English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 148472 CVE descriptions
and 72306 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

===========================================================
Ubuntu Security Notice USN-196-1    October 10, 2005
xine-lib vulnerability
CAN-2005-2337
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

libxine1

The problem can be corrected by upgrading the affected package to
version 1-rc5-1ubuntu2.3 (for Ubuntu 4.10), or 1.0-1ubuntu3.1.1 (for
Ubuntu 5.04). In general, a standard system upgrade is sufficient to
effect the necessary changes.

Details follow:

Ulf Harnhammar discovered a format string vulnerability in the CDDB
module's cache file handling in the Xine library, which is
used by packages such as xine-ui, totem-xine, and gxine.

By tricking an user into playing a particular audio CD which has a
specially-crafted CDDB entry, a remote attacker could exploit this
vulnerability to execute arbitrary code with the privileges of the
user running the application. Since CDDB servers usually allow anybody
to add and modify information, this exploit does not even require a
particular CDDB server to be selected.

Updated packages for Ubuntu 4.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1-rc5-1ubuntu2.3.dsc
      Size/MD5:  950 e8b459976c246115ffdf0a7c70d33afd
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1-rc5-1ubuntu2.3.diff.gz
      Size/MD5:  220802 9a09fc5be2e6ffe4ad25d7409d539dad

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1-rc5-1ubuntu2.3_i386.deb
      Size/MD5:  101504 0e2537474f53e72cf03635aee9640188
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1-rc5-1ubuntu2.3_i386.deb
      Size/MD5:  3728856 d3777d7d0f85dd619659621af0687a9a

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1-rc5-1ubuntu2.3_powerpc.deb
      Size/MD5:  3886682 16ab4ff1d009bf1129095711e6d6fbb4
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1-rc5-1ubuntu2.3_powerpc.deb
      Size/MD5:  101518 5f4f1c57df84f66601bf7274a807389e

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1-rc5-1ubuntu2.3_amd64.deb
      Size/MD5:  3543224 9193b24e44f9526e9e89fa9269882866
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1-rc5-1ubuntu2.3_amd64.deb
      Size/MD5:  101510 4eeab16d35e134dc15c7b67900ecf656

Updated packages for Ubuntu 5.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0-1ubuntu3.1.1.diff.gz
      Size/MD5:  2908 194be64a79278caf503b65ddd1fc7968
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.0-1ubuntu3.1.1.dsc
      Size/MD5:  1074 a0c124cb02ca58cd36776afb07d724b1

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.0-1ubuntu3.1.1_i386.deb
      Size/MD5:  3749742 8bb6e5a242160ac1c71d2c7a7e68d5f2
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0-1ubuntu3.1.1_i386.deb
      Size/MD5:  106424 56a85d1ee4c7f60b0d8c372de2d02a6f

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0-1ubuntu3.1.1_powerpc.deb
      Size/MD5:  106432 e5b89ac536f1ed4650cf792a6d38fc01
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.0-1ubuntu3.1.1_powerpc.deb
      Size/MD5:  3924858 aca067a3b3c66af4f7b88cd1e29474dc

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.0-1ubuntu3.1.1_amd64.deb
      Size/MD5:  3566960 f950cef43d0afead3e545cd3fd7df20b
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0-1ubuntu3.1.1_amd64.deb
      Size/MD5:  106428 852bc6677a089f66677441749cf02b88

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe

© 1998-2019 E-Soft Inc. All rights reserved.