<<< Date Index >>>     <<< Thread Index >>>

[ MDKSA-2006:108 ] - Updated xine-lib packages fix buffer overflow vulnerabilities



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:108
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : xine-lib
 Date    : June 20, 2006
 Affected: 10.2, 2006.0, Corporate 3.0
 _______________________________________________________________________
 
 Problem Description:
 
 A buffer overflow in the HTTP Plugin (xineplug_inp_http.so) for xine-lib 
 1.1.1 allows remote attackers to cause a denial of service (application 
 crash) via a long reply from an HTTP server, as demonstrated using gxine 
 0.5.6. (CVE-2006-2802)
 
 In addition, a possible buffer overflow exists in the AVI demuxer,
 similar in nature to CVE-2006-1502 for MPlayer. The Corporate 3 release
 of xine-lib does not have this issue.
 
 The updated packages have been patched to correct these issues.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2802
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 10.2:
 d681a8b19b18a2dc5452e7df07e83e3f  10.2/RPMS/libxine1-1.0-8.3.102mdk.i586.rpm
 fff9e7c0837d2231a6e3b2654f383e9d  
10.2/RPMS/libxine1-devel-1.0-8.3.102mdk.i586.rpm
 7e92134803618e43514f24b3709b4c55  10.2/RPMS/xine-aa-1.0-8.3.102mdk.i586.rpm
 0ced315ae520ab8530e577d80b618bf3  10.2/RPMS/xine-arts-1.0-8.3.102mdk.i586.rpm
 7e5c2fe58c56877e0b58e77c61f7a600  10.2/RPMS/xine-dxr3-1.0-8.3.102mdk.i586.rpm
 2c16e0b8e7bb0d481f834fcf90749c66  10.2/RPMS/xine-esd-1.0-8.3.102mdk.i586.rpm
 473b446c63ea1a698f82465925161c63  10.2/RPMS/xine-flac-1.0-8.3.102mdk.i586.rpm
 07709eec2ca1e86350f966122752c175  
10.2/RPMS/xine-gnomevfs-1.0-8.3.102mdk.i586.rpm
 63a0d2f3244334e66e36b267100bd7b5  
10.2/RPMS/xine-plugins-1.0-8.3.102mdk.i586.rpm
 17c00929f7ae10ba2c7ebe8460396c6b  10.2/RPMS/xine-polyp-1.0-8.3.102mdk.i586.rpm
 6d8bda0b35bb615d458053a5489f4e8e  10.2/RPMS/xine-smb-1.0-8.3.102mdk.i586.rpm
 5efc378a2f15f33f080d938d27100861  10.2/SRPMS/xine-lib-1.0-8.3.102mdk.src.rpm

 Mandriva Linux 10.2/X86_64:
 4d21ed79acf486e861842133747594ae  
x86_64/10.2/RPMS/lib64xine1-1.0-8.3.102mdk.x86_64.rpm
 20132d26d3a57c55992fe580333f74fe  
x86_64/10.2/RPMS/lib64xine1-devel-1.0-8.3.102mdk.x86_64.rpm
 13bf0e99dbb3e4ec88848dfd59e6961f  
x86_64/10.2/RPMS/xine-aa-1.0-8.3.102mdk.x86_64.rpm
 78cf2f4087c17f330499b5448e502865  
x86_64/10.2/RPMS/xine-arts-1.0-8.3.102mdk.x86_64.rpm
 c1c17f1c4373837dff5d22b3cf2391ce  
x86_64/10.2/RPMS/xine-dxr3-1.0-8.3.102mdk.x86_64.rpm
 3aa27fd3bd5817d1fc75410dd0508aef  
x86_64/10.2/RPMS/xine-esd-1.0-8.3.102mdk.x86_64.rpm
 6156eb751055ec1b6f2f6a578d7dff12  
x86_64/10.2/RPMS/xine-flac-1.0-8.3.102mdk.x86_64.rpm
 0e8c7357b1ab03f5f117e4033b4e5d77  
x86_64/10.2/RPMS/xine-gnomevfs-1.0-8.3.102mdk.x86_64.rpm
 6f9cf73474c200b3d50e48b53a3fd5f6  
x86_64/10.2/RPMS/xine-plugins-1.0-8.3.102mdk.x86_64.rpm
 3a8520e98e7acdf6f30dda1b12f76664  
x86_64/10.2/RPMS/xine-polyp-1.0-8.3.102mdk.x86_64.rpm
 8de73b5ea3c73607138581175e0670c1  
x86_64/10.2/RPMS/xine-smb-1.0-8.3.102mdk.x86_64.rpm
 5efc378a2f15f33f080d938d27100861  
x86_64/10.2/SRPMS/xine-lib-1.0-8.3.102mdk.src.rpm

