Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Security Week: October 27th, 2014
Linux Advisory Watch: October 24th, 2014
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Ubuntu: GStreamer Base Plugins vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu It was discovered that the Base64 decoding functions in GStreamer Base Plugins did not properly handle large images in Vorbis file tags. If a user were tricked into opening a specially crafted Vorbis file, an attacker could possibly execute arbitrary code with user privileges.
Ubuntu Security Notice USN-735-1             March 16, 2009
gst-plugins-base0.10 vulnerability

A security issue affects the following Ubuntu releases:

Ubuntu 8.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.10:
  gstreamer0.10-plugins-base      0.10.21-3ubuntu0.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

It was discovered that the Base64 decoding functions in GStreamer Base
Plugins did not properly handle large images in Vorbis file tags. If a user
were tricked into opening a specially crafted Vorbis file, an attacker
could possibly execute arbitrary code with user privileges.

Updated packages for Ubuntu 8.10:

  Source archives:
      Size/MD5:    32114 087761c1ddba86cacb5d3d13890e39c4
      Size/MD5:     2446 776e939b1f7f685f31bfb213ab498f50
      Size/MD5:  2845594 69caf16640ebf2477a9197f62a5d6ee2

  Architecture independent packages:
      Size/MD5:   354980 9f5ca61fa4e5875203752f666c1a9827

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:    39630 8de3196ec056dcdc304872a5b6d7a89d
      Size/MD5:    17504 320de292fea8251b2508a2101fe102ff
      Size/MD5:    45050 a9b8dc4cc2f7e6d96e195f05913c40c5
      Size/MD5:  2116530 fc2d7445d6f477ffcf82df58c1e13c49
      Size/MD5:   574980 0561f45b70f0602a27bdca91ee9c9737
      Size/MD5:    75554 b2018f9fb343d0e7c3a63825cfdc218b
      Size/MD5:   296128 abb2d077b1ce2791accefd67f4379f52
      Size/MD5:    57920 29e9dd111a8611f66ed8d0c4dbbdd451

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:    35866 98179f92f2c8e9a189e030d5ebae0c2d
      Size/MD5:    15956 d58d756ffd81a82417ffe8ff1a99360d
      Size/MD5:    45084 729ece20541d14597c65bacb4992a8af
      Size/MD5:  2012246 ff9d76f152ddaf49077c064fa3a5cf96
      Size/MD5:   545282 5306637b57c284b7b100b5e376433313
      Size/MD5:    69244 5b3f1c7b3d22d5c228d9b515462d8fa0
      Size/MD5:   275338 da20ab3e25212ec17dee4a0f7a56298a
      Size/MD5:    58476 009ba58fc2cba5aa68778c2bdf30fec0

  lpia architecture (Low Power Intel Architecture):
      Size/MD5:    36370 b9d55f4942addff7a22aa7cc9ad9f5fa
      Size/MD5:    15970 5e4c4bd01da1f5d549b42cceb7c504dd
      Size/MD5:    45046 31f74e0feedf06865a15beace52aea87
      Size/MD5:  2050002 4dd4f9600ac6f4b56a1a50e685e11d6d
      Size/MD5:   544594 a60cdc88e5042f36e8f06b9a36b63d60
      Size/MD5:    68992 997db137876106dae7d1cea34e6cd57a
      Size/MD5:   271472 0cca60030f41472a54160131ee0e71e2
      Size/MD5:    57908 971d4cd4a75f4d9f8146839d33d62597

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5:    39192 1cebf894b76f7c3f37146c0a89db04e0
      Size/MD5:    17736 cd7c22d8bdae65437d7cab295883d3ce
      Size/MD5:    45046 ff9df1bc6dadfe233d556662baf308c1
      Size/MD5:  2141690 20bd1d66bd6cd4c3882c96df44706e03
      Size/MD5:   619900 ac50db0473223cee0fdb75fb2cff68f4
      Size/MD5:    74564 9cad9303ed1f992e419caf79ae9b83bb
      Size/MD5:   307694 b438c6a7d6eeda92689e69a061b19ec4
      Size/MD5:    57922 6946d3b3c1ecbe2fa40f65d46b8c2384

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5:    36182 0986c414db36aff71c2c608041473086
      Size/MD5:    16170 0b297a7d77455479587e1ac852e7510d
      Size/MD5:    45050 8d1a9a7f2b6d40bb3f4f5b0a6c466681
      Size/MD5:  1940702 96c0b54bb0a3f4f36db68753aad6b468
      Size/MD5:   554774 94e88aa061a26a67d4fb2ccc447904f5
      Size/MD5:    69512 99a67191cd9488ff4bd7b84420ffa414
      Size/MD5:   289030 b1302ea1e9660c9301a0baea78bbc371
      Size/MD5:    57934 4d709ac874b48de220ae56c9f0dd4bd4

< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Hackers Are Using Gmail Drafts to Update Their Malware and Steal Data
Hackers target unclassified White House network
BYOD: Why the biggest security worry is the fool within rather than the enemy without
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.