LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: September 15th, 2014
Linux Security Week: September 8th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Ubuntu: GStreamer Good Plugins vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu It was discovered that Speex did not properly validate its input when processing Speex file headers. If a user or automated system were tricked into opening a specially crafted Speex file, an attacker could create a denial of service in applications linked against Speex or possibly execute arbitrary code as the user invoking the program.
=========================================================== 
Ubuntu Security Notice USN-611-3               May 08, 2008
gst-plugins-good0.10 vulnerability
CVE-2008-1686
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 7.04
Ubuntu 7.10
Ubuntu 8.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  gstreamer0.10-plugins-good      0.10.3-0ubuntu4.1

Ubuntu 7.04:
  gstreamer0.10-plugins-good      0.10.5-1ubuntu2.1

Ubuntu 7.10:
  gstreamer0.10-plugins-good      0.10.6-0ubuntu4.1

Ubuntu 8.04 LTS:
  gstreamer0.10-plugins-good      0.10.7-3ubuntu0.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

USN-611-1 fixed a vulnerability in Speex. This update provides the
corresponding update for GStreamer Good Plugins.

Original advisory details:

 It was discovered that Speex did not properly validate its input when
 processing Speex file headers. If a user or automated system were
 tricked into opening a specially crafted Speex file, an attacker could
 create a denial of service in applications linked against Speex or
 possibly execute arbitrary code as the user invoking the program.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gst-plugins-good0.10_0.10.3-0ubuntu4.1.diff.gz
      Size/MD5:    26587 c28ee0b276b139cd95e08219eae0dfdd
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gst-plugins-good0.10_0.10.3-0ubuntu4.1.dsc
      Size/MD5:     1463 45c1fd3b8ce3651c4abad741ef80f6c1
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gst-plugins-good0.10_0.10.3.orig.tar.gz
      Size/MD5:  1782808 bfac20228cf6e9317a371a5f36feb8ae

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-doc_0.10.3-0ubuntu4.1_all.deb
      Size/MD5:    75038 76c0d219af78c0581ddb03f6b6f16288

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.3-0ubuntu4.1_amd64.deb
      Size/MD5:    32904 258a2047bf718e6e2c4a8ed9156c7352
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.3-0ubuntu4.1_amd64.deb
      Size/MD5:  1670156 6a5b2fa48033860308edcb371f58f683
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.3-0ubuntu4.1_amd64.deb
      Size/MD5:   643072 0eebc1c15a8bf2b568aa946d91b76481

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.3-0ubuntu4.1_i386.deb
      Size/MD5:    32292 8196fe571b62164caf93daf94c5fd4f8
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.3-0ubuntu4.1_i386.deb
      Size/MD5:  1523910 634e36dba05f1713cb2faaf393045af2
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.3-0ubuntu4.1_i386.deb
      Size/MD5:   576984 bd0da0cc976240889a2f87f13cf92a62

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.3-0ubuntu4.1_powerpc.deb
      Size/MD5:    34552 8aae4fe1ead8f621db226cebf49e4356
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.3-0ubuntu4.1_powerpc.deb
      Size/MD5:  1705072 7e123a29b809facd93b51cbecaff0343
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.3-0ubuntu4.1_powerpc.deb
      Size/MD5:   699600 e99fbd684d1ae78030f328d32d20a8d8

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.3-0ubuntu4.1_sparc.deb
      Size/MD5:    32796 bff921c3ce7989d620a8459e45969421
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.3-0ubuntu4.1_sparc.deb
      Size/MD5:  1546334 a66846506ae701840f9b300d76c83168
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.3-0ubuntu4.1_sparc.deb
      Size/MD5:   618960 8a763568d01e8e8550142cc9f79d6938

Updated packages for Ubuntu 7.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gst-plugins-good0.10_0.10.5-1ubuntu2.1.diff.gz
      Size/MD5:    21340 f01a982544378a6c557c047bb77ab244
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gst-plugins-good0.10_0.10.5-1ubuntu2.1.dsc
      Size/MD5:     1633 fe155ca188fa0b07447acd299cfd5ac3
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gst-plugins-good0.10_0.10.5.orig.tar.gz
      Size/MD5:  2070821 c28c334037d73dd79efd7550fe3e6001