 Mandriva Linux 2006.0:
 904b1e86d75ee4bfa8281502b8d8dd60  
2006.0/RPMS/libxine1-1.1.0-9.3.20060mdk.i586.rpm
 ddae938ae14b61dc19311e3b1c43c732  
2006.0/RPMS/libxine1-devel-1.1.0-9.3.20060mdk.i586.rpm
 52d14f097de9909ae7fa7cb4cc079a69  
2006.0/RPMS/xine-aa-1.1.0-9.3.20060mdk.i586.rpm
 723156ddabd5ee3f88693e578d96e56d  
2006.0/RPMS/xine-arts-1.1.0-9.3.20060mdk.i586.rpm
 5f28c1bc6bf0688c6ecb260e00531846  
2006.0/RPMS/xine-dxr3-1.1.0-9.3.20060mdk.i586.rpm
 84dd3acde96126f2b6f0146a0a24dade  
2006.0/RPMS/xine-esd-1.1.0-9.3.20060mdk.i586.rpm
 3d216fdcc4bd0c0e768b6d779a0e1d49  
2006.0/RPMS/xine-flac-1.1.0-9.3.20060mdk.i586.rpm
 3a62513a70e360c38f3c82ea2d3e7310  
2006.0/RPMS/xine-gnomevfs-1.1.0-9.3.20060mdk.i586.rpm
 7e044bd1b04ee2531f5f5cd4fe7daad3  
2006.0/RPMS/xine-image-1.1.0-9.3.20060mdk.i586.rpm
 d75c1fcc21a53f88c5abe88497968421  
2006.0/RPMS/xine-plugins-1.1.0-9.3.20060mdk.i586.rpm
 dabedf3272f152fb60bb5a413050c7e0  
2006.0/RPMS/xine-polyp-1.1.0-9.3.20060mdk.i586.rpm
 e1885c8818bafdd885f96eaf8c12ef7f  
2006.0/RPMS/xine-smb-1.1.0-9.3.20060mdk.i586.rpm
 ff8503a1b8087bc9181f07678438553d  
2006.0/SRPMS/xine-lib-1.1.0-9.3.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 bfe9c3b5b5df347001df5cfd0bb2f644  
x86_64/2006.0/RPMS/lib64xine1-1.1.0-9.3.20060mdk.x86_64.rpm
 94d8aa7a860ba4aa93f655c09ad1c366  
x86_64/2006.0/RPMS/lib64xine1-devel-1.1.0-9.3.20060mdk.x86_64.rpm
 0a4c15b7e94af988af673273e8258328  
x86_64/2006.0/RPMS/xine-aa-1.1.0-9.3.20060mdk.x86_64.rpm
 299d73e1d222b28c1c2901896e2507ed  
x86_64/2006.0/RPMS/xine-arts-1.1.0-9.3.20060mdk.x86_64.rpm
 26add5380db72a42ef9bd67508f48dad  
x86_64/2006.0/RPMS/xine-dxr3-1.1.0-9.3.20060mdk.x86_64.rpm
 51cb6ba50f28b1868691460376639a6c  
x86_64/2006.0/RPMS/xine-esd-1.1.0-9.3.20060mdk.x86_64.rpm
 e970668f572b7e7a62530b778b3fb493  
x86_64/2006.0/RPMS/xine-flac-1.1.0-9.3.20060mdk.x86_64.rpm
 f5293bf40bd328e14c1291c68237b1d8  
x86_64/2006.0/RPMS/xine-gnomevfs-1.1.0-9.3.20060mdk.x86_64.rpm
 537a00c6c9509a99d9112440dd49e7d1  
x86_64/2006.0/RPMS/xine-image-1.1.0-9.3.20060mdk.x86_64.rpm
 8b752a25e5220b0a846a44f16789b7c9  
x86_64/2006.0/RPMS/xine-plugins-1.1.0-9.3.20060mdk.x86_64.rpm
 b66deaeca87b2e72508e1ca72024f59e  
x86_64/2006.0/RPMS/xine-polyp-1.1.0-9.3.20060mdk.x86_64.rpm
 e89abe16a92fc7fa2cafc9e0ab031ac5  
x86_64/2006.0/RPMS/xine-smb-1.1.0-9.3.20060mdk.x86_64.rpm
 ff8503a1b8087bc9181f07678438553d  
x86_64/2006.0/SRPMS/xine-lib-1.1.0-9.3.20060mdk.src.rpm

