Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Security Week: March 30th, 2015
Linux Advisory Watch: March 27th, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Ubuntu: xine-lib vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu It was discovered that the 4xm demuxer in xine-lib did not correctly handle a large current_track value in a 4xm file, resulting in an integer overflow. If a user or automated system were tricked into opening a specially crafted 4xm movie file, an attacker could crash xine-lib or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-0698)
Ubuntu Security Notice USN-746-1             March 26, 2009
xine-lib vulnerability

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 7.10
Ubuntu 8.04 LTS
Ubuntu 8.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  libxine-main1                   1.1.1+ubuntu2-7.11

Ubuntu 7.10:
  libxine1                        1.1.7-1ubuntu1.5

Ubuntu 8.04 LTS:

Ubuntu 8.10:
  libxine1                        1.1.15-0ubuntu3.2

After a standard system upgrade you need to restart applications linked
against xine-lib, such as Totem-xine and Amarok, to effect the necessary

Details follow:

It was discovered that the 4xm demuxer in xine-lib did not correctly handle
a large current_track value in a 4xm file, resulting in an integer
overflow. If a user or automated system were tricked into opening a
specially crafted 4xm movie file, an attacker could crash xine-lib or
possibly execute arbitrary code with the privileges of the user invoking
the program. (CVE-2009-0698)

USN-710-1 provided updated xine-lib packages to fix multiple security
vulnerabilities. The security patch to fix CVE-2008-5239 introduced a
regression causing some media files to be unplayable. This update corrects
the problem. We apologize for the inconvenience.

Original advisory details:
 It was discovered that the input handlers in xine-lib did not correctly
 handle certain error codes, resulting in out-of-bounds reads and heap-
 based buffer overflows. If a user or automated system were tricked into
 opening a specially crafted file, stream, or URL, an attacker could
 execute arbitrary code as the user invoking the program. (CVE-2008-5239)

Updated packages for Ubuntu 6.06 LTS:

  Source archives:
      Size/MD5:    34559 dbe32654025898cc0f6f4ac588ab537a
      Size/MD5:     1123 b771b610f5db52ed2951d9fed6145c87
      Size/MD5:  6099365 5d0f3988e4d95f6af6f3caf2130ee992

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:   117770 c6511352efac6c5d85abb47983d19f15
      Size/MD5:  2618312 6b1158e147c7df48710c7a9e216fb633

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:   117772 e27010b5942e998d059756350c276a78
      Size/MD5:  2938064 c0459d5720863887c7eba00487ef5a14

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5:   117774 e1289584caeb902d6255734658b0629b
      Size/MD5:  2730688 516d2466cca9ab6b6c841135192fefd7

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5:   117778 f3a74e478c8cd1e9b4da1374f02eb4aa
      Size/MD5:  2596250 3951ce40a8f1e014cbfecbed64e1f736

Updated packages for Ubuntu 7.10:

  Source archives:
      Size/MD5:   116473 76a22e2f161b71bb96726e9e5b1a7870
      Size/MD5:     1700 da8358896f87eb1500d7b567a099d927
      Size/MD5:  8868650 a613a3adf44b5098e04842250dbd2251

  Architecture independent packages:
      Size/MD5:   322540 61ebba17321896523fb7fcc5509cabf9
      Size/MD5:   127666 c47491b5793c30e27f1649be63675168
      Size/MD5:    46428 68fe26f193995c03c7d7186a0fdcf0ba

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:  3142538 da1847ec381a8cb0fa53cd5093c64dbd
      Size/MD5:  2384664 75df99094cbd4d3590a8230e5673eab0
      Size/MD5:    80116 da2da2dd8b6fdf5caa9dd1e8d047011f
      Size/MD5:   446082 47a90b2ac690f4c896ec666d707129a3
      Size/MD5:    61054 178a718da5107101ecaf4f7ec12b3445

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:  3273432 01ffee18c9c4f7e5a3588b8b33fce427
      Size/MD5:  2493824 a2d09d512c50b9784a725d7ca5af6549
      Size/MD5:    81022 af8b98207ce4a59987d3ff4f1be5b672
      Size/MD5:   450762 c58f4385d2005337d9cc631d851f8dd8
      Size/MD5:    60476 c22a7d81254f7cb11009af9dbb50dc3d

  lpia architecture (Low Power Intel Architecture):
      Size/MD5:  3052564 9700ee1ec330f5ad8d384086712d5824
      Size/MD5:  2366358 3ba2d56d4c61c33acf40c38133dc1e0b
      Size/MD5:    80180 ddf69118956cd39630b78cd5cbb1a842
      Size/MD5:   445920 ffb389559737f15b5fec40729cda94e9
      Size/MD5:    60398 b843951306e25c5c33281d0dbb15af8f

