Referenced CVEs:
CVE-2008-3231, CVE-2008-5233, CVE-2008-5234, CVE-2008-5236, CVE-2008-5237, CVE-2008-5238, CVE-2008-5239, CVE-2008-5240, CVE-2008-5241, CVE-2008-5242, CVE-2008-5243, CVE-2008-5244, CVE-2008-5246, CVE-2008-5248
Description:
===========================================================Ubuntu Security Notice USN-710-1 January 26, 2009xine-lib vulnerabilitiesCVE-2008-3231, CVE-2008-5233, CVE-2008-5234, CVE-2008-5236,CVE-2008-5237, CVE-2008-5238, CVE-2008-5239, CVE-2008-5240,CVE-2008-5241, CVE-2008-5242, CVE-2008-5243, CVE-2008-5244,CVE-2008-5246, CVE-2008-5248===========================================================A security issue affects the following Ubuntu releases:Ubuntu 6.06 LTSUbuntu 7.10Ubuntu 8.04 LTSUbuntu 8.10This advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 6.06 LTS: libxine-main1 1.1.1+ubuntu2-7.10Ubuntu 7.10: libxine1 1.1.7-1ubuntu1.4Ubuntu 8.04 LTS: libxine1 1.1.11.1-1ubuntu3.2Ubuntu 8.10: libxine1 1.1.15-0ubuntu3.1After a standard system upgrade you need to restart applications linked againstxine-lib, such as Totem-xine and Amarok, to effect the necessary changes.Details follow:It was discovered that xine-lib did not correctly handle certain malformedOgg and Windows Media files. If a user or automated system were tricked intoopening a specially crafted Ogg or Windows Media file, an attacker could causexine-lib to crash, creating a denial of service. This issue only applied toUbuntu 6.06 LTS, 7.10, and 8.04 LTS. (CVE-2008-3231)It was discovered that the MNG, MOD, and Real demuxers in xine-lib did notcorrectly handle memory allocation failures. If a user or automated system weretricked into opening a specially crafted MNG, MOD, or Real file, an attackercould crash xine-lib or possibly execute arbitrary code with the privileges ofthe user invoking the program. This issue only applied to Ubuntu 6.06 LTS, 7.10,and 8.04 LTS. (CVE-2008-5233)It was discovered that the QT demuxer in xine-lib did not correctly handlean invalid metadata atom size, resulting in a heap-based buffer overflow. If auser or automated system were tricked into opening a specially crafted MOV file,an attacker could execute arbitrary code as the user invoking the program.(CVE-2008-5234, CVE-2008-5242)It was discovered that the Real, RealAudio, and Matroska demuxers in xine-libdid not correctly handle malformed files, resulting in heap-based bufferoverflows. If a user or automated system were tricked into opening a speciallycrafted Real, RealAudio, or Matroska file, an attacker could execute arbitrarycode as the user invoking the program. (CVE-2008-5236)It was discovered that the MNG and QT demuxers in xine-lib did not correctlyhandle malformed files, resulting in integer overflows. If a user or automatedsystem were tricked into opening a specially crafted MNG or MOV file, anattacker could execute arbitrary code as the user invoking the program.(CVE-2008-5237)It was discovered that the Matroska, MOD, Real, and Real Audio demuxers inxine-lib did not correctly handle malformed files, resulting in integeroverflows. If a user or automated system were tricked into opening a speciallycrafted Matroska, MOD, Real, or Real Audio file, an attacker could executearbitrary code as the user invoking the program. This issue only applied toUbuntu 6.06 LTS, 7.10, and 8.04 LTS. (CVE-2008-5238)It was discovered that the input handlers in xine-lib did not correctly handlecertain error codes, resulting in out-of-bounds reads and heap-based bufferoverflows. If a user or automated system were tricked into opening a speciallycrafted file, stream, or URL, an attacker could execute arbitrary code as theuser invoking the program. (CVE-2008-5239)It was discovered that the Matroska and Real demuxers in xine-lib did notcorrectly handle memory allocation failures. If a user or automated system weretricked into opening a specially crafted Matroska or Real file, an attackercould crash xine-lib or possibly execute arbitrary code with the privileges ofthe user invoking the program. (CVE-2008-5240)It was discovered that the QT demuxer in xine-lib did not correctly handlean invalid metadata atom size in a compressed MOV file, resulting in an integerunderflow. If a user or automated system were tricked into opening a speciallycrafted MOV file, an attacker could an attacker could cause xine-lib to crash,creating a denial of service. (CVE-2008-5241)It was discovered that the Real demuxer in xine-lib did not correctly handlecertain malformed files. If a user or automated system were tricked into openinga specially crafted Real file, an attacker could could cause xine-lib to crash,creating a denial of service. (CVE-2008-5243)It was discovered that xine-lib did not correctly handle certain malformed AACfiles. If a user or automated system were tricked into opening a speciallycrafted AAC file, an attacker could could cause xine-lib to crash, creating adenial of service. This issue only applied to Ubuntu 7.10, and 8.04 LTS.(CVE-2008-5244)It was discovered that the id3 tag handler in xine-lib did not correctly handlemalformed tags, resulting in heap-based buffer overflows. If a user or automatedsystem were tricked into opening a media file containing a specially crafted id3tag, an attacker could execute arbitrary code as the user invoking the program.This issue only applied to Ubuntu 6.06 LTS, 7.10, and 8.04 LTS. (CVE-2008-5246)It was discovered that xine-lib did not correctly handle MP3 files with metadataconsisting only of separators. If a user or automated system were tricked intoopening a specially crafted MP3 file, an attacker could could cause xine-lib tocrash, creating a denial of service. This issue only applied to Ubuntu 6.06 LTS,7.10, and 8.04 LTS. (CVE-2008-5248)It was discovered that the Matroska demuxer in xine-lib did not correctly handlean invalid track type. If a user or automated system were tricked into openinga specially crafted Matroska file, an attacker could could cause xine-lib tocrash, creating a denial of service.It was discovered that the ffmpeg video decoder in xine-lib did not correctlyhandle media with certain image heights, resulting in a heap-based bufferoverflow. If a user or automated system were tricked into opening a speciallycrafted video file, an attacker could crash xine-lib or possibly executearbitrary code with the privileges of the user invoking the program. This issueonly applied to Ubuntu 7.10, 8.04 LTS, and 8.10.It was discovered that the ffmpeg audio decoder in xine-lib did not correctlyhandle malformed media, resulting in a integer overflow. If a user or automatedsystem were tricked into opening a specially crafted media file, an attackercould crash xine-lib or possibly execute arbitrary code with the privileges ofthe user invoking the program. This issue only applied to Ubuntu 8.10.
More...