 Corporate 3.0:
 66d0662ba00565b4476925a9902d0f9a  
corporate/3.0/RPMS/libxine1-1-0.rc3.6.9.C30mdk.i586.rpm
 2a084d80fe44d600fe0e609cde830539  
corporate/3.0/RPMS/libxine1-devel-1-0.rc3.6.9.C30mdk.i586.rpm
 b57f175e35f525f6b6b753823fc325d2  
corporate/3.0/RPMS/xine-aa-1-0.rc3.6.9.C30mdk.i586.rpm
 e0d664e3fc1a2b8d99102e24c496a272  
corporate/3.0/RPMS/xine-arts-1-0.rc3.6.9.C30mdk.i586.rpm
 38c038ef6e7d075308c4a2611b3f584c  
corporate/3.0/RPMS/xine-dxr3-1-0.rc3.6.9.C30mdk.i586.rpm
 6afecd5f975522201bec5646fbd2ae21  
corporate/3.0/RPMS/xine-esd-1-0.rc3.6.9.C30mdk.i586.rpm
 c8895ac5be58e07ed8cd15cd81e350e6  
corporate/3.0/RPMS/xine-flac-1-0.rc3.6.9.C30mdk.i586.rpm
 c255ed0880402fe216f217056c9672ea  
corporate/3.0/RPMS/xine-gnomevfs-1-0.rc3.6.9.C30mdk.i586.rpm
 b61bb1c61c95522f1dd5757fa3bd4a71  
corporate/3.0/RPMS/xine-plugins-1-0.rc3.6.9.C30mdk.i586.rpm
 d0a1c45466bb122ec7e4fb9caefa2cad  
corporate/3.0/SRPMS/xine-lib-1-0.rc3.6.9.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 6b61bb4adaf12bcbf3b0a499321eaad0  
x86_64/corporate/3.0/RPMS/lib64xine1-1-0.rc3.6.9.C30mdk.x86_64.rpm
 de9ab25205ea761b93a80167a580f833  
x86_64/corporate/3.0/RPMS/lib64xine1-devel-1-0.rc3.6.9.C30mdk.x86_64.rpm
 21cff9416555046fbb635597c21488ee  
x86_64/corporate/3.0/RPMS/xine-aa-1-0.rc3.6.9.C30mdk.x86_64.rpm
 ae45767a2cec62c5bd4881cfd6128679  
x86_64/corporate/3.0/RPMS/xine-arts-1-0.rc3.6.9.C30mdk.x86_64.rpm
 b936148403fc056d0c6427de93dd43e9  
x86_64/corporate/3.0/RPMS/xine-esd-1-0.rc3.6.9.C30mdk.x86_64.rpm
 077ef2b064905109f8dc9f0473fb92e2  
x86_64/corporate/3.0/RPMS/xine-flac-1-0.rc3.6.9.C30mdk.x86_64.rpm
 0524630808f7398834e8234ddcbef63e  
x86_64/corporate/3.0/RPMS/xine-gnomevfs-1-0.rc3.6.9.C30mdk.x86_64.rpm
 438c3ca4e2050d253d6d0108db150811  
x86_64/corporate/3.0/RPMS/xine-plugins-1-0.rc3.6.9.C30mdk.x86_64.rpm
 d0a1c45466bb122ec7e4fb9caefa2cad  
x86_64/corporate/3.0/SRPMS/xine-lib-1-0.rc3.6.9.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEmHBfmqjQ0CJFipgRAlbUAKDUUil0PlZfHc0NjOkdEi0QXQf11ACcC+FW
E+NQPFSVEummnHm6+6kmdxU=
=ft5m
-----END PGP SIGNATURE-----