User: Password:
Subscribe / Log in / New account

Ubuntu alert USN-315-1 (libmms, xine-lib)

From:  Martin Pitt <>
Subject:  [USN-315-1] libmms, xine-lib vulnerabilities
Date:  Wed, 12 Jul 2006 17:56:32 +0200

=========================================================== Ubuntu Security Notice USN-315-1 July 12, 2006 libmms, xine-lib vulnerabilities =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.04 Ubuntu 5.10 Ubuntu 6.06 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 5.04: libxine1 1.0-1ubuntu3.8 Ubuntu 5.10: libmms0 0.1-0ubuntu1.2 libxine1c2 1.0.1-1ubuntu10.4 Ubuntu 6.06 LTS: libxine-main1 1.1.1+ubuntu2-7.2 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Matthias Hopf discovered several buffer overflows in libmms. By tricking a user into opening a specially crafted remote multimedia stream with an application using libmms, a remote attacker could exploit this to execute arbitrary code with the user's privileges. The Xine library contains an embedded copy of libmms, and thus needs the same security update. Updated packages for Ubuntu 5.04: Source archives: Size/MD5: 5811 6a41fae784ef1516888d20a8ec08c663 Size/MD5: 1070 9880832522e9ec56d035abe93b4e2471 Size/MD5: 7384258 96e5195c366064e7778af44c3e71f43a amd64 architecture (Athlon64, Opteron, EM64T Xeon) Size/MD5: 106922 2b8375b1f380d86fcf366a18d1f3b902 Size/MD5: 3567630 d752e90e7d26650aea95d367dcf84790 i386 architecture (x86 compatible Intel/AMD) Size/MD5: 106932 d95e46c206ca84e80a98e01ad404ef71 Size/MD5: 3750548 743fae494abdd778263762de0100a7c9 powerpc architecture (Apple Macintosh G3/G4/G5) Size/MD5: 106944 2719a6a92c6e4cbbbd884ecdbfe7122e Size/MD5: 3925764 979cd9f6ba73ae35cdce5a965f3068a9 Updated packages for Ubuntu 5.10: Source archives: Size/MD5: 5750 26bc4a3aa10f4c803fa97f9544ecd0bc Size/MD5: 607 592210915bc702a6d9e94ecfe0711fa7 Size/MD5: 317089 ebd88537af9875265e41ee65603ecd1a Size/MD5: 10600 1e73a41d99fb1fb4b2eddb43895caeac Size/MD5: 1189 9f04d287f5ba301eaf6fd2f9e066e3ae Size/MD5: 7774954 9be804b337c6c3a2e202c5a7237cb0f8 amd64 architecture (Athlon64, Opteron, EM64T Xeon) Size/MD5: 19984 21d4c0a07f60aeb1550f198722d9ec99 Size/MD5: 16360 bf82acc8e708dbf4605fb6be016e0e40 Size/MD5: 108948 92beceb19f7806a47992ca8d6fcb5c9c Size/MD5: 3611402 24bcea7ae2e5a4b5776213fd551851f8 i386 architecture (x86 compatible Intel/AMD) Size/MD5: 18312 bbe36a4ac6b616c24be2c7417a44bf26 Size/MD5: 15116 0ed843f14b406370a7a2426ba5c8f459 Size/MD5: 108956 2c9357c05d883747cb7c1c8218e7a257 Size/MD5: 4004566 a6eadc42261b15feb9aaaf9a516edaca powerpc architecture (Apple Macintosh G3/G4/G5) Size/MD5: 20550 88be072a4d9968f6a758d20fba33fb81 Size/MD5: 18054 ecafbce4e2a05da7adacd1b8a716f614 Size/MD5: 108966 d29c1cdfad3738f47441a25be906f7b3 Size/MD5: 3849922 360cf1cbe7d3188a64c371734b2e1f73 sparc architecture (Sun SPARC/UltraSPARC) Size/MD5: 20194 d4a2b3a78581779856656d9d0613d7bd Size/MD5: 16508 9c210d92de01363a6ea9e37f5728f7a9 Size/MD5: 108972 e28a162c5dc38955bea35bdf69101d08 Size/MD5: 3695506 e0113a7af33228a79f4f1439f7ec9c3d Updated packages for Ubuntu 6.06 LTS: Source archives: Size/MD5: 18634 6ac5ed28ef6bec0091a5febc5e40db8a Size/MD5: 1115 8d62a6c7dc5904bb75c013b07864203d Size/MD5: 6099365 5d0f3988e4d95f6af6f3caf2130ee992 amd64 architecture (Athlon64, Opteron, EM64T Xeon) Size/MD5: 115520 4a424ffcb5eb8e99f1f4656e5a68f980 Size/MD5: 2614906 607d5b21edde0264b69edf200f6221a4 i386 architecture (x86 compatible Intel/AMD) Size/MD5: 115526 a151a6d291e2cbc73245b7c6d0c9ca8e Size/MD5: 2933994 a6d1202077f5df87ddde0492fb782945 powerpc architecture (Apple Macintosh G3/G4/G5) Size/MD5: 115532 ab63a178081fc483865a96129fc14351 Size/MD5: 2724624 1f29b24069707f1bc2c6b3fad7bfa92e sparc architecture (Sun SPARC/UltraSPARC) Size/MD5: 115536 5713fb50b7d4b6cdc0e8ee83855e22f8 Size/MD5: 2591402 8bcbbf3ca6e56a52274126cab5e3c846 -- ubuntu-security-announce mailing list

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds