[ MDKSA-2006:176 ] - Updated xine-lib packages fix buffer overflow vulnerabilities
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDKSA-2006:176
http://www.mandriva.com/security/
_______________________________________________________________________
Package : xine-lib
Date : September 28, 2006
Affected: 2006.0, 2007.0, Corporate 3.0
_______________________________________________________________________
Problem Description:
Xine-lib uses an embedded copy of ffmpeg and as such has been updated
to address the following issue: Multiple buffer overflows in
libavcodec in ffmpeg before 0.4.9_p20060530 allow remote attackers to
cause a denial of service or possibly execute arbitrary code via
multiple unspecified vectors in (1) dtsdec.c, (2) vorbis.c, (3) rm.c,
(4)sierravmd.c, (5) smacker.c, (6) tta.c, (7) 4xm.c, (8) alac.c, (9)
cook.c, (10)shorten.c, (11) smacker.c, (12) snow.c, and (13) tta.c.
NOTE: it is likely that this is a different vulnerability than
CVE-2005-4048 and CVE-2006-2802.
Updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4800
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2006.0:
d1f80d9b93a76660d51ad5df0c8c2e19
2006.0/i586/libxine1-1.1.0-9.7.20060mdk.i586.rpm
f671d0176cf054d166c1e16e874aaaa2
2006.0/i586/libxine1-devel-1.1.0-9.7.20060mdk.i586.rpm
6f0953a17f812a39f95e3b9287b9e069
2006.0/i586/xine-aa-1.1.0-9.7.20060mdk.i586.rpm
42d3d3fb0dacc20837ce9b29e63ee7b4
2006.0/i586/xine-arts-1.1.0-9.7.20060mdk.i586.rpm
730747a34c5c0b257b491c444e8e5d84
2006.0/i586/xine-dxr3-1.1.0-9.7.20060mdk.i586.rpm
15e53a29ac2538c42ac127004d1ace0a
2006.0/i586/xine-esd-1.1.0-9.7.20060mdk.i586.rpm
9a70a80f3a1bc3cd3d58c21ff84a60bb
2006.0/i586/xine-flac-1.1.0-9.7.20060mdk.i586.rpm
c587a6f90f1e0dae31fd2c168f46f7e0
2006.0/i586/xine-gnomevfs-1.1.0-9.7.20060mdk.i586.rpm
bf556f57f35ae3a70157c925cceeadce
2006.0/i586/xine-image-1.1.0-9.7.20060mdk.i586.rpm
6b902ec1c26032f86733e50c0576db20
2006.0/i586/xine-plugins-1.1.0-9.7.20060mdk.i586.rpm
dc86818eeda6ebe99f4c4736aa26915d
2006.0/i586/xine-polyp-1.1.0-9.7.20060mdk.i586.rpm
0f2d148a0b52157e8598ec42c8f2a3c5
2006.0/i586/xine-smb-1.1.0-9.7.20060mdk.i586.rpm
a1727cb46b7790690d8970371538a767
2006.0/SRPMS/xine-lib-1.1.0-9.7.20060mdk.src.rpm
Mandriva Linux 2006.0/X86_64:
d2072c8ed9dc58f785afa6f091368540
2006.0/x86_64/lib64xine1-1.1.0-9.7.20060mdk.x86_64.rpm
4e89998dece0c89eb08e70ff1c463839
2006.0/x86_64/lib64xine1-devel-1.1.0-9.7.20060mdk.x86_64.rpm
8a85f46ca8642413d262a10ccf9d83f5
2006.0/x86_64/xine-aa-1.1.0-9.7.20060mdk.x86_64.rpm
8d5cf41e362c82ff439ac7f016133e3b