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-doc_0.10.5-1ubuntu2.1_all.deb
      Size/MD5:    95388 93f35bb9206ff4ea33950f221d08e0e0

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.5-1ubuntu2.1_amd64.deb
      Size/MD5:    38132 9c03502fddae3db99c0d782a51ea9bcf
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.5-1ubuntu2.1_amd64.deb
      Size/MD5:  1937856 82eecb005419b8eefae5d7daeaca83e9
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.5-1ubuntu2.1_amd64.deb
      Size/MD5:   725752 4ef7781a8cce07669fed638678e5edf2

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.5-1ubuntu2.1_i386.deb
      Size/MD5:    37906 b323df18724846d81da4f55afc65a4d2
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.5-1ubuntu2.1_i386.deb
      Size/MD5:  1837014 df4818adf02517cd50f483a0c8ac63f1
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.5-1ubuntu2.1_i386.deb
      Size/MD5:   676274 21e5abb6fa53b82ce49533ef41fd8b8c

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.5-1ubuntu2.1_powerpc.deb
      Size/MD5:    38886 3198a0d9789c6a2b31741477423a64c6
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.5-1ubuntu2.1_powerpc.deb
      Size/MD5:  1955710 4dbf717c9342620e141caf375115c6d9
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.5-1ubuntu2.1_powerpc.deb
      Size/MD5:   767834 b693df406bc38f521ef824829b117457

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.5-1ubuntu2.1_sparc.deb
      Size/MD5:    38102 296bccc5ee42f283fef5d8e69a56b7c3
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.5-1ubuntu2.1_sparc.deb
      Size/MD5:  1822102 c2b7fa56757d93940ce519338f5a9528
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.5-1ubuntu2.1_sparc.deb
      Size/MD5:   702034 26f832b931d99c939692da1d6c815832

Updated packages for Ubuntu 7.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gst-plugins-good0.10_0.10.6-0ubuntu4.1.diff.gz
      Size/MD5:    66980 83755cd8268384715d4e79c0dadad0c3
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gst-plugins-good0.10_0.10.6-0ubuntu4.1.dsc
      Size/MD5:     1735 0aec0c6b155f8abe72e53661aa085918
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gst-plugins-good0.10_0.10.6.orig.tar.gz
      Size/MD5:  2414361 8cae6351d3b5739104fbc9822eedff79

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-doc_0.10.6-0ubuntu4.1_all.deb
      Size/MD5:   108484 c32d287c32fe20320d72e85baad6cda7

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.6-0ubuntu4.1_amd64.deb
      Size/MD5:    41398 fbcd8aad68b3f09ad059d826dda71bf3
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.6-0ubuntu4.1_amd64.deb
      Size/MD5:  2275126 7db2247b64e5450eb6d621bb1e032441
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.6-0ubuntu4.1_amd64.deb
      Size/MD5:   887380 7218d3007ee4276c5ca1d6188d76587f

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.6-0ubuntu4.1_i386.deb
      Size/MD5:    41032 02fc3bb4a14c8e65ac352ca8603188e7
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.6-0ubuntu4.1_i386.deb
      Size/MD5:  2191236 5e63077c66c8c31e870a937fb4328e76
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.6-0ubuntu4.1_i386.deb
      Size/MD5:   831112 0edc092d8ade9d24f13a6f8a047c98ce

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.6-0ubuntu4.1_lpia.deb
      Size/MD5:    40858 e91f1b91cc525dcabe042ff44f630688
    http://ports.ubuntu.com/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.6-0ubuntu4.1_lpia.deb
      Size/MD5:  2280944 cf5e2e599f6ccfc620102e13944fddb9
    http://ports.ubuntu.com/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.6-0ubuntu4.1_lpia.deb
      Size/MD5:   814556 f09b29051e35370dd6d4bb700e571250

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.6-0ubuntu4.1_powerpc.deb
      Size/MD5:    42100 618d4e53fed3b843887f32193118b294
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.6-0ubuntu4.1_powerpc.deb
      Size/MD5:  2316016 1e34b945d00bc9071dbafceb4452e6e9
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.6-0ubuntu4.1_powerpc.deb
      Size/MD5:   940724 b3696538b218ab60d1a3c22fa54b3543

