_i386.deb Size/MD5: 109210 f2a3fdf298acaa78b74bec58a7090d53 http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1c2_1.0.1-1ubuntu10.7_i386.deb Size/MD5: 4005142 576a8b340ba09c9241a018ab46cf44e4 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0.1-1ubuntu10.7_powerpc.deb Size/MD5: 109230 2719c275e06f4215d7f1b36900ca6411 http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1c2_1.0.1-1ubuntu10.7_powerpc.deb Size/MD5: 3850402 ff0041a720565876bce10d7a250c1469 sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0.1-1ubuntu10.7_sparc.deb Size/MD5: 109224 b628e6801a7c0def40d01234a547b07e http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1c2_1.0.1-1ubuntu10.7_sparc.deb Size/MD5: 3695786 55a326fd10cc11aed4bdf090b4fdb3fb Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.1.1+ubuntu2-7.5.diff.gz Size/MD5: 19624 bc3bcd25cd87d3acc5cc5b0d2491944c http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.1.1+ubuntu2-7.5.dsc Size/MD5: 1113 f5cf8751705551296683836d779341f1 http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.1.1+ubuntu2.orig.tar.gz Size/MD5: 6099365 5d0f3988e4d95f6af6f3caf2130ee992 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.1+ubuntu2-7.5_amd64.deb Size/MD5: 115738 773156901500dd6cdc71738a04545704 http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-main1_1.1.1+ubuntu2-7.5_amd64.deb Size/MD5: 2615152 023384da81522f625b2f774b9dc66ea8 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.1+ubuntu2-7.5_i386.deb Size/MD5: 115744 2690e4f3c56f99d984da7ca0d1bf684c http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-main1_1.1.1+ubuntu2-7.5_i386.deb Size/MD5: 2934258 1e93778bed32747a3b2cffe2b4d641b7 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.1+ubuntu2-7.5_powerpc.deb Size/MD5: 115746 8f9e092f5ef63abc10e23dc4b611f965 http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-main1_1.1.1+ubuntu2-7.5_powerpc.deb Size/MD5: 2724898 f144069c4a0f87595b432c8911a1948a sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.1+ubuntu2-7.5_sparc.deb Size/MD5: 115746 c4c2748bc59648ebd54764339eb01801 http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-main1_1.1.1+ubuntu2-7.5_sparc.deb Size/MD5: 2591670 6fb14b10541e18b84757888994abcfc4 Updated packages for Ubuntu 6.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.1.2+repacked1-0ubuntu3.2.diff.gz Size/MD5: 71320 7cd3d7f480eb049e33e6c98bd12dcf53 http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.1.2+repacked1-0ubuntu3.2.dsc Size/MD5: 1445 cc9290432a85b3b4a4f189b264f71083 http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.1.2+repacked1.orig.tar.gz Size/MD5: 4583422 9c05a6397838e4e2e9c419e898e4b930 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/universe/x/xine-lib/libxine-main1_1.1.2+repacked1-0ubuntu3.2_all.deb Size/MD5: 38946 8120c98e3303e118da3bcc72b17c3555 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.2+repacked1-0ubuntu3.2_amd64.deb Size/MD5: 118880 d255df065d3f0a4dfdb41fd052002c1b http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1-dbg_1.1.2+repacked1-0ubuntu3.2_amd64.deb Size/MD5: 3442784 3a397cd06f001294e87c8a643224e01d http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.1.2+repacked1-0ubuntu3.2_amd64.deb Size/MD5: 2914488 a214c7af8d360dfd2c198e6ae1213956 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.2+repacked1-0ubuntu3.2_i386.deb Size/MD5: 118874 c9314715a8361ffc0046e981abc49172 http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1-dbg_1.1.2+repacked1-0ubuntu3.2_i386.deb Size/MD5: 3771764 7e3a534a4ea98ac065dec40376dcc520 http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.1.2+repacked1-0ubuntu3.2_i386.deb Size/MD5: 3221924 b86497b00c1b4cbad1889aa102ffb779 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.2+repacked1-0ubuntu3.2_powerpc.deb Size/MD5: 118888 822c79d2879d62a3119dd5a37bda2df4 http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1-dbg_1.1.2+repacked1-0ubuntu3.2_powerpc.deb Size/MD5: 3469392 65d938ff9c114b436f9bb2df81da2a9f http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.1.2+repacked1-0ubuntu3.2_powerpc.deb Size/MD5: 3043066 280e1c942fb7ee3a66117342f848bcb2 sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.2+repacked1-0ubuntu3.2_sparc.deb Size/MD5: 118888 1b3224f90d39958a411b23c841d788bb http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1-dbg_1.1.2+repacked1-0ubuntu3.2_sparc.deb Size/MD5: 3136330 10a0a1e2261b098fc597c51307a596d9 http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.1.2+repacked1-0ubuntu3.2_sparc.deb Size/MD5: 2856892 9ba9c8b97177549067dd73631c49430c