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5:  3190102 591f97a5186dddc09544c0241eafa304
      Size/MD5:  2586380 6b3946acced77c0ae1dd6cdb89aad5b3
      Size/MD5:    84816 a8a545f112c8126c280154b54b855585
      Size/MD5:   479026 2f87238ef7f045fa03dacd70fa66ec87
      Size/MD5:    67008 0ee12c43f099703ef0f873f9d55281a9

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5:  2862934 549fc2873807950082ba6ff4b559ae9f
      Size/MD5:  2354832 fdf025670a586f4100b8abe161a654c7
      Size/MD5:    76060 855ba5dc4c27b232f7b76ae2545da9e0
      Size/MD5:   454592 d75bcdc70d9ebba2ec53375dbd1a2b13
      Size/MD5:    60580 e117a141a6ab28a801706699ccab1ca0

Updated packages for Ubuntu 8.04 LTS:

  Source archives:
      Size/MD5:   125126 bd7c94ea71a97240939bc78d8f0e9319
      Size/MD5:     1876 6c6378a17bd9fe8fb6ad7c51c86d5292
      Size/MD5:  9056527 08f6d8ed03d98ec43a5ee1386ce83a00

  Architecture independent packages:
      Size/MD5:   143372 c01ce212a82e3ec8f8611dabb1861496
      Size/MD5:    53558 880a7007744d39108f1f8d2e4e81c994
      Size/MD5:    53544 911093200158392aa99bf4ac83c7ef09

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:   328502 6774de8ec6489325d504fbec6fbcebc9
      Size/MD5:  1221600 d5d6c5fb1856828e9c040c0468062b07
      Size/MD5:    58116 51670c77b101ce7e56105e18006ed847
      Size/MD5:  3965554 0ca486123e227698879533c0bbb954a7
      Size/MD5:   940490 8fb260801737f409e0b456d854939fa9
      Size/MD5:   207560 6b790034bc4a473f5b79127d31aecf37
      Size/MD5:     1316 54727269b576f237e9f21df753ec4f7a
      Size/MD5:   393632 72e13f9d4b81372999da2c6b7ee8fa90
      Size/MD5:    15318 3d74500f8df4e7b667f1de98a8e35be9

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:   328494 f5562c252cffe7db5df432a2267d751b
      Size/MD5:  1329542 be57f2be04364645585020c0c0d5940f
      Size/MD5:    58108 7f96c26d68a69d20c0d871ba5e6c8f20
      Size/MD5:  4053648 39b64f13d53bc7c3a4cf9dd3d5769629
      Size/MD5:   928014 d02535d5dfbd8af990f6fffa95ef49a6
      Size/MD5:   203452 5dd6f64287ba55f7362611c6437c58f8
      Size/MD5:     1314 eb6656f3cc277324882bd6b2b29125d6
      Size/MD5:   396772 ca74bd0ff8f764b409d1ca565855405a
      Size/MD5:    14780 0c0ba0feb08c0211824b8b21c6239db4

  lpia architecture (Low Power Intel Architecture):
      Size/MD5:   328498 3b3d94d43d1666d0eda290021443e239
      Size/MD5:  1215724 94e35832f522f57360d7d3b2521382d9
      Size/MD5:    58346 c4e2edbf7af08c486b8e3ab5c85f0ef1
      Size/MD5:  3797382 05809802c6ef01bcfc8a0b2b4b526fef
      Size/MD5:   927858 99976bdb5c721e1db30c00d5f638cded
      Size/MD5:   203654 50cbdedb3f37a892b6d6e3fa15b845ad
      Size/MD5:     1314 e10a8ac010b09c546d4599c3739b840a
      Size/MD5:   396640 2351d1bf1c8bc349404d7654bfb5af08
      Size/MD5:    14802 0820d8fe283f5fb3d002bc03f25a26ab

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5:   328526 701e3c9bda2a8511a72422a5d67a9eec
      Size/MD5:  1228584 a5d0be6a6daa981817fff7f953ca3400
      Size/MD5:    61308 036d2ed42cc318b2ca9783532e910d62
      Size/MD5:  3988586 a79a019dc5c99c8a38a8b672b82f0f68
      Size/MD5:  1125726 bf1e52f9cd1e39bd44558ad5fdca28d1
      Size/MD5:   218370 032a3c8558a06000a755fda6848498a5
      Size/MD5:     1316 b647dc4877541e48fa3455b8983f0f99
      Size/MD5:   426242 699ed4ea6638829ccba0297dea326d8f
      Size/MD5:    21552 154a989dece7a91b7e7efc1f3f4b7d73

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5:   328498 5025918783dc4e059fba4764b8643f27
      Size/MD5:  1212492 05cba7a0249ae194aa1833cffdf2602c
      Size/MD5:    48608 995b1e8b78d44abdb92b519a97679eaa
      Size/MD5:  3597270 61a8de92df46db3688253ea91637f29a
      Size/MD5:   944732 3c8da9b4c9ba7ff09299af6cbf08ecfb
      Size/MD5:   176202 08cb62653624af70c0fb79743e5775e3
      Size/MD5:     1316 32a1e3ae3a9b429013584199b7b532da
      Size/MD5:   400868 b14d7a5f3b97a352315b5e71259f5e4f
      Size/MD5:    14630 fcf714decbc9aa6eb4a0b3c13f4dd3a6

