MDKSA-2005:011 - Updated xine packages fix multiple vulnerabilities
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: xine-lib
Advisory ID: MDKSA-2005:011
Date: January 19th, 2005
Affected versions: 10.0, 10.1
______________________________________________________________________
Problem Description:
iDefense discovered that the PNA_TAG handling code in pnm_get_chunk()
does not check if the input size is larger than the buffer size
(CAN-2004-1187). As well, they discovered that in this same function,
a negative value could be given to an unsigned variable that specifies
the read length of input data (CAN-2004-1188).
Ariel Berkman discovered that xine-lib reads specific input data into
an array without checking the input size making it vulnerable to a
buffer overflow problem (CAN-2004-1300).
The updated packages have been patched to prevent these problems.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1188
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1300
http://xinehq.de/index.php/security/XSA-2004-6
http://xinehq.de/index.php/security/XSA-2004-7
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.0:
04cf16b28902e4591e11ae72fd87d662
10.0/RPMS/libxine1-1-0.rc3.6.3.100mdk.i586.rpm
b4229121fb5e1c2e8e3150fb770d20b1
10.0/RPMS/libxine1-devel-1-0.rc3.6.3.100mdk.i586.rpm
dedf902f1106a5d2962169e0d384484b 10.0/RPMS/xine-aa-1-0.rc3.6.3.100mdk.i586.rpm
0e794be9dcbe0d7df7ac7023f90b9ce7
10.0/RPMS/xine-arts-1-0.rc3.6.3.100mdk.i586.rpm
e2129af73ff087513cf3e206b6243a22
10.0/RPMS/xine-dxr3-1-0.rc3.6.3.100mdk.i586.rpm
465023e0d347cc68e50cd18e7e035d7f
10.0/RPMS/xine-esd-1-0.rc3.6.3.100mdk.i586.rpm
3aba7156985636b52cf388ee65efa61a
10.0/RPMS/xine-flac-1-0.rc3.6.3.100mdk.i586.rpm
442d828c5c5c477fb4056eec27ac99ac
10.0/RPMS/xine-gnomevfs-1-0.rc3.6.3.100mdk.i586.rpm
73e2c9d0af08f7af594897963ad2acee
10.0/RPMS/xine-plugins-1-0.rc3.6.3.100mdk.i586.rpm
987634217ee50058b309ce153c0d71cd
10.0/SRPMS/xine-lib-1-0.rc3.6.3.100mdk.src.rpm
Mandrakelinux 10.0/AMD64:
66d763149801966fb38c9a07666eced3
amd64/10.0/RPMS/lib64xine1-1-0.rc3.6.3.100mdk.amd64.rpm
486eaa41ea24dc895ab68a7221efa641
amd64/10.0/RPMS/lib64xine1-devel-1-0.rc3.6.3.100mdk.amd64.rpm
5b454fdc3cc84ce2bd9aa8d4495971af
amd64/10.0/RPMS/xine-aa-1-0.rc3.6.3.100mdk.amd64.rpm
f8a5ce8ccdb495f23c879a58dc4a005b
amd64/10.0/RPMS/xine-arts-1-0.rc3.6.3.100mdk.amd64.rpm
aa3a3a29c478a444bbcb4fe7f48d217c
amd64/10.0/RPMS/xine-esd-1-0.rc3.6.3.100mdk.amd64.rpm
051f953d91864f0609d55d9f5d13c545
amd64/10.0/RPMS/xine-flac-1-0.rc3.6.3.100mdk.amd64.rpm
