News

Monday, March 16, 2009

ubuntu-security-announce Digest, Vol 54, Issue 8

Send ubuntu-security-announce mailing list submissions to
ubuntu-security-announce@lists.ubuntu.com

To subscribe or unsubscribe via the World Wide Web, visit
https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
or, via email, send a message with subject or body 'help' to
ubuntu-security-announce-request@lists.ubuntu.com

You can reach the person managing the list at
ubuntu-security-announce-owner@lists.ubuntu.com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of ubuntu-security-announce digest..."


Today's Topics:

1. [USN-735-1] GStreamer Base Plugins vulnerability
(Marc Deslauriers)
2. [USN-736-1] GStreamer Good Plugins vulnerabilities
(Marc Deslauriers)
3. [USN-737-1] libsoup vulnerability (Marc Deslauriers)


----------------------------------------------------------------------

Message: 1
Date: Mon, 16 Mar 2009 16:41:20 -0400
From: Marc Deslauriers <marc.deslauriers@canonical.com>
Subject: [USN-735-1] GStreamer Base Plugins vulnerability
To: ubuntu-security-announce@lists.ubuntu.com
Cc: full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com
Message-ID: <1237236080.29190.7.camel@mdlinux.technorage.com>
Content-Type: text/plain; charset="us-ascii"

===========================================================
Ubuntu Security Notice USN-735-1 March 16, 2009
gst-plugins-base0.10 vulnerability
CVE-2009-0586
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.10:
gstreamer0.10-plugins-base 0.10.21-3ubuntu0.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

It was discovered that the Base64 decoding functions in GStreamer Base
Plugins did not properly handle large images in Vorbis file tags. If a user
were tricked into opening a specially crafted Vorbis file, an attacker
could possibly execute arbitrary code with user privileges.


Updated packages for Ubuntu 8.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-base0.10/gst-plugins-base0.10_0.10.21-3ubuntu0.1.diff.gz
Size/MD5: 32114 087761c1ddba86cacb5d3d13890e39c4
http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-base0.10/gst-plugins-base0.10_0.10.21-3ubuntu0.1.dsc
Size/MD5: 2446 776e939b1f7f685f31bfb213ab498f50
http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-base0.10/gst-plugins-base0.10_0.10.21.orig.tar.gz
Size/MD5: 2845594 69caf16640ebf2477a9197f62a5d6ee2

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-base0.10/gstreamer0.10-plugins-base-doc_0.10.21-3ubuntu0.1_all.deb
Size/MD5: 354980 9f5ca61fa4e5875203752f666c1a9827

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-base0.10/gstreamer0.10-alsa_0.10.21-3ubuntu0.1_amd64.deb
Size/MD5: 39630 8de3196ec056dcdc304872a5b6d7a89d
http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-base0.10/gstreamer0.10-gnomevfs_0.10.21-3ubuntu0.1_amd64.deb
Size/MD5: 17504 320de292fea8251b2508a2101fe102ff
http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-base0.10/gstreamer0.10-plugins-base-apps_0.10.21-3ubuntu0.1_amd64.deb
Size/MD5: 45050 a9b8dc4cc2f7e6d96e195f05913c40c5
http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-base0.10/gstreamer0.10-plugins-base-dbg_0.10.21-3ubuntu0.1_amd64.deb
Size/MD5: 2116530 fc2d7445d6f477ffcf82df58c1e13c49
http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-base0.10/gstreamer0.10-plugins-base_0.10.21-3ubuntu0.1_amd64.deb
Size/MD5: 574980 0561f45b70f0602a27bdca91ee9c9737
http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-base0.10/gstreamer0.10-x_0.10.21-3ubuntu0.1_amd64.deb
Size/MD5: 75554 b2018f9fb343d0e7c3a63825cfdc218b
http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-base0.10/libgstreamer-plugins-base0.10-0_0.10.21-3ubuntu0.1_amd64.deb
Size/MD5: 296128 abb2d077b1ce2791accefd67f4379f52
http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-base0.10/libgstreamer-plugins-base0.10-dev_0.10.21-3ubuntu0.1_amd64.deb
Size/MD5: 57920 29e9dd111a8611f66ed8d0c4dbbdd451

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-base0.10/gstreamer0.10-alsa_0.10.21-3ubuntu0.1_i386.deb
Size/MD5: 35866 98179f92f2c8e9a189e030d5ebae0c2d
http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-base0.10/gstreamer0.10-gnomevfs_0.10.21-3ubuntu0.1_i386.deb
Size/MD5: 15956 d58d756ffd81a82417ffe8ff1a99360d
http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-base0.10/gstreamer0.10-plugins-base-apps_0.10.21-3ubuntu0.1_i386.deb
Size/MD5: 45084 729ece20541d14597c65bacb4992a8af
http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-base0.10/gstreamer0.10-plugins-base-dbg_0.10.21-3ubuntu0.1_i386.deb
Size/MD5: 2012246 ff9d76f152ddaf49077c064fa3a5cf96
http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-base0.10/gstreamer0.10-plugins-base_0.10.21-3ubuntu0.1_i386.deb
Size/MD5: 545282 5306637b57c284b7b100b5e376433313
http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-base0.10/gstreamer0.10-x_0.10.21-3ubuntu0.1_i386.deb
Size/MD5: 69244 5b3f1c7b3d22d5c228d9b515462d8fa0
http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-base0.10/libgstreamer-plugins-base0.10-0_0.10.21-3ubuntu0.1_i386.deb
Size/MD5: 275338 da20ab3e25212ec17dee4a0f7a56298a
http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-base0.10/libgstreamer-plugins-base0.10-dev_0.10.21-3ubuntu0.1_i386.deb
Size/MD5: 58476 009ba58fc2cba5aa68778c2bdf30fec0

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/g/gst-plugins-base0.10/gstreamer0.10-alsa_0.10.21-3ubuntu0.1_lpia.deb
Size/MD5: 36370 b9d55f4942addff7a22aa7cc9ad9f5fa
http://ports.ubuntu.com/pool/main/g/gst-plugins-base0.10/gstreamer0.10-gnomevfs_0.10.21-3ubuntu0.1_lpia.deb
Size/MD5: 15970 5e4c4bd01da1f5d549b42cceb7c504dd
http://ports.ubuntu.com/pool/main/g/gst-plugins-base0.10/gstreamer0.10-plugins-base-apps_0.10.21-3ubuntu0.1_lpia.deb
Size/MD5: 45046 31f74e0feedf06865a15beace52aea87
http://ports.ubuntu.com/pool/main/g/gst-plugins-base0.10/gstreamer0.10-plugins-base-dbg_0.10.21-3ubuntu0.1_lpia.deb
Size/MD5: 2050002 4dd4f9600ac6f4b56a1a50e685e11d6d
http://ports.ubuntu.com/pool/main/g/gst-plugins-base0.10/gstreamer0.10-plugins-base_0.10.21-3ubuntu0.1_lpia.deb
Size/MD5: 544594 a60cdc88e5042f36e8f06b9a36b63d60
http://ports.ubuntu.com/pool/main/g/gst-plugins-base0.10/gstreamer0.10-x_0.10.21-3ubuntu0.1_lpia.deb
Size/MD5: 68992 997db137876106dae7d1cea34e6cd57a
http://ports.ubuntu.com/pool/main/g/gst-plugins-base0.10/libgstreamer-plugins-base0.10-0_0.10.21-3ubuntu0.1_lpia.deb
Size/MD5: 271472 0cca60030f41472a54160131ee0e71e2
http://ports.ubuntu.com/pool/main/g/gst-plugins-base0.10/libgstreamer-plugins-base0.10-dev_0.10.21-3ubuntu0.1_lpia.deb
Size/MD5: 57908 971d4cd4a75f4d9f8146839d33d62597

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/g/gst-plugins-base0.10/gstreamer0.10-alsa_0.10.21-3ubuntu0.1_powerpc.deb
Size/MD5: 39192 1cebf894b76f7c3f37146c0a89db04e0
http://ports.ubuntu.com/pool/main/g/gst-plugins-base0.10/gstreamer0.10-gnomevfs_0.10.21-3ubuntu0.1_powerpc.deb
Size/MD5: 17736 cd7c22d8bdae65437d7cab295883d3ce
http://ports.ubuntu.com/pool/main/g/gst-plugins-base0.10/gstreamer0.10-plugins-base-apps_0.10.21-3ubuntu0.1_powerpc.deb
Size/MD5: 45046 ff9df1bc6dadfe233d556662baf308c1
http://ports.ubuntu.com/pool/main/g/gst-plugins-base0.10/gstreamer0.10-plugins-base-dbg_0.10.21-3ubuntu0.1_powerpc.deb
Size/MD5: 2141690 20bd1d66bd6cd4c3882c96df44706e03
http://ports.ubuntu.com/pool/main/g/gst-plugins-base0.10/gstreamer0.10-plugins-base_0.10.21-3ubuntu0.1_powerpc.deb
Size/MD5: 619900 ac50db0473223cee0fdb75fb2cff68f4
http://ports.ubuntu.com/pool/main/g/gst-plugins-base0.10/gstreamer0.10-x_0.10.21-3ubuntu0.1_powerpc.deb
Size/MD5: 74564 9cad9303ed1f992e419caf79ae9b83bb
http://ports.ubuntu.com/pool/main/g/gst-plugins-base0.10/libgstreamer-plugins-base0.10-0_0.10.21-3ubuntu0.1_powerpc.deb
Size/MD5: 307694 b438c6a7d6eeda92689e69a061b19ec4
http://ports.ubuntu.com/pool/main/g/gst-plugins-base0.10/libgstreamer-plugins-base0.10-dev_0.10.21-3ubuntu0.1_powerpc.deb
Size/MD5: 57922 6946d3b3c1ecbe2fa40f65d46b8c2384

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/g/gst-plugins-base0.10/gstreamer0.10-alsa_0.10.21-3ubuntu0.1_sparc.deb
Size/MD5: 36182 0986c414db36aff71c2c608041473086
http://ports.ubuntu.com/pool/main/g/gst-plugins-base0.10/gstreamer0.10-gnomevfs_0.10.21-3ubuntu0.1_sparc.deb
Size/MD5: 16170 0b297a7d77455479587e1ac852e7510d
http://ports.ubuntu.com/pool/main/g/gst-plugins-base0.10/gstreamer0.10-plugins-base-apps_0.10.21-3ubuntu0.1_sparc.deb
Size/MD5: 45050 8d1a9a7f2b6d40bb3f4f5b0a6c466681
http://ports.ubuntu.com/pool/main/g/gst-plugins-base0.10/gstreamer0.10-plugins-base-dbg_0.10.21-3ubuntu0.1_sparc.deb
Size/MD5: 1940702 96c0b54bb0a3f4f36db68753aad6b468
http://ports.ubuntu.com/pool/main/g/gst-plugins-base0.10/gstreamer0.10-plugins-base_0.10.21-3ubuntu0.1_sparc.deb
Size/MD5: 554774 94e88aa061a26a67d4fb2ccc447904f5
http://ports.ubuntu.com/pool/main/g/gst-plugins-base0.10/gstreamer0.10-x_0.10.21-3ubuntu0.1_sparc.deb
Size/MD5: 69512 99a67191cd9488ff4bd7b84420ffa414
http://ports.ubuntu.com/pool/main/g/gst-plugins-base0.10/libgstreamer-plugins-base0.10-0_0.10.21-3ubuntu0.1_sparc.deb
Size/MD5: 289030 b1302ea1e9660c9301a0baea78bbc371
http://ports.ubuntu.com/pool/main/g/gst-plugins-base0.10/libgstreamer-plugins-base0.10-dev_0.10.21-3ubuntu0.1_sparc.deb
Size/MD5: 57934 4d709ac874b48de220ae56c9f0dd4bd4


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
Url : https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20090316/af6c81dd/attachment.pgp

------------------------------

Message: 2
Date: Mon, 16 Mar 2009 16:40:32 -0400
From: Marc Deslauriers <marc.deslauriers@canonical.com>
Subject: [USN-736-1] GStreamer Good Plugins vulnerabilities
To: ubuntu-security-announce@lists.ubuntu.com
Cc: full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com
Message-ID: <1237236032.29190.6.camel@mdlinux.technorage.com>
Content-Type: text/plain; charset="us-ascii"

===========================================================
Ubuntu Security Notice USN-736-1 March 16, 2009
gst-plugins-good0.10 vulnerabilities
CVE-2009-0386, CVE-2009-0387, CVE-2009-0397
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 7.10
Ubuntu 8.04 LTS
Ubuntu 8.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 7.10:
gstreamer0.10-plugins-good 0.10.6-0ubuntu4.2

