Sikkerhedsoplysninger / 2005 / Sikkerhedsoplysninger -- DSA-657-1 xine-lib

Debians sikkerhedsbulletin

DSA-657-1 xine-lib -- bufferoverløb

Rapporteret den:

25. jan 2005

Berørte pakker:

xine-lib

Sårbar:

Ja

Referencer i sikkerhedsdatabaser:

I Bugtraq-databasen (hos SecurityFocus): BugTraq-id 11205.
I Mitres CVE-ordbog: CVE-2004-1379.

Yderligere oplysninger:

Et heapoverløb er opdaget i DVD subpicture-dekoderen i xine-lib. En angriber kunne forårsage at vilkårlig kode blev udført på offerets værtsmaskine ved at levere en ondsindet MPEG-fil. Ved at narre brugere til at kigge på en ondsindet netværks-stream, kunne dette problem fjernudnyttes.

I den stabile distribution (woody) er dette problem rettet i version 0.9.8-2woody2.

I den ustabile distribution (sid) er dette problem rettet i version 1-rc6a-1.

Vi anbefaler at du opgraderer dine libxine-pakker.

Rettet i:

Debian GNU/Linux 3.0 (woody)

Kildekode:

http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_0.9.8-2woody3.dsc

http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_0.9.8-2woody3.diff.gz

http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_0.9.8.orig.tar.gz

Alpha:

http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody3_alpha.deb

http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody3_alpha.deb

ARM:

http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody3_arm.deb

http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody3_arm.deb

Intel IA-32:

http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody3_i386.deb

http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody3_i386.deb

Intel IA-64:

http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody3_ia64.deb

http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody3_ia64.deb

HPPA:

http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody3_hppa.deb

http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody3_hppa.deb

Motorola 680x0:

http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody3_m68k.deb

http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody3_m68k.deb

Big endian MIPS:

http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody3_mips.deb

http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody3_mips.deb

Little endian MIPS:

http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody3_mipsel.deb

http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody3_mipsel.deb

PowerPC:

http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody3_powerpc.deb

http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody3_powerpc.deb

IBM S/390:

http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody3_s390.deb

http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody3_s390.deb

Sun Sparc:

http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody3_sparc.deb

http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody3_sparc.deb

MD5-kontrolsummer for de listede filer findes i den originale sikkerhedsbulletin.