<<< Date Index >>>     <<< Thread Index >>>

[ MDKSA-2006:121 ] - Updated xine-lib packages fix buffer overflow vulnerability



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:121
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : xine-lib
 Date    : July 12, 2006
 Affected: 2006.0, Corporate 3.0
 _______________________________________________________________________
 
 Problem Description:
 
 Stack-based buffer overflow in MiMMS 0.0.9 allows remote attackers to cause 
 a denial of service (application crash) and possibly execute arbitrary code 
 via the (1) send_command, (2) string_utf16, (3) get_data, and (4) 
 get_media_packet functions, and possibly other functions. Xine-lib contains
 an embedded copy of the same vulnerable code. 
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2200
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2006.0:
 34c23d8a858d2a2687297e25618c7b04  
2006.0/RPMS/libxine1-1.1.0-9.6.20060mdk.i586.rpm
 57f9a069b8fc968a12ce24605390c1f1  
2006.0/RPMS/libxine1-devel-1.1.0-9.6.20060mdk.i586.rpm
 7c2652ce586d087793536649d7da6966  
2006.0/RPMS/xine-aa-1.1.0-9.6.20060mdk.i586.rpm
 37eff9bda8595acfbaf80e0998db1c9e  
2006.0/RPMS/xine-arts-1.1.0-9.6.20060mdk.i586.rpm
 e5672e6558978051f6878dea6ba961b5  
2006.0/RPMS/xine-dxr3-1.1.0-9.6.20060mdk.i586.rpm
 6527706516fb99a53f82d2c8c4b2e5f8  
2006.0/RPMS/xine-esd-1.1.0-9.6.20060mdk.i586.rpm
 10d172825fdd5dd2dd92dfafd5d60e23  
2006.0/RPMS/xine-flac-1.1.0-9.6.20060mdk.i586.rpm
 87b9a38b877b67f0ac0ee4f58ed50983  
2006.0/RPMS/xine-gnomevfs-1.1.0-9.6.20060mdk.i586.rpm
 8656ea92b3fca51e2fad861ea963b14d  
2006.0/RPMS/xine-image-1.1.0-9.6.20060mdk.i586.rpm
 6a538ee35d785dfc7ea64a03c20060da  
2006.0/RPMS/xine-plugins-1.1.0-9.6.20060mdk.i586.rpm
 9defa64950f2feebab9dda16d35523cb  
2006.0/RPMS/xine-polyp-1.1.0-9.6.20060mdk.i586.rpm
 d207307cb338b46edd703797b693ea24  
2006.0/RPMS/xine-smb-1.1.0-9.6.20060mdk.i586.rpm
 4dc1623162c6092eb10c755ed2c5366a  
2006.0/SRPMS/xine-lib-1.1.0-9.6.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 8798915891b79ac134565f8ede0653b1  
x86_64/2006.0/RPMS/lib64xine1-1.1.0-9.6.20060mdk.x86_64.rpm
 dcd2eb828f921b04206124835eeada8e  
x86_64/2006.0/RPMS/lib64xine1-devel-1.1.0-9.6.20060mdk.x86_64.rpm
 a933644c1c56d642a5d576cb217d0356  
x86_64/2006.0/RPMS/xine-aa-1.1.0-9.6.20060mdk.x86_64.rpm
 238d8526e618dff3aa31e223c14ce432  
x86_64/2006.0/RPMS/xine-arts-1.1.0-9.6.20060mdk.x86_64.rpm
 d9f0269ae701936ce27b6515e5c73ac1  
x86_64/2006.0/RPMS/xine-dxr3-1.1.0-9.6.20060mdk.x86_64.rpm
 4683507048ec6535c2c5f63997ec719d  
x86_64/2006.0/RPMS/xine-esd-1.1.0-9.6.20060mdk.x86_64.rpm
 bc649ad82f11c8422f1e9fb711dd4803  
x86_64/2006.0/RPMS/xine-flac-1.1.0-9.6.20060mdk.x86_64.rpm
 52fe1d4ddeeea6ec91a776ccacf5df19  
x86_64/2006.0/RPMS/xine-gnomevfs-1.1.0-9.6.20060mdk.x86_64.rpm
 348cc9ecf59e378b3d1c6aa12a35f9b9  
x86_64/2006.0/RPMS/xine-image-1.1.0-9.6.20060mdk.x86_64.rpm
 d2f2300e0bd4e4e210bbfae485c07624  
x86_64/2006.0/RPMS/xine-plugins-1.1.0-9.6.20060mdk.x86_64.rpm
 afca19bc708fc5964c19fff3a2d16286  
x86_64/2006.0/RPMS/xine-polyp-1.1.0-9.6.20060mdk.x86_64.rpm
 ba7c60488a4459066ba4ed08046ce48c  
x86_64/2006.0/RPMS/xine-smb-1.1.0-9.6.20060mdk.x86_64.rpm
 4dc1623162c6092eb10c755ed2c5366a  
x86_64/2006.0/SRPMS/xine-lib-1.1.0-9.6.20060mdk.src.rpm

 Corporate 3.0:
 1390c15ca893041af1076e6a02d14f47  
corporate/3.0/RPMS/libxine1-1-0.rc3.6.12.C30mdk.i586.rpm
 ecc53b859629edd48ef27b477332889e  
corporate/3.0/RPMS/libxine1-devel-1-0.rc3.6.12.C30mdk.i586.rpm
 a4d85795d05266793fa61ba6bc986aa6  
corporate/3.0/RPMS/xine-aa-1-0.rc3.6.12.C30mdk.i586.rpm
 4dd4249d6b1911501ddcfa1ef36470af  
corporate/3.0/RPMS/xine-arts-1-0.rc3.6.12.C30mdk.i586.rpm
 c9a3f82dad17f32a6ab6c0b1926c52c1  
corporate/3.0/RPMS/xine-dxr3-1-0.rc3.6.12.C30mdk.i586.rpm
 c40b65dd7cde826b8bfa5fb5720d15ed  
corporate/3.0/RPMS/xine-esd-1-0.rc3.6.12.C30mdk.i586.rpm
 2a257f092fe4b304be7e358230aa0361  
corporate/3.0/RPMS/xine-flac-1-0.rc3.6.12.C30mdk.i586.rpm
 b04b482c8693272f7ead71ac3ce91e7f  
corporate/3.0/RPMS/xine-gnomevfs-1-0.rc3.6.12.C30mdk.i586.rpm
 ae63549d198004056aacacee5b2ccbef  
corporate/3.0/RPMS/xine-plugins-1-0.rc3.6.12.C30mdk.i586.rpm
 d8fe8f9dff1190413e81e82e67762462  
corporate/3.0/SRPMS/xine-lib-1-0.rc3.6.12.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 aad2ac9345e05d900910b8beade5ff21  
x86_64/corporate/3.0/RPMS/lib64xine1-1-0.rc3.6.12.C30mdk.x86_64.rpm
 b9540819f0250a2924297ce0388f6202  
x86_64/corporate/3.0/RPMS/lib64xine1-devel-1-0.rc3.6.12.C30mdk.x86_64.rpm
 53cc9dc911be64bf8764d76262df4a44  
x86_64/corporate/3.0/RPMS/xine-aa-1-0.rc3.6.12.C30mdk.x86_64.rpm
 280b7a7ceb168225d30eb97e95f45fb6  
x86_64/corporate/3.0/RPMS/xine-arts-1-0.rc3.6.12.C30mdk.x86_64.rpm
 4e3811096df50e37e6b10f3eedafb0be  
x86_64/corporate/3.0/RPMS/xine-esd-1-0.rc3.6.12.C30mdk.x86_64.rpm
 e1e703b0f81edc6399225c6652049519  
x86_64/corporate/3.0/RPMS/xine-flac-1-0.rc3.6.12.C30mdk.x86_64.rpm
 14ce60de521e86ae7755c74a3c845d73  
x86_64/corporate/3.0/RPMS/xine-gnomevfs-1-0.rc3.6.12.C30mdk.x86_64.rpm
 f95f6a3222ef533ea13637cd8d9ff737  
x86_64/corporate/3.0/RPMS/xine-plugins-1-0.rc3.6.12.C30mdk.x86_64.rpm
 d8fe8f9dff1190413e81e82e67762462  
x86_64/corporate/3.0/SRPMS/xine-lib-1-0.rc3.6.12.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEtTcXmqjQ0CJFipgRAqSMAKCgYu5Rj5uiU1ZXdDurg4O8HjMRoACcDF4O
gECJMRGglbqZVCVnyNwn7NA=
=E8fg
-----END PGP SIGNATURE-----