Ubuntu 8.04 LTS:
gstreamer0.10-plugins-good 0.10.7-3ubuntu0.2

Ubuntu 8.10:
gstreamer0.10-plugins-good 0.10.10.4-1ubuntu1.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

It was discovered that GStreamer Good Plugins did not correctly handle
malformed Composition Time To Sample (ctts) atom data in Quicktime (mov)
movie files. If a user were tricked into opening a crafted mov file, an
attacker could execute arbitrary code with the privileges of the user
invoking the program. (CVE-2009-0386)

It was discovered that GStreamer Good Plugins did not correctly handle
malformed Sync Sample (aka stss) atom data in Quicktime (mov) movie files.
If a user were tricked into opening a crafted mov file, an attacker could
cause a denial of service via application crash, or possibly execute
arbitrary code with the privileges of the user invoking the program.
(CVE-2009-0387)

It was discovered that GStreamer Good Plugins did not correctly handle
malformed Time-to-sample (aka stts) atom data in Quicktime (mov) movie
files. If a user were tricked into opening a crafted mov file, an attacker
could execute arbitrary code with the privileges of the user invoking the
program. (CVE-2009-0397)


Updated packages for Ubuntu 7.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gst-plugins-good0.10_0.10.6-0ubuntu4.2.diff.gz
Size/MD5: 67112 7826ecd1bd6e8a1c3b821bfaf9830624
http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gst-plugins-good0.10_0.10.6-0ubuntu4.2.dsc
Size/MD5: 1743 5f67843ea983e1cc958d9322162409ed
http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gst-plugins-good0.10_0.10.6.orig.tar.gz
Size/MD5: 2414361 8cae6351d3b5739104fbc9822eedff79

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-doc_0.10.6-0ubuntu4.2_all.deb
Size/MD5: 118816 11b4f7acd83c04004f5fc6a8fb72d832

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.6-0ubuntu4.2_amd64.deb
Size/MD5: 41604 993f77202e85d229aa113762fe517b37
http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.6-0ubuntu4.2_amd64.deb
Size/MD5: 2275322 bae59a4e722193038379930052f50917
http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.6-0ubuntu4.2_amd64.deb
Size/MD5: 887638 fda3a440fb0b7548ab52fe95b3159835

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.6-0ubuntu4.2_i386.deb
Size/MD5: 41398 49811711b54ba7aaff1544d9d20cc68d
http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.6-0ubuntu4.2_i386.deb
Size/MD5: 2191584 e5c7b780c1ce75813b403e25f6730867
http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.6-0ubuntu4.2_i386.deb
Size/MD5: 831526 568321670e8107f5db63d60d905dad93

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.6-0ubuntu4.2_lpia.deb
Size/MD5: 41056 4fa8d02cccb01473404a7f122fdb33d3
http://ports.ubuntu.com/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.6-0ubuntu4.2_lpia.deb
Size/MD5: 2281274 d06182072ee3f98ee883c1acb97cc86b
http://ports.ubuntu.com/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.6-0ubuntu4.2_lpia.deb
Size/MD5: 814816 44b569bebd15909ba2aea80b6aa31397

powerpc architecture (Apple Macintosh G3/G4/G5):

http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.6-0ubuntu4.2_powerpc.deb
Size/MD5: 42316 90c7f5f9d32ba62ee02cd5bbbb213856
http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.6-0ubuntu4.2_powerpc.deb
Size/MD5: 2316364 7def44bedaa6c716dd2b77d9a12b42d3
http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.6-0ubuntu4.2_powerpc.deb
Size/MD5: 940822 c3b04ca11a9cdef468b85742873f78bc

sparc architecture (Sun SPARC/UltraSPARC):

http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.6-0ubuntu4.2_sparc.deb
Size/MD5: 41486 fa078f615a2364b671b1ebaa8009c0cc
http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.6-0ubuntu4.2_sparc.deb
Size/MD5: 2159272 48974964c0240b55ef60dbdfe8b580d7
http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.6-0ubuntu4.2_sparc.deb
Size/MD5: 869910 b01a21e97dbeff8e6f4fb50b93ac6348

Updated packages for Ubuntu 8.04 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gst-plugins-good0.10_0.10.7-3ubuntu0.2.diff.gz
Size/MD5: 27150 276829aa6bb50c88f11f24bdd733571e
http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gst-plugins-good0.10_0.10.7-3ubuntu0.2.dsc
Size/MD5: 2161 0ff7385900d3e64a1d4ae44935389ec6
http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gst-plugins-good0.10_0.10.7.orig.tar.gz
Size/MD5: 2679804 2832ded1d6be0356d77689b6ca1b5f83

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-doc_0.10.7-3ubuntu0.2_all.deb
Size/MD5: 150278 a5817f07555b3c1ab41b7af156799ee7

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.7-3ubuntu0.2_amd64.deb
Size/MD5: 45238 910a26a894d4506028cffd046ac8fbba
http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.7-3ubuntu0.2_amd64.deb
Size/MD5: 2409572 33b1f10441a4201d5ae9ee4ca0761923
http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.7-3ubuntu0.2_amd64.deb
Size/MD5: 933134 0e8674f3ce1bccf37e982e3727d94294

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.7-3ubuntu0.2_i386.deb
Size/MD5: 44902 eed5f821f251132f446a846f48304a43
http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.7-3ubuntu0.2_i386.deb
Size/MD5: 2314362 bea2f7f92700f3f2c7fe71a1c43f0754
http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.7-3ubuntu0.2_i386.deb
Size/MD5: 873156 27992e0787ea3aff0a0eb7f59eec5126

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.7-3ubuntu0.2_lpia.deb
Size/MD5: 44736 d4b93548a750b06cc7f40960132ad110
http://ports.ubuntu.com/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.7-3ubuntu0.2_lpia.deb
Size/MD5: 2344270 4778f061096af08462b9657f2cad760d
http://ports.ubuntu.com/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.7-3ubuntu0.2_lpia.deb
Size/MD5: 859928 c9dd5e1f7ecfb11355df506de0b5de1b

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.7-3ubuntu0.2_powerpc.deb
Size/MD5: 45866 f064d1579430aaf24d6a740d7eeeccaa
http://ports.ubuntu.com/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.7-3ubuntu0.2_powerpc.deb
Size/MD5: 2441478 936594dcdcf5ef13553c9630b48d7b64
http://ports.ubuntu.com/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.7-3ubuntu0.2_powerpc.deb
Size/MD5: 992084 085f21a48e8b56ebfaf14700749185b8

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.7-3ubuntu0.2_sparc.deb
Size/MD5: 44946 7681084b96b4458c18554b65cf918663
http://ports.ubuntu.com/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.7-3ubuntu0.2_sparc.deb
Size/MD5: 2281090 0a789144a1997411dfe30968c2ba2610
http://ports.ubuntu.com/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.7-3ubuntu0.2_sparc.deb
Size/MD5: 905338 25313fb1480061615b088ad6ea04c855

Updated packages for Ubuntu 8.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gst-plugins-good0.10_0.10.10.4-1ubuntu1.1.diff.gz
Size/MD5: 33043 87e21ff6758d3f6ab0065c439be185b1
http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gst-plugins-good0.10_0.10.10.4-1ubuntu1.1.dsc
Size/MD5: 2761 5be1823ac44dea0836eb6c318e831abd
http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gst-plugins-good0.10_0.10.10.4.orig.tar.gz
Size/MD5: 3176916 1ed4e64beb386631a127af49a1e05946

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-doc_0.10.10.4-1ubuntu1.1_all.deb
Size/MD5: 189358 3a849665e603ad3bc379f5f522a182f8

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.10.4-1ubuntu1.1_amd64.deb
Size/MD5: 49132 0a5c61831d804c8526876c194a5aa747
http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.10.4-1ubuntu1.1_amd64.deb
Size/MD5: 2972546 852117c1333bbe43abcc6eacdc2d7d94
http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.10.4-1ubuntu1.1_amd64.deb
Size/MD5: 1096762 eee3ab4248ab3b851c32dfe8c40adcbf
http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-pulseaudio_0.10.10.4-1ubuntu1.1_amd64.deb
Size/MD5: 66856 a1f74277a76f4e4c074c4ac0c06322f7

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.10.4-1ubuntu1.1_i386.deb
Size/MD5: 48936 0030f3baa0782e03d5d100e9ca7c550a
http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.10.4-1ubuntu1.1_i386.deb
Size/MD5: 2858450 2f4472fd8310f7f5e5898c0e41520481
http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.10.4-1ubuntu1.1_i386.deb
Size/MD5: 1029396 96e963418d132421d589798a206565ff
http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-pulseaudio_0.10.10.4-1ubuntu1.1_i386.deb
Size/MD5: 64510 a1c7555097c14614724244efc325bfb9

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.10.4-1ubuntu1.1_lpia.deb
Size/MD5: 48856 0ee1ac631dd62a640c58bc87d6e374e8
http://ports.ubuntu.com/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.10.4-1ubuntu1.1_lpia.deb
Size/MD5: 2900804 eae5ec3f80646dffacc48301c41a20e6
http://ports.ubuntu.com/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.10.4-1ubuntu1.1_lpia.deb
Size/MD5: 1016492 b7eba3f28903c0d61d0a791db9b09f1c
http://ports.ubuntu.com/pool/main/g/gst-plugins-good0.10/gstreamer0.10-pulseaudio_0.10.10.4-1ubuntu1.1_lpia.deb
Size/MD5: 64642 8e9c5e1c9a7a3a48b6f9a4304c84fa62

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.10.4-1ubuntu1.1_powerpc.deb
Size/MD5: 50050 bfaa7fd7f36852c350a0ce1395c46c87
http://ports.ubuntu.com/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.10.4-1ubuntu1.1_powerpc.deb
Size/MD5: 3014048 c868ab28d548dddc588b5de1f810b770
http://ports.ubuntu.com/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.10.4-1ubuntu1.1_powerpc.deb
Size/MD5: 1167788 b5d3e32b28830db199dee7942589dcf5
http://ports.ubuntu.com/pool/main/g/gst-plugins-good0.10/gstreamer0.10-pulseaudio_0.10.10.4-1ubuntu1.1_powerpc.deb
Size/MD5: 66754 14c49f9422b7636307040c23e31368a5

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.10.4-1ubuntu1.1_sparc.deb
Size/MD5: 48984 134c7f2faba095746763c78eacd5d842
http://ports.ubuntu.com/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.10.4-1ubuntu1.1_sparc.deb
Size/MD5: 2806242 aac2251e33f78388f7c376e0c74eca24
http://ports.ubuntu.com/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.10.4-1ubuntu1.1_sparc.deb
Size/MD5: 1074420 0e67127b2b893080e40cbc78c147f6e9
http://ports.ubuntu.com/pool/main/g/gst-plugins-good0.10/gstreamer0.10-pulseaudio_0.10.10.4-1ubuntu1.1_sparc.deb
Size/MD5: 64312 b4c1837a4cfb6559a0729eeef155c57c


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
Url : https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20090316/aba88263/attachment.pgp

------------------------------

Message: 3
Date: Mon, 16 Mar 2009 16:43:15 -0400
From: Marc Deslauriers <marc.deslauriers@canonical.com>
Subject: [USN-737-1] libsoup vulnerability
To: ubuntu-security-announce@lists.ubuntu.com
Cc: full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com
Message-ID: <1237236195.29190.8.camel@mdlinux.technorage.com>
Content-Type: text/plain; charset="us-ascii"

===========================================================
Ubuntu Security Notice USN-737-1 March 16, 2009
libsoup vulnerability
CVE-2009-0585
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 7.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
libsoup2.2-8 2.2.93-0ubuntu1.2

Ubuntu 7.10:
libsoup2.2-8 2.2.100-1ubuntu0.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

It was discovered that the Base64 encoding functions in libsoup did not
properly handle large strings. If a user were tricked into connecting to a
malicious server, an attacker could possibly execute arbitrary code with
user privileges.


Updated packages for Ubuntu 6.06 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup_2.2.93-0ubuntu1.2.diff.gz
Size/MD5: 5999 2c6d0c9c26f3cfb187bab8704111759c
http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup_2.2.93-0ubuntu1.2.dsc
Size/MD5: 1698 4d53c3a402f98463c1f8d9d2366326f0
http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup_2.2.93.orig.tar.gz
Size/MD5: 616955 b41efe6d3d475b20fb3b42c134bbccd3

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/universe/libs/libsoup/libsoup2.2-doc_2.2.93-0ubuntu1.2_all.deb
Size/MD5: 112506 e162243c762fe49fefe550c302ced8a6

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-8_2.2.93-0ubuntu1.2_amd64.deb
Size/MD5: 127134 56deb8b6f18138d817822163d7074f6e
http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-dev_2.2.93-0ubuntu1.2_amd64.deb
Size/MD5: 166546 73ba8013211a1b407b6af0a80d807691

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-8_2.2.93-0ubuntu1.2_i386.deb
Size/MD5: 116102 ba19b3980dba1ca1583a9267d7c98780
http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-dev_2.2.93-0ubuntu1.2_i386.deb
Size/MD5: 144636 82452ca9c4fbd71231b497f1c9ad3439

powerpc architecture (Apple Macintosh G3/G4/G5):

http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-8_2.2.93-0ubuntu1.2_powerpc.deb
Size/MD5: 122206 ef801a4822d5147fe5896ea477b3a394
http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-dev_2.2.93-0ubuntu1.2_powerpc.deb
Size/MD5: 167658 3b9d43649f09a3b852514885c0933a01

sparc architecture (Sun SPARC/UltraSPARC):

http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-8_2.2.93-0ubuntu1.2_sparc.deb
Size/MD5: 120856 b2ef9ddf42f083dd49eabb0d155760fd
http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-dev_2.2.93-0ubuntu1.2_sparc.deb
Size/MD5: 157774 8e9a2a6a6bc9b9349a08179c33e800a6

Updated packages for Ubuntu 7.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup_2.2.100-1ubuntu0.1.diff.gz
Size/MD5: 6339 95f4ec280c5e19a4806a2055e108cd03
http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup_2.2.100-1ubuntu0.1.dsc
Size/MD5: 1049 17f92ccd52f6c4e633201f49d60f613e
http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup_2.2.100.orig.tar.gz
Size/MD5: 695700 cb6445ebbc18c1b1f29ae0840e79b96b

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-doc_2.2.100-1ubuntu0.1_all.deb
Size/MD5: 146400 2148bb2b79553a19c8ca3ac230af4cb3

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-8_2.2.100-1ubuntu0.1_amd64.deb
Size/MD5: 137410 710d3f58e47401ffd4e82efcb46078a7
http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-dev_2.2.100-1ubuntu0.1_amd64.deb
Size/MD5: 176090 de65122ca26ca4d53c4398db64ce16c8

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-8_2.2.100-1ubuntu0.1_i386.deb
Size/MD5: 129712 13f33cfb861ea47e4e0d80af736ce213
http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-dev_2.2.100-1ubuntu0.1_i386.deb
Size/MD5: 157814 41a420b7ab3ca4f96bd40452ba3caabb

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/libs/libsoup/libsoup2.2-8_2.2.100-1ubuntu0.1_lpia.deb
Size/MD5: 127114 3b23f35a2f658daf075c605c9393a34f
http://ports.ubuntu.com/pool/main/libs/libsoup/libsoup2.2-dev_2.2.100-1ubuntu0.1_lpia.deb
Size/MD5: 155720 432d9b911c145fafbd4cb897a251fd39

powerpc architecture (Apple Macintosh G3/G4/G5):

http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-8_2.2.100-1ubuntu0.1_powerpc.deb
Size/MD5: 140772 1f04b1ce7a24d1337671197b3e0282d2
http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-dev_2.2.100-1ubuntu0.1_powerpc.deb
Size/MD5: 176862 ed391a0f8ce8c49d94fe956966cefad9

sparc architecture (Sun SPARC/UltraSPARC):

http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-8_2.2.100-1ubuntu0.1_sparc.deb
Size/MD5: 130556 fc66cc245388bb6cba540ae6b3c33d27
http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-dev_2.2.100-1ubuntu0.1_sparc.deb
Size/MD5: 165436 ebcc175df15a7b8105d72d8b92d86161


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
Url : https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20090316/5eef4adf/attachment.pgp

------------------------------

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce


End of ubuntu-security-announce Digest, Vol 54, Issue 8
*******************************************************

No comments:

Blog Archive