2006.0/x86_64/xine-arts-1.1.0-9.7.20060mdk.x86_64.rpm
59d13f29dce4010c44b7ded12bf72b0c
2006.0/x86_64/xine-dxr3-1.1.0-9.7.20060mdk.x86_64.rpm
ff0e3b94866e27e16c0879466edfe8ad
2006.0/x86_64/xine-esd-1.1.0-9.7.20060mdk.x86_64.rpm
dbe2fc276bb83ebadcd60ffe65695600
2006.0/x86_64/xine-flac-1.1.0-9.7.20060mdk.x86_64.rpm
399b3cf66525e55b29efdd7ab2d16f4e
2006.0/x86_64/xine-gnomevfs-1.1.0-9.7.20060mdk.x86_64.rpm
585d0753c5465c3be61374c633b9a849
2006.0/x86_64/xine-image-1.1.0-9.7.20060mdk.x86_64.rpm
caa986167205f61d3b2cd332de8f9ea9
2006.0/x86_64/xine-plugins-1.1.0-9.7.20060mdk.x86_64.rpm
4c8105732f02c99499743baf3a8bee82
2006.0/x86_64/xine-polyp-1.1.0-9.7.20060mdk.x86_64.rpm
92849a576e00179b379d46ad09ef69c6
2006.0/x86_64/xine-smb-1.1.0-9.7.20060mdk.x86_64.rpm
a1727cb46b7790690d8970371538a767
2006.0/SRPMS/xine-lib-1.1.0-9.7.20060mdk.src.rpm
Mandriva Linux 2007.0:
d404c25c046cb8a33c8ad0e2b2072754
2007.0/i586/libxine1-1.1.2-3.1mdv2007.0.i586.rpm
5cc4212e46690c5910f11bb574e073d3
2007.0/i586/libxine1-devel-1.1.2-3.1mdv2007.0.i586.rpm
ac59fa02078f3989ceb189b96cdef41f
2007.0/i586/xine-aa-1.1.2-3.1mdv2007.0.i586.rpm
86efab30b6c71cb3847b5229ca1067ca
2007.0/i586/xine-arts-1.1.2-3.1mdv2007.0.i586.rpm
3d731488c545b27e1295e758e3f674ac
2007.0/i586/xine-dxr3-1.1.2-3.1mdv2007.0.i586.rpm
c85c713e002fe6009eef3a8ce191ca73
2007.0/i586/xine-esd-1.1.2-3.1mdv2007.0.i586.rpm
af8bf9bd553334e8bce2dbc257fb2ce9
2007.0/i586/xine-flac-1.1.2-3.1mdv2007.0.i586.rpm
8da4facf9142237c874da9790f44e014
2007.0/i586/xine-gnomevfs-1.1.2-3.1mdv2007.0.i586.rpm
da7022eb9498f9dba321893fc35378a4
2007.0/i586/xine-image-1.1.2-3.1mdv2007.0.i586.rpm
6dfe4067a98de2e9344752ec369149bb
2007.0/i586/xine-plugins-1.1.2-3.1mdv2007.0.i586.rpm
89a7386ed3c2b821f9dd2715d23699c2
2007.0/i586/xine-sdl-1.1.2-3.1mdv2007.0.i586.rpm
6a8c17bd9d98744c57ddb5b12d78d197
2007.0/i586/xine-smb-1.1.2-3.1mdv2007.0.i586.rpm
eb3473147c0d7cdfa3b0d48ff37dc61a
2007.0/SRPMS/xine-lib-1.1.2-3.1mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
bdd79df2e0097f84a2f5772c4ca6136f
2007.0/x86_64/lib64xine1-1.1.2-3.1mdv2007.0.x86_64.rpm
6ba8f3c17541fd13ac77d55120758042
2007.0/x86_64/lib64xine1-devel-1.1.2-3.1mdv2007.0.x86_64.rpm
d71799253d4c012e1e3f64d3bc58d7cc
2007.0/x86_64/xine-aa-1.1.2-3.1mdv2007.0.x86_64.rpm
9d39171f79b30e7eb4c8ca2370e483b5
2007.0/x86_64/xine-arts-1.1.2-3.1mdv2007.0.x86_64.rpm
246c0799945641ea013cc41b5409deea
2007.0/x86_64/xine-dxr3-1.1.2-3.1mdv2007.0.x86_64.rpm
dcc81b8d0ba73799019e2d8638d5ec20
2007.0/x86_64/xine-esd-1.1.2-3.1mdv2007.0.x86_64.rpm
f3d6cf4c186265c72b235bf20817de9d
2007.0/x86_64/xine-flac-1.1.2-3.1mdv2007.0.x86_64.rpm
57684a9c46601d685fb2a00bdc01eddd
2007.0/x86_64/xine-gnomevfs-1.1.2-3.1mdv2007.0.x86_64.rpm
fdf75b1bcaecb2f49fddd40d96a75ea7
2007.0/x86_64/xine-image-1.1.2-3.1mdv2007.0.x86_64.rpm
3c8f9ab5f54574b6c1ac04e494597631
2007.0/x86_64/xine-plugins-1.1.2-3.1mdv2007.0.x86_64.rpm
fa5133b6f2543e6de6425efcbd7cd435
2007.0/x86_64/xine-sdl-1.1.2-3.1mdv2007.0.x86_64.rpm
fd42d77bf716df6f53fb3dd4093bdafc
2007.0/x86_64/xine-smb-1.1.2-3.1mdv2007.0.x86_64.rpm
eb3473147c0d7cdfa3b0d48ff37dc61a
2007.0/SRPMS/xine-lib-1.1.2-3.1mdv2007.0.src.rpm
Corporate 3.0:
db41592447e7e73730797aa9bf498ad5
corporate/3.0/i586/libxine1-1-0.rc3.6.13.C30mdk.i586.rpm
84b3f62d20a29c48e8e910b6316bcfb5
corporate/3.0/i586/libxine1-devel-1-0.rc3.6.13.C30mdk.i586.rpm
f805b3d9402c19ab772f80b2e8b1eafc
corporate/3.0/i586/xine-aa-1-0.rc3.6.13.C30mdk.i586.rpm
8825c4a718b38706da515ec6c35ccaba
corporate/3.0/i586/xine-arts-1-0.rc3.6.13.C30mdk.i586.rpm
261649da7010f98bff6a83e690f9c7cc
corporate/3.0/i586/xine-dxr3-1-0.rc3.6.13.C30mdk.i586.rpm
f38a295e8a8fb8c61d7dfd607498c0ad
corporate/3.0/i586/xine-esd-1-0.rc3.6.13.C30mdk.i586.rpm
5a06155242921b82936a1e727ae0f95d
corporate/3.0/i586/xine-flac-1-0.rc3.6.13.C30mdk.i586.rpm
e50866249d9ceacc9a487ea9d7ae42d6
corporate/3.0/i586/xine-gnomevfs-1-0.rc3.6.13.C30mdk.i586.rpm
9c9ddb6cbd1c57cb8f31a29214666b78
corporate/3.0/i586/xine-plugins-1-0.rc3.6.13.C30mdk.i586.rpm
6c87980235f4aaeedb8671384c8542a7
corporate/3.0/SRPMS/xine-lib-1-0.rc3.6.13.C30mdk.src.rpm
Corporate 3.0/X86_64:
3f2792ec38f9f9327a8de63d0d0fa675
corporate/3.0/x86_64/lib64xine1-1-0.rc3.6.13.C30mdk.x86_64.rpm
6c9491f30d6ba186d65e287bc86ad48f
corporate/3.0/x86_64/lib64xine1-devel-1-0.rc3.6.13.C30mdk.x86_64.rpm
83629afd6aa2e9abeb479e7bf8abd969
corporate/3.0/x86_64/xine-aa-1-0.rc3.6.13.C30mdk.x86_64.rpm
bcd60c934b0c514a0e3f877c616b1582
corporate/3.0/x86_64/xine-arts-1-0.rc3.6.13.C30mdk.x86_64.rpm
1ba79beb8e795aefa83a5033e78cd5a8
corporate/3.0/x86_64/xine-esd-1-0.rc3.6.13.C30mdk.x86_64.rpm
43c80a0e726695afe9e9e22fb11e7ceb
corporate/3.0/x86_64/xine-flac-1-0.rc3.6.13.C30mdk.x86_64.rpm
f20e49f4a5b8ee79172b2c2b153f7d9b
corporate/3.0/x86_64/xine-gnomevfs-1-0.rc3.6.13.C30mdk.x86_64.rpm
bea5d059056a9771172fc3b25c04ac5a
corporate/3.0/x86_64/xine-plugins-1-0.rc3.6.13.C30mdk.x86_64.rpm
6c87980235f4aaeedb8671384c8542a7
corporate/3.0/SRPMS/xine-lib-1-0.rc3.6.13.C30mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFFHDosmqjQ0CJFipgRAvIwAJ9ksuDWipI2eiizX1c1z63pikV6ZgCglg46
5adSZ8Y+mHDBnF10FxZxh6Q=
=Eqae
-----END PGP SIGNATURE-----