Ubuntu Security Notice USN-736-1 - It was discovered that GStreamer Good Plugins did not correctly handle malformed Composition Time To Sample (ctts) atom data in Quicktime (mov) movie files. If a user were tricked into opening a crafted mov file, an attacker could execute arbitrary code with the privileges of the user invoking the program. It was discovered that GStreamer Good Plugins did not correctly handle malformed Sync Sample (aka stss) atom data in Quicktime (mov) movie files. If a user were tricked into opening a crafted mov file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. It was discovered that GStreamer Good Plugins did not correctly handle malformed Time-to-sample (aka stts) atom data in Quicktime (mov) movie files. If a user were tricked into opening a crafted mov file, an attacker could execute arbitrary code with the privileges of the user invoking the program.
e96fd857e4e7e1dc33b464d15c6b61d1bc385283c3b430689d54b60a852623f3
===========================================================
Ubuntu Security Notice USN-736-1 March 16, 2009
gst-plugins-good0.10 vulnerabilities
CVE-2009-0386, CVE-2009-0387, CVE-2009-0397
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 7.10
Ubuntu 8.04 LTS
Ubuntu 8.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 7.10:
gstreamer0.10-plugins-good 0.10.6-0ubuntu4.2
Ubuntu 8.04 LTS:
gstreamer0.10-plugins-good 0.10.7-3ubuntu0.2
Ubuntu 8.10:
gstreamer0.10-plugins-good 0.10.10.4-1ubuntu1.1
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
It was discovered that GStreamer Good Plugins did not correctly handle
malformed Composition Time To Sample (ctts) atom data in Quicktime (mov)
movie files. If a user were tricked into opening a crafted mov file, an
attacker could execute arbitrary code with the privileges of the user
invoking the program. (CVE-2009-0386)
It was discovered that GStreamer Good Plugins did not correctly handle
malformed Sync Sample (aka stss) atom data in Quicktime (mov) movie files.
If a user were tricked into opening a crafted mov file, an attacker could
cause a denial of service via application crash, or possibly execute
arbitrary code with the privileges of the user invoking the program.
(CVE-2009-0387)
It was discovered that GStreamer Good Plugins did not correctly handle
malformed Time-to-sample (aka stts) atom data in Quicktime (mov) movie
files. If a user were tricked into opening a crafted mov file, an attacker
could execute arbitrary code with the privileges of the user invoking the
program. (CVE-2009-0397)
Updated packages for Ubuntu 7.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gst-plugins-good0.10_0.10.6-0ubuntu4.2.diff.gz
Size/MD5: 67112 7826ecd1bd6e8a1c3b821bfaf9830624
http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gst-plugins-good0.10_0.10.6-0ubuntu4.2.dsc
Size/MD5: 1743 5f67843ea983e1cc958d9322162409ed
http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gst-plugins-good0.10_0.10.6.orig.tar.gz
Size/MD5: 2414361 8cae6351d3b5739104fbc9822eedff79
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-doc_0.10.6-0ubuntu4.2_all.deb
Size/MD5: 118816 11b4f7acd83c04004f5fc6a8fb72d832
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.6-0ubuntu4.2_amd64.deb
Size/MD5: 41604 993f77202e85d229aa113762fe517b37
http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.6-0ubuntu4.2_amd64.deb
Size/MD5: 2275322 bae59a4e722193038379930052f50917
http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.6-0ubuntu4.2_amd64.deb
Size/MD5: 887638 fda3a440fb0b7548ab52fe95b3159835
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.6-0ubuntu4.2_i386.deb
Size/MD5: 41398 49811711b54ba7aaff1544d9d20cc68d
http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.6-0ubuntu4.2_i386.deb
Size/MD5: 2191584 e5c7b780c1ce75813b403e25f6730867
http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.6-0ubuntu4.2_i386.deb
Size/MD5: 831526 568321670e8107f5db63d60d905dad93
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.6-0ubuntu4.2_lpia.deb
Size/MD5: 41056 4fa8d02cccb01473404a7f122fdb33d3
http://ports.ubuntu.com/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.6-0ubuntu4.2_lpia.deb
Size/MD5: 2281274 d06182072ee3f98ee883c1acb97cc86b
http://ports.ubuntu.com/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.6-0ubuntu4.2_lpia.deb
Size/MD5: 814816 44b569bebd15909ba2aea80b6aa31397
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.6-0ubuntu4.2_powerpc.deb
Size/MD5: 42316 90c7f5f9d32ba62ee02cd5bbbb213856
http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.6-0ubuntu4.2_powerpc.deb
Size/MD5: 2316364 7def44bedaa6c716dd2b77d9a12b42d3
http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.6-0ubuntu4.2_powerpc.deb
Size/MD5: 940822 c3b04ca11a9cdef468b85742873f78bc
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.6-0ubuntu4.2_sparc.deb
Size/MD5: 41486 fa078f615a2364b671b1ebaa8009c0cc
http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.6-0ubuntu4.2_sparc.deb
Size/MD5: 2159272 48974964c0240b55ef60dbdfe8b580d7
http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.6-0ubuntu4.2_sparc.deb
Size/MD5: 869910 b01a21e97dbeff8e6f4fb50b93ac6348
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gst-plugins-good0.10_0.10.7-3ubuntu0.2.diff.gz
Size/MD5: 27150 276829aa6bb50c88f11f24bdd733571e
http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gst-plugins-good0.10_0.10.7-3ubuntu0.2.dsc
Size/MD5: 2161 0ff7385900d3e64a1d4ae44935389ec6
http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gst-plugins-good0.10_0.10.7.orig.tar.gz
Size/MD5: 2679804 2832ded1d6be0356d77689b6ca1b5f83
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-doc_0.10.7-3ubuntu0.2_all.deb
Size/MD5: 150278 a5817f07555b3c1ab41b7af156799ee7
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.7-3ubuntu0.2_amd64.deb
Size/MD5: 45238 910a26a894d4506028cffd046ac8fbba
http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.7-3ubuntu0.2_amd64.deb
Size/MD5: 2409572 33b1f10441a4201d5ae9ee4ca0761923
http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.7-3ubuntu0.2_amd64.deb
Size/MD5: 933134 0e8674f3ce1bccf37e982e3727d94294
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.7-3ubuntu0.2_i386.deb
Size/MD5: 44902 eed5f821f251132f446a846f48304a43
http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.7-3ubuntu0.2_i386.deb
Size/MD5: 2314362 bea2f7f92700f3f2c7fe71a1c43f0754
http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.7-3ubuntu0.2_i386.deb
Size/MD5: 873156 27992e0787ea3aff0a0eb7f59eec5126
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.7-3ubuntu0.2_lpia.deb
Size/MD5: 44736 d4b93548a750b06cc7f40960132ad110
http://ports.ubuntu.com/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.7-3ubuntu0.2_lpia.deb
Size/MD5: 2344270 4778f061096af08462b9657f2cad760d
http://ports.ubuntu.com/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.7-3ubuntu0.2_lpia.deb
Size/MD5: 859928 c9dd5e1f7ecfb11355df506de0b5de1b
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.7-3ubuntu0.2_powerpc.deb
Size/MD5: 45866 f064d1579430aaf24d6a740d7eeeccaa
http://ports.ubuntu.com/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.7-3ubuntu0.2_powerpc.deb
Size/MD5: 2441478 936594dcdcf5ef13553c9630b48d7b64
http://ports.ubuntu.com/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.7-3ubuntu0.2_powerpc.deb
Size/MD5: 992084 085f21a48e8b56ebfaf14700749185b8
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.7-3ubuntu0.2_sparc.deb
Size/MD5: 44946 7681084b96b4458c18554b65cf918663
http://ports.ubuntu.com/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.7-3ubuntu0.2_sparc.deb
Size/MD5: 2281090 0a789144a1997411dfe30968c2ba2610
http://ports.ubuntu.com/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.7-3ubuntu0.2_sparc.deb
Size/MD5: 905338 25313fb1480061615b088ad6ea04c855
Updated packages for Ubuntu 8.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gst-plugins-good0.10_0.10.10.4-1ubuntu1.1.diff.gz
Size/MD5: 33043 87e21ff6758d3f6ab0065c439be185b1
http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gst-plugins-good0.10_0.10.10.4-1ubuntu1.1.dsc
Size/MD5: 2761 5be1823ac44dea0836eb6c318e831abd
http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gst-plugins-good0.10_0.10.10.4.orig.tar.gz
Size/MD5: 3176916 1ed4e64beb386631a127af49a1e05946
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-doc_0.10.10.4-1ubuntu1.1_all.deb
Size/MD5: 189358 3a849665e603ad3bc379f5f522a182f8
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.10.4-1ubuntu1.1_amd64.deb
Size/MD5: 49132 0a5c61831d804c8526876c194a5aa747
http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.10.4-1ubuntu1.1_amd64.deb
Size/MD5: 2972546 852117c1333bbe43abcc6eacdc2d7d94
http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.10.4-1ubuntu1.1_amd64.deb
Size/MD5: 1096762 eee3ab4248ab3b851c32dfe8c40adcbf
http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-pulseaudio_0.10.10.4-1ubuntu1.1_amd64.deb
Size/MD5: 66856 a1f74277a76f4e4c074c4ac0c06322f7
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.10.4-1ubuntu1.1_i386.deb
Size/MD5: 48936 0030f3baa0782e03d5d100e9ca7c550a
http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.10.4-1ubuntu1.1_i386.deb
Size/MD5: 2858450 2f4472fd8310f7f5e5898c0e41520481
http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.10.4-1ubuntu1.1_i386.deb
Size/MD5: 1029396 96e963418d132421d589798a206565ff
http://security.ubuntu.com/ubuntu/pool/main/g/gst-plugins-good0.10/gstreamer0.10-pulseaudio_0.10.10.4-1ubuntu1.1_i386.deb
Size/MD5: 64510 a1c7555097c14614724244efc325bfb9
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.10.4-1ubuntu1.1_lpia.deb
Size/MD5: 48856 0ee1ac631dd62a640c58bc87d6e374e8
http://ports.ubuntu.com/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.10.4-1ubuntu1.1_lpia.deb
Size/MD5: 2900804 eae5ec3f80646dffacc48301c41a20e6
http://ports.ubuntu.com/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.10.4-1ubuntu1.1_lpia.deb
Size/MD5: 1016492 b7eba3f28903c0d61d0a791db9b09f1c
http://ports.ubuntu.com/pool/main/g/gst-plugins-good0.10/gstreamer0.10-pulseaudio_0.10.10.4-1ubuntu1.1_lpia.deb
Size/MD5: 64642 8e9c5e1c9a7a3a48b6f9a4304c84fa62
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.10.4-1ubuntu1.1_powerpc.deb
Size/MD5: 50050 bfaa7fd7f36852c350a0ce1395c46c87
http://ports.ubuntu.com/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.10.4-1ubuntu1.1_powerpc.deb
Size/MD5: 3014048 c868ab28d548dddc588b5de1f810b770
http://ports.ubuntu.com/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.10.4-1ubuntu1.1_powerpc.deb
Size/MD5: 1167788 b5d3e32b28830db199dee7942589dcf5
http://ports.ubuntu.com/pool/main/g/gst-plugins-good0.10/gstreamer0.10-pulseaudio_0.10.10.4-1ubuntu1.1_powerpc.deb
Size/MD5: 66754 14c49f9422b7636307040c23e31368a5
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.10.4-1ubuntu1.1_sparc.deb
Size/MD5: 48984 134c7f2faba095746763c78eacd5d842
http://ports.ubuntu.com/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.10.4-1ubuntu1.1_sparc.deb
Size/MD5: 2806242 aac2251e33f78388f7c376e0c74eca24
http://ports.ubuntu.com/pool/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.10.4-1ubuntu1.1_sparc.deb
Size/MD5: 1074420 0e67127b2b893080e40cbc78c147f6e9
http://ports.ubuntu.com/pool/main/g/gst-plugins-good0.10/gstreamer0.10-pulseaudio_0.10.10.4-1ubuntu1.1_sparc.deb
Size/MD5: 64312 b4c1837a4cfb6559a0729eeef155c57c