=========================================================== Ubuntu Security Notice USN-433-1 March 09, 2007 xine-lib vulnerability CVE-2007-1246 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.10 Ubuntu 6.06 LTS Ubuntu 6.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 5.10: libxine1c2 1.0.1-1ubuntu10.8 Ubuntu 6.06 LTS: libxine-main1 1.1.1+ubuntu2-7.6 Ubuntu 6.10: libxine1 1.1.2+repacked1-0ubuntu3.3 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Moritz Jodeit discovered that the DMO loader of Xine did not correctly validate the size of an allocated buffer. By tricking a user into opening a specially crafted media file, an attacker could execute arbitrary code with the user's privileges. Updated packages for Ubuntu 5.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0.1-1ubuntu10.8.diff.gz Size/MD5: 12146 b32c486037c9bd487f47677d77057aad http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0.1-1ubuntu10.8.dsc Size/MD5: 1187 e4c778b992408ec8e46e5500921545af http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0.1.orig.tar.gz Size/MD5: 7774954 9be804b337c6c3a2e202c5a7237cb0f8 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0.1-1ubuntu10.8_amd64.deb Size/MD5: 109296 92a59b50d859f12affc42fee457ed93f http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1c2_1.0.1-1ubuntu10.8_amd64.deb Size/MD5: 3611908 9e6f2c0dad7b1050a71d1f29d3537ec1 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0.1-1ubuntu10.8_i386.deb Size/MD5: 109306 3224a1a8c0c259b90add235d58d10a7a http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1c2_1.0.1-1ubuntu10.8_i386.deb Size/MD5: 4005002 81fd17d5eabfa12a3dea0d9c8fd79d7f powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0.1-1ubuntu10.8_powerpc.deb Size/MD5: 109320 eb1a5685b7288b8cc9ef6ae09d422aec http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1c2_1.0.1-1ubuntu10.8_powerpc.deb Size/MD5: 3850506 7801ba1b96b888c38b4e72f8fb4ccee1 sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0.1-1ubuntu10.8_sparc.deb Size/MD5: 109312 22805f01c94ced268bd12cf951447af4 http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1c2_1.0.1-1ubuntu10.8_sparc.deb Size/MD5: 3695682 e0fbc0aa0791685943a5094ea6519b2d Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.1.1+ubuntu2-7.6.diff.gz Size/MD5: 19845 149027147eff0f72e1d0af9faa0cd6cf http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.1.1+ubuntu2-7.6.dsc Size/MD5: 1113 6fdbc64e22ad7511a80cba1ea840b534 http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.1.1+ubuntu2.orig.tar.gz Size/MD5: 6099365 5d0f3988e4d95f6af6f3caf2130ee992 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.1+ubuntu2-7.6_amd64.deb Size/MD5: 115856 6146578aeeecdf61742b90dca3a97155 http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-main1_1.1.1+ubuntu2-7.6_amd64.deb Size/MD5: 2615268 a6cff8bccebfbe51d7b3a6916d9250b1 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.1+ubuntu2-7.6_i386.deb Size/MD5: 115852 6b404dc405aefcac89ec3eec339f25a0 http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-main1_1.1.1+ubuntu2-7.6_i386.deb Size/MD5: 2934402 ea3a45814952437ac9f792cf1e7586b3 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.1+ubuntu2-7.6_powerpc.deb Size/MD5: 115860 1484daaeb0459a88c1760a1330397e52 http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-main1_1.1.1+ubuntu2-7.6_powerpc.deb Size/MD5: 2724986 889c6b454382dd63cd89020c87faf547 sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.1+ubuntu2-7.6_sparc.deb Size/MD5: 115860 b43491e3060c813b3530664cca2acd30 http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-main1_1.1.1+ubuntu2-7.6_sparc.deb Size/MD5: 2591802 1e116a509bfd2b93588c48f665b78055 Updated packages for Ubuntu 6.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.1.2+repacked1-0ubuntu3.3.diff.gz Size/MD5: 71537 8eb0120c16f4a7fa6a104906b453f51a http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.1.2+repacked1-0ubuntu3.3.dsc Size/MD5: 1445 0a0fb0af663abf737e59cb67099e45ef http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.1.2+repacked1.orig.tar.gz Size/MD5: 4583422 9c05a6397838e4e2e9c419e898e4b930 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/universe/x/xine-lib/libxine-main1_1.1.2+repacked1-0ubuntu3.3_all.deb Size/MD5: 39034 4df368ac302eb48b666e8324529fa056 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.2+repacked1-0ubuntu3.3_amd64.deb Size/MD5: 118968 17df05fc2764c33e4ba5615cf8962c2a http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1-dbg_1.1.2+repacked1-0ubuntu3.3_amd64.deb Size/MD5: 3442878 b4a5d4fc2bcd737cf0b63d8d3a1ad4b1 http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.1.2+repacked1-0ubuntu3.3_amd64.deb Size/MD5: 2914566 91c324fe56add73266c33cbf38bc4536 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.2+repacked1-0ubuntu3.3_i386.deb Size/MD5: 118966 7c3bf270fba86dee9af4830cf36f41c8 http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1-dbg_1.1.2+repacked1-0ubuntu3.3_i386.deb Size/MD5: 3772104 b85545a9e2aa6b60165d4bd76c8057d3 http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.1.2+repacked1-0ubuntu3.3_i386.deb Size/MD5: 3222286 14d569c60f5ffcd329ff5d9069ede6d9 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.2+repacked1-0ubuntu3.3_powerpc.deb Size/MD5: 118974 a43b661831de4510c30f1c0b96bbfa66 http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1-dbg_1.1.2+repacked1-0ubuntu3.3_powerpc.deb Size/MD5: 3469556 e27b2c49a649493bc9a93919475af667 http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.1.2+repacked1-0ubuntu3.3_powerpc.deb Size/MD5: 3043210 a4cca521e0eff186d3c19a6c96eba3ce sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.2+repacked1-0ubuntu3.3_sparc.deb Size/MD5: 118978 c993d877a95c8e0a48d610b4883cf9e2 http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1-dbg_1.1.2+repacked1-0ubuntu3.3_sparc.deb Size/MD5: 3136598 57d6199ddad2e55bb5d7c0673c7ed5a2 http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.1.2+repacked1-0ubuntu3.3_sparc.deb Size/MD5: 2857016 c79d6bac788a4c0fe262ada727b42c60