<<< Date Index >>>     <<< Thread Index >>>

[ MDVSA-2008:177 ] xine-lib



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2008:177
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : xine-lib
 Date    : August 20, 2008
 Affected: 2008.1
 _______________________________________________________________________

 Problem Description:

 Guido Landi found A stack-based buffer overflow in xine-lib
 that could allow a remote attacker to cause a denial of service
 (crash) and potentially execute arbitrary code via a long NSF title
 (CVE-2008-1878).
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1878
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.1:
 10db71c6a43508d36ba8d93f290f72d6  
2008.1/i586/libxine1-1.1.11.1-4.2mdv2008.1.i586.rpm
 106e82cbd1e2ed40f533fe6d28f2ccfb  
2008.1/i586/libxine-devel-1.1.11.1-4.2mdv2008.1.i586.rpm
 80f94cbfc8be99ea04de884066a5b95e  
2008.1/i586/xine-aa-1.1.11.1-4.2mdv2008.1.i586.rpm
 9d42258f0e3ae0128d054ae53805cbd8  
2008.1/i586/xine-caca-1.1.11.1-4.2mdv2008.1.i586.rpm
 31d7177e7ae1b81e89fc28811ba4567e  
2008.1/i586/xine-dxr3-1.1.11.1-4.2mdv2008.1.i586.rpm
 b0a98953adc702b1921135412ad603cd  
2008.1/i586/xine-esd-1.1.11.1-4.2mdv2008.1.i586.rpm
 086ee1475478bd3e64a3dc4b9f677dcd  
2008.1/i586/xine-flac-1.1.11.1-4.2mdv2008.1.i586.rpm
 43e7881b465be3ed1df25247af758692  
2008.1/i586/xine-gnomevfs-1.1.11.1-4.2mdv2008.1.i586.rpm
 e07999dc5149e38ed39a778e46298523  
2008.1/i586/xine-image-1.1.11.1-4.2mdv2008.1.i586.rpm
 fdc64b384993234582716d49beadd3e0  
2008.1/i586/xine-jack-1.1.11.1-4.2mdv2008.1.i586.rpm
 6ec501e08df57145bcf1eeb4730f43dd  
2008.1/i586/xine-plugins-1.1.11.1-4.2mdv2008.1.i586.rpm
 6d0a6630688d65cad364fb4b60449867  
2008.1/i586/xine-pulse-1.1.11.1-4.2mdv2008.1.i586.rpm
 cb42e25b94a5c6bbf640878cedef4ab1  
2008.1/i586/xine-sdl-1.1.11.1-4.2mdv2008.1.i586.rpm
 61dc627d3b187ba4cf0281b956b7fa56  
2008.1/i586/xine-smb-1.1.11.1-4.2mdv2008.1.i586.rpm
 b032fa9c5083bcc6130b550983efb024  
2008.1/i586/xine-wavpack-1.1.11.1-4.2mdv2008.1.i586.rpm 
 b8c89ebf6906c01d471205934bcdcfd3  
2008.1/SRPMS/xine-lib-1.1.11.1-4.2mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 a9ff3e2ff6df1a32a53f5c18d4f0385a  
2008.1/x86_64/lib64xine1-1.1.11.1-4.2mdv2008.1.x86_64.rpm
 87c32e02d5cd1fb408e934a2dc3007ba  
2008.1/x86_64/lib64xine-devel-1.1.11.1-4.2mdv2008.1.x86_64.rpm
 59375c9ce1868bb410b03851d6798718  
2008.1/x86_64/xine-aa-1.1.11.1-4.2mdv2008.1.x86_64.rpm
 f45bcfce4d66d8a2b683371dd7030e37  
2008.1/x86_64/xine-caca-1.1.11.1-4.2mdv2008.1.x86_64.rpm
 4775483c71308e162ef87b99ac303d90  
2008.1/x86_64/xine-dxr3-1.1.11.1-4.2mdv2008.1.x86_64.rpm
 bdb716d2e1bd7477a78cba9725b93b90  
2008.1/x86_64/xine-esd-1.1.11.1-4.2mdv2008.1.x86_64.rpm
 5bfe733f4a30232c91c573238fc3beb2  
2008.1/x86_64/xine-flac-1.1.11.1-4.2mdv2008.1.x86_64.rpm
 7ac3d2c4b723f5e72727d8719d50b35c  
2008.1/x86_64/xine-gnomevfs-1.1.11.1-4.2mdv2008.1.x86_64.rpm
 401c5dbc008597aa06774b3eeb02e57d  
2008.1/x86_64/xine-image-1.1.11.1-4.2mdv2008.1.x86_64.rpm
 2957efe6941036a9f97621068587614f  
2008.1/x86_64/xine-jack-1.1.11.1-4.2mdv2008.1.x86_64.rpm
 acdba1ff341e79ce14b31aeecfb5d573  
2008.1/x86_64/xine-plugins-1.1.11.1-4.2mdv2008.1.x86_64.rpm
 0b5a46d078f22d304e413e7772992903  
2008.1/x86_64/xine-pulse-1.1.11.1-4.2mdv2008.1.x86_64.rpm
 312ef813d09a5dfd7456e9a3a500fc06  
2008.1/x86_64/xine-sdl-1.1.11.1-4.2mdv2008.1.x86_64.rpm
 ad61d3fd3e66e92f18464e5622cba4c3  
2008.1/x86_64/xine-smb-1.1.11.1-4.2mdv2008.1.x86_64.rpm
 74380a1f6f47ae4ba8f88031b39304a5  
2008.1/x86_64/xine-wavpack-1.1.11.1-4.2mdv2008.1.x86_64.rpm 
 b8c89ebf6906c01d471205934bcdcfd3  
2008.1/SRPMS/xine-lib-1.1.11.1-4.2mdv2008.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFIrLcLmqjQ0CJFipgRAp23AJ49CR1uJr/8p9/aV9YmWSCeR7C0iwCg4QCI
bvyTd48CZg+Yaqi3nHJHXU4=
=CBFe
-----END PGP SIGNATURE-----