Updated packages for Ubuntu 8.10:

  Source archives:
      Size/MD5:    41254 77d55801338fe1289c394d0fcc45da90
      Size/MD5:     2335 cf427ca913569cfa1ffb289a3449828a
      Size/MD5:  9102819 a270252e1a1342e83d1596e2d42a7282

  Architecture independent packages:
      Size/MD5:   145436 9956a80c0d4455b62e7f97efd71da5ef
      Size/MD5:    55676 93fa74dbaa1665a4e31025ebfaa0f287
      Size/MD5:    55668 c13473de5ab986c102c048d31054d539

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:   331948 666feb394e8cf1bc6a9e8713df08f58b
      Size/MD5:  1232494 fa306767fc61f3da519a2a96e2b1304a
      Size/MD5:    58700 cf1f8f074db761c5c5bd010e56858e86
      Size/MD5:  4001498 13ca26c6f004574f04e8315b3fe20f41
      Size/MD5:   393594 e37dd5c047d5fd4e74021b32bc88f12b
      Size/MD5:    15568 e3e8075adcb41a348a5f895dea80dda1
      Size/MD5:   924454 25e7f194ec05ef0bc39c6970cfd3d86a
      Size/MD5:   213378 24f5791685da86b3236211f23f9684f9
      Size/MD5:     1300 1be987a3b431dab7a11423c407442e1c

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:   331962 3519e5e211ac0cad798aa60c4a849288
      Size/MD5:  1344010 6dadb820d74d559909208be4e14dfc0f
      Size/MD5:    61400 578cbce2bdc4d595b8a692527caba7d1
      Size/MD5:  4179676 a323d9c1a5c08de0998b14b8004604e6
      Size/MD5:   392556 b160f84ca09e9937df160d540a179255
      Size/MD5:    15062 8af12d1826ef1ea9860c5b254071df64
      Size/MD5:   931050 4cb1f3722044e5600bdd2f47a9d182f4
      Size/MD5:   212396 f6865eb3d8bd3db62927b23ecb103e01
      Size/MD5:     1304 49fdeabc2a19afd2373c9388d24542c1

  lpia architecture (Low Power Intel Architecture):
      Size/MD5:   331970 aa5c6d57f76da674d3786459a8badff7
      Size/MD5:  1227008 f31dfb1198a1c13394a264ffb46b203d
      Size/MD5:    60786 0167d08e60cd94b171954370a33a4556
      Size/MD5:  3908218 501a5762f566a4eb9bb0917147ba3032
      Size/MD5:   392472 b59c0580705f3d684a59aaff6028c0cc
      Size/MD5:    15036 543dab3f22a50d076fb2c0406407f530
      Size/MD5:   930218 40d546adfabfb90de5788806a7a92b9e
      Size/MD5:   211434 c69f67d6611346acde544ba7c5c427ff
      Size/MD5:     1302 a849b16e9850fa376c54eb7e5738e9f3

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5:   331968 960929e7602647935024f4da09907570
      Size/MD5:  1240800 89807d2cccad96e01ee05cc6c7430699
      Size/MD5:    64684 009109dafc80cabf49f2d78fcce0d6fa
      Size/MD5:  4016826 01aee7e37af3dd78e1f42baa08d138b1
      Size/MD5:   425990 bfb0d13fb6b6dd3d69ed19a8f4262501
      Size/MD5:    21622 753b36a137aa03c090b20c484316acb5
      Size/MD5:  1119396 491f25071bc22fb8ae812a69a867ef01
      Size/MD5:   225638 70cde5d8faa10f41f0d4c827b0cdef55
      Size/MD5:     1314 3ff68c89fb33b569afab53bd6132c44d

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5:   331972 fbfaef3a3348ea0adb11a12809bbbba1
      Size/MD5:  1220876 7a4fc40d366024d44287b3a9ffae8e60
      Size/MD5:    51178 373c356eac258890a66dfbda46a957e7
      Size/MD5:  3583032 b01b680f06d99b2335a3cbd8d5d3c9a2
      Size/MD5:   400690 2cf2ada8e4dfc556b7f049940b3bb8fc
      Size/MD5:    14664 fecc45a514a3fe37d86a9e301db440be
      Size/MD5:   933820 88b74b50a11729ff715da479d12b902a
      Size/MD5:   185908 1d7e345b1a33dce0745d2e5c46aefd07
      Size/MD5:     1312 b60a69e409ad4fb8dc8643e2b821f06a

< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
MongoDB Patches Remote Denial-of-Service Vulnerability
DDoS Attack Against GitHub Continues After More Than Four Days
5 keys to hiring security talent
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.