=========================================================== 
Ubuntu Security Notice USN-445-1             March 27, 2007
xmms vulnerabilities
CVE-2007-0653, CVE-2007-0654
==========================================================
A security issue affects the following Ubuntu releases:

Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.10:
  xmms                                     1.2.10+cvs20050209-2ubuntu2.1

Ubuntu 6.06 LTS:
  xmms                                     1.2.10+cvs20050809-4ubuntu5.1

Ubuntu 6.10:
  xmms                                     1.2.10+cvs20060429-1ubuntu2.1

After a standard system upgrade you need to restart XMMS or reboot your 
computer to effect the necessary changes.

Details follow:

Sven Krewitt of Secunia Research discovered that XMMS did not correctly 
handle BMP images when loading GUI skins.  If a user were tricked into 
loading a specially crafted skin, a remote attacker could execute 
arbitrary code with user privileges.


Updated packages for Ubuntu 5.10:

  Source archives:

          Size/MD5:   333129 72ef83d4f52b41558ed91841ddb3b981
          Size/MD5:     1045 8b3d745ea4c9fc0e1db52d015c5613c3
          Size/MD5:  2796215 ec03ce185b2fd255d58ef5d2267024eb

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

          Size/MD5:    38878 02123da5ed2da81adcaf8b3dd1380506
          Size/MD5:  1095122 5dd89b588b95cc209fb044390efe5289

  i386 architecture (x86 compatible Intel/AMD)

          Size/MD5:    32860 b49614977d707df3753028dbac5e7d27
          Size/MD5:  1001796 d8a97ce8caae0d71701a4b884e5970bb

  powerpc architecture (Apple Macintosh G3/G4/G5)

          Size/MD5:    38072 0db4136bbeaa8a3ff7f387a2f6320c07
          Size/MD5:  1133132 93cf5da1ff18a848d854029ad9ec2696

  sparc architecture (Sun SPARC/UltraSPARC)

          Size/MD5:    34968 140189e295996eee72023777d137066f
          Size/MD5:  1062062 d1775f3f095dc03a37ab9ded4b768c6f

Updated packages for Ubuntu 6.06 LTS:

  Source archives:

          Size/MD5:   191006 337e790c81d113b8385da0d649123f0e
          Size/MD5:      980 a3934c8b60f5810560c2073026f2172e
          Size/MD5:  2798937 f60b948a5394a69b04195c22c9c75a89

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

          Size/MD5:    38904 de7338cb9e157756a1475f16d1de3d3f
          Size/MD5:  1158938 4f0d080b8aa8732f674a2cfe6c97b1d2

  i386 architecture (x86 compatible Intel/AMD)

          Size/MD5:    32946 16d93ac5daa9da11d4f7dc80dcaea4e9
          Size/MD5:  1052896 aad130a721051fc69c8a9a6643832019

  powerpc architecture (Apple Macintosh G3/G4/G5)

          Size/MD5:    38012 99027515643537182a3e8910945b960b
          Size/MD5:  1193394 521f3148224f6f96643faf5ab7d96506

  sparc architecture (Sun SPARC/UltraSPARC)

          Size/MD5:    35108 8cc7b915ee91b2020d144e3358052d50
          Size/MD5:  1127786 3ec068038288108506ee3767cd41cd59

Updated packages for Ubuntu 6.10:

  Source archives:

          Size/MD5:   194003 36a8a27753ac35ce35d76697a272855b
          Size/MD5:      992 d97a5a09fc238c29c59b8b233644df99
          Size/MD5:  6124267 15710911fae50a8a986b10be07c1951f

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

          Size/MD5:    39202 848a0574bed3305350e4d71f4f11857d
          Size/MD5:  1219410 50ab3c73a23647f57a3b6748c4c2c1b0

  i386 architecture (x86 compatible Intel/AMD)

          Size/MD5:    33784 1e15c6b47b7287153bd7dd729c165613
          Size/MD5:  1110970 321668eae4d53449f1269116540bc7ca

  powerpc architecture (Apple Macintosh G3/G4/G5)

          Size/MD5:    38034 9a1bbb7aaa9b23337d0bc093ae461ef6
          Size/MD5:  1322454 e124ffd6707b35afb141573b638aaaa4

  sparc architecture (Sun SPARC/UltraSPARC)

          Size/MD5:    35460 72bef6d6e03c9009043badb9db627101
          Size/MD5:  1191882 491d7e1c78a200d57e7d51cc2b51a0ed

Ubuntu: XMMS vulnerabilities

March 27, 2007
Sven Krewitt of Secunia Research discovered that XMMS did not correctly handle BMP images when loading GUI skins

Summary

Update Instructions

References

Severity
Ubuntu Security Notice USN-445-1 March 27, 2007

Package Information

Related News

4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved