USN-309-1: libmms vulnerability

6 July 2006

libmms vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 5.10

Software Description

Details

Several buffer overflows were found in libmms. By tricking a user into opening a specially crafted remote multimedia stream with an application using libmms, a remote attacker could overwrite an arbitrary memory portion with zeros, thereby crashing the program.

In Ubuntu 5.10, this affects the GStreamer MMS plugin (gstreamer0.8-mms). Other Ubuntu releases do not support this library.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 5.10
libmms0 - 0.1-0ubuntu1.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system upgrade is sufficient to effect the necessary changes.

References