LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: August 29th, 2014
Linux Security Week: August 25th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Ubuntu: xine-lib vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu A buffer overflow was discovered in the Real Media input plugin in xine-lib. If a user were tricked into loading a specially crafted stream from a malicious server, the attacker could execute arbitrary code with the user's privileges.
=========================================================== 
Ubuntu Security Notice USN-392-1          December 04, 2006
xine-lib vulnerability
CVE-2006-6172
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.10:
  libxine1c2                               1.0.1-1ubuntu10.7

Ubuntu 6.06 LTS:
  libxine-main1                            1.1.1+ubuntu2-7.5

Ubuntu 6.10:
  libxine1                                 1.1.2+repacked1-0ubuntu3.2

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

A buffer overflow was discovered in the Real Media input plugin in 
xine-lib.  If a user were tricked into loading a specially crafted 
stream from a malicious server, the attacker could execute arbitrary 
code with the user's privileges.


Updated packages for Ubuntu 5.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0.1-1ubuntu10.7.diff.gz
      Size/MD5:    11946 ea5e6e40994f219ea88ee46def12b536
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0.1-1ubuntu10.7.dsc
      Size/MD5:     1187 2a4db66f12bce54bfa453e49c4cec531
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0.1.orig.tar.gz
      Size/MD5:  7774954 9be804b337c6c3a2e202c5a7237cb0f8

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0.1-1ubuntu10.7_amd64.deb
      Size/MD5:   109216 0130ccfcc467dfd0bd25886db806c377
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1c2_1.0.1-1ubuntu10.7_amd64.deb
      Size/MD5:  3611828 233e2ab263ec680c67b794d0689d27ee

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0.1-1ubuntu10.7_i386.deb
      Size/MD5:   109210 f2a3fdf298acaa78b74bec58a7090d53
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1c2_1.0.1-1ubuntu10.7_i386.deb
      Size/MD5:  4005142 576a8b340ba09c9241a018ab46cf44e4

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0.1-1ubuntu10.7_powerpc.deb
      Size/MD5:   109230 2719c275e06f4215d7f1b36900ca6411
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1c2_1.0.1-1ubuntu10.7_powerpc.deb
      Size/MD5:  3850402 ff0041a720565876bce10d7a250c1469

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0.1-1ubuntu10.7_sparc.deb
      Size/MD5:   109224 b628e6801a7c0def40d01234a547b07e
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1c2_1.0.1-1ubuntu10.7_sparc.deb
      Size/MD5:  3695786 55a326fd10cc11aed4bdf090b4fdb3fb

Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.1.1+ubuntu2-7.5.diff.gz
      Size/MD5:    19624 bc3bcd25cd87d3acc5cc5b0d2491944c
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.1.1+ubuntu2-7.5.dsc
      Size/MD5:     1113 f5cf8751705551296683836d779341f1
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.1.1+ubuntu2.orig.tar.gz
      Size/MD5:  6099365 5d0f3988e4d95f6af6f3caf2130ee992

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.1+ubuntu2-7.5_amd64.deb
      Size/MD5:   115738 773156901500dd6cdc71738a04545704
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-main1_1.1.1+ubuntu2-7.5_amd64.deb
      Size/MD5:  2615152 023384da81522f625b2f774b9dc66ea8

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.1+ubuntu2-7.5_i386.deb
      Size/MD5:   115744 2690e4f3c56f99d984da7ca0d1bf684c
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-main1_1.1.1+ubuntu2-7.5_i386.deb
      Size/MD5:  2934258 1e93778bed32747a3b2cffe2b4d641b7

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.1+ubuntu2-7.5_powerpc.deb
      Size/MD5:   115746 8f9e092f5ef63abc10e23dc4b611f965
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-main1_1.1.1+ubuntu2-7.5_powerpc.deb
      Size/MD5:  2724898 f144069c4a0f87595b432c8911a1948a

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.1+ubuntu2-7.5_sparc.deb
      Size/MD5:   115746 c4c2748bc59648ebd54764339eb01801
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-main1_1.1.1+ubuntu2-7.5_sparc.deb
      Size/MD5:  2591670 6fb14b10541e18b84757888994abcfc4

Updated packages for Ubuntu 6.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.1.2+repacked1-0ubuntu3.2.diff.gz
      Size/MD5:    71320 7cd3d7f480eb049e33e6c98bd12dcf53
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.1.2+repacked1-0ubuntu3.2.dsc
      Size/MD5:     1445 cc9290432a85b3b4a4f189b264f71083
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.1.2+repacked1.orig.tar.gz
      Size/MD5:  4583422 9c05a6397838e4e2e9c419e898e4b930

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/universe/x/xine-lib/libxine-main1_1.1.2+repacked1-0ubuntu3.2_all.deb
      Size/MD5:    38946 8120c98e3303e118da3bcc72b17c3555

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.2+repacked1-0ubuntu3.2_amd64.deb
      Size/MD5:   118880 d255df065d3f0a4dfdb41fd052002c1b
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1-dbg_1.1.2+repacked1-0ubuntu3.2_amd64.deb
      Size/MD5:  3442784 3a397cd06f001294e87c8a643224e01d
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.1.2+repacked1-0ubuntu3.2_amd64.deb
      Size/MD5:  2914488 a214c7af8d360dfd2c198e6ae1213956

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.2+repacked1-0ubuntu3.2_i386.deb
      Size/MD5:   118874 c9314715a8361ffc0046e981abc49172
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1-dbg_1.1.2+repacked1-0ubuntu3.2_i386.deb
      Size/MD5:  3771764 7e3a534a4ea98ac065dec40376dcc520
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.1.2+repacked1-0ubuntu3.2_i386.deb
      Size/MD5:  3221924 b86497b00c1b4cbad1889aa102ffb779

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.2+repacked1-0ubuntu3.2_powerpc.deb
      Size/MD5:   118888 822c79d2879d62a3119dd5a37bda2df4
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1-dbg_1.1.2+repacked1-0ubuntu3.2_powerpc.deb
      Size/MD5:  3469392 65d938ff9c114b436f9bb2df81da2a9f
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.1.2+repacked1-0ubuntu3.2_powerpc.deb
      Size/MD5:  3043066 280e1c942fb7ee3a66117342f848bcb2

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.2+repacked1-0ubuntu3.2_sparc.deb
      Size/MD5:   118888 1b3224f90d39958a411b23c841d788bb
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1-dbg_1.1.2+repacked1-0ubuntu3.2_sparc.deb
      Size/MD5:  3136330 10a0a1e2261b098fc597c51307a596d9
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.1.2+repacked1-0ubuntu3.2_sparc.deb
      Size/MD5:  2856892 9ba9c8b97177549067dd73631c49430c

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Weekend Edition
How Cops and Hackers Could Abuse California’s New Phone Kill-Switch Law
Why Russian hackers are beating us
DQ Breach? HQ Says No, But Would it Know?
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.