7288d9764ff125053834cc3cbc56618b
amd64/10.0/RPMS/xine-gnomevfs-1-0.rc3.6.3.100mdk.amd64.rpm
8c11dd4c0453b8236494df5e177985b0
amd64/10.0/RPMS/xine-plugins-1-0.rc3.6.3.100mdk.amd64.rpm
987634217ee50058b309ce153c0d71cd
amd64/10.0/SRPMS/xine-lib-1-0.rc3.6.3.100mdk.src.rpm
Mandrakelinux 10.1:
dc10ced310a94ac2b1cdaa26d5065309
10.1/RPMS/libxine1-1-0.rc5.9.1.101mdk.i586.rpm
2ff06644e8ba40de686faea2870be099
10.1/RPMS/libxine1-devel-1-0.rc5.9.1.101mdk.i586.rpm
dab77c7bb2d958fb34fd07dd525b7026 10.1/RPMS/xine-aa-1-0.rc5.9.1.101mdk.i586.rpm
c0daf0f0835a0831251e725edb491d98
10.1/RPMS/xine-arts-1-0.rc5.9.1.101mdk.i586.rpm
a9d901fa51bd439c5e6b54fb799afcde
10.1/RPMS/xine-dxr3-1-0.rc5.9.1.101mdk.i586.rpm
6e2e9ac54916eb1409347968bddc0903
10.1/RPMS/xine-esd-1-0.rc5.9.1.101mdk.i586.rpm
954f717131a3079ea5dff56ab3a20a8e
10.1/RPMS/xine-flac-1-0.rc5.9.1.101mdk.i586.rpm
72a82036a27f6bed29412b81417603eb
10.1/RPMS/xine-gnomevfs-1-0.rc5.9.1.101mdk.i586.rpm
a76f9f553c97aa55fe4849225d7921a2
10.1/RPMS/xine-plugins-1-0.rc5.9.1.101mdk.i586.rpm
dab247b679d8cb6f7bdf06b71d5e54b8
10.1/SRPMS/xine-lib-1-0.rc5.9.1.101mdk.src.rpm
Mandrakelinux 10.1/X86_64:
5cfbd8787d4c8e0207437f048d5994a4
x86_64/10.1/RPMS/lib64xine1-1-0.rc5.9.1.101mdk.x86_64.rpm
8a4b9b26b8b58fd29477a6b260bd79c6
x86_64/10.1/RPMS/lib64xine1-devel-1-0.rc5.9.1.101mdk.x86_64.rpm
c2bc72cfbfe95f18a6ae0b18b98807c8
x86_64/10.1/RPMS/xine-aa-1-0.rc5.9.1.101mdk.x86_64.rpm
7f059dfbc7e445a255510c9a5a7338b7
x86_64/10.1/RPMS/xine-arts-1-0.rc5.9.1.101mdk.x86_64.rpm
53b293f453695e7104a1ae593f79608a
x86_64/10.1/RPMS/xine-dxr3-1-0.rc5.9.1.101mdk.x86_64.rpm
6efb0ca6be7650e60961e13f479b117a
x86_64/10.1/RPMS/xine-esd-1-0.rc5.9.1.101mdk.x86_64.rpm
4caa5c113d95773e4ca462b69bb17e76
x86_64/10.1/RPMS/xine-flac-1-0.rc5.9.1.101mdk.x86_64.rpm
ba0f5f739785622cac85034055fa7304
x86_64/10.1/RPMS/xine-gnomevfs-1-0.rc5.9.1.101mdk.x86_64.rpm
d3c1a9cca1ae3800d72f82486b26f0e1
x86_64/10.1/RPMS/xine-plugins-1-0.rc5.9.1.101mdk.x86_64.rpm
dab247b679d8cb6f7bdf06b71d5e54b8
x86_64/10.1/SRPMS/xine-lib-1-0.rc5.9.1.101mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandrakesoft for security. You can obtain
the GPG public key of the Mandrakelinux Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandrakelinux at:
http://www.mandrakesoft.com/security/advisories
If you want to report vulnerabilities, please contact
security_linux-mandrake.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFB7tremqjQ0CJFipgRAr0HAJ97WOzp9JCz/lQhgCvOi2yyRojHcACeOw+A
7Tq28VFsghjETZ2Mu2DVTLM=
=awHr
-----END PGP SIGNATURE-----