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.6-0ubuntu4.1_sparc.deb
      Size/MD5:    41290 9e057a7a98aab9756649a40cf26038c5
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.6-0ubuntu4.1_sparc.deb
      Size/MD5:  2158886 7f9ca30293540d08026cfd66ed1cc8a5
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.6-0ubuntu4.1_sparc.deb
      Size/MD5:   869388 85474c31b8d1f128f5077210023ec22b

Updated packages for Ubuntu 8.04 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gst-plugins-good0.10_0.10.7-3ubuntu0.1.diff.gz
      Size/MD5:    26063 f789d0115e0cc19453e3d096cb383c52
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gst-plugins-good0.10_0.10.7-3ubuntu0.1.dsc
      Size/MD5:     2069 4862dac7936f34756a2edab1cfe00e53
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gst-plugins-good0.10_0.10.7.orig.tar.gz
      Size/MD5:  2679804 2832ded1d6be0356d77689b6ca1b5f83

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-doc_0.10.7-3ubuntu0.1_all.deb
      Size/MD5:   149968 c265e6c51796688a384c8f1ef881f93d

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.7-3ubuntu0.1_amd64.deb
      Size/MD5:    44998 93620f1b2476459723abdcb840615d6a
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.7-3ubuntu0.1_amd64.deb
      Size/MD5:  2409630 cfd69cd30e697fdb8fbfeb5285f23989
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.7-3ubuntu0.1_amd64.deb
      Size/MD5:   932962 18d7dadedb46d3364e7cb362c2485017

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.7-3ubuntu0.1_i386.deb
      Size/MD5:    44684 9889cb9ea0330e0c6d2afbf37814881b
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.7-3ubuntu0.1_i386.deb
      Size/MD5:  2314338 8a73f849bf62c6619d37816918a7865c
    http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.7-3ubuntu0.1_i386.deb
      Size/MD5:   873074 846a215cad96a4a9c50b3a28f4451572

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.7-3ubuntu0.1_lpia.deb
      Size/MD5:    44500 84aa4a81f6266bd0eaaaca92231898ec
    http://ports.ubuntu.com/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.7-3ubuntu0.1_lpia.deb
      Size/MD5:  2344148 9c316ad9c0b5eb43387e121e3bd89fdf
    http://ports.ubuntu.com/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.7-3ubuntu0.1_lpia.deb
      Size/MD5:   859876 d4986caefbd02b780e5eb31ae1f9dc22

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.7-3ubuntu0.1_powerpc.deb
      Size/MD5:    45640 8de3e87763017b90424f0bf348c7b623
    http://ports.ubuntu.com/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.7-3ubuntu0.1_powerpc.deb
      Size/MD5:  2441410 f25046e5fe500ed03cfaa3cd683b2760
    http://ports.ubuntu.com/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.7-3ubuntu0.1_powerpc.deb
      Size/MD5:   991944 65b7cc2d20583221910e2cd4bdfab873

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.7-3ubuntu0.1_sparc.deb
      Size/MD5:    44714 5ab724f2993b9aee9e40145bb710cfe5
    http://ports.ubuntu.com/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.7-3ubuntu0.1_sparc.deb
      Size/MD5:  2280982 9bda887a2ac622b11a5a5bdb39a3f31d
    http://ports.ubuntu.com/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.7-3ubuntu0.1_sparc.deb
      Size/MD5:   904902 1d227c55e7cff2ffb678c65c1e9a09c0



--uMPAU7A2Er6+wvsD
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFII3hnW0JvuRdL8BoRAgP5AJ0YZgEa8Gwb7ZyNKL3ZZCx361V4MACgilsn
RCAoj+SSlPl8v3048PpZc70=/eso
-----END PGP SIGNATURE-----

--uMPAU7A2Er6+wvsD--


--==============73492965279107438=Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--==============73492965279107438==--
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Infosec geniuses hack a Canon PRINTER and install DOOM
How network virtualization is used as a security tool
Here's What Hackers Can Do With Your CRM Data
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.