lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 08 Mar 2007 08:03:24 -0700
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDKSA-2007:057 ] - Updated xine-lib packages to
	address buffer overflow vulnerability


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2007:057
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : xine-lib
 Date    : March 8, 2007
 Affected: 2007.0, Corporate 3.0
 _______________________________________________________________________
 
 Problem Description:
 
 The DMO_VideoDecoder_Open function in dmo/DMO_VideoDecoder.c in
 xine-lib does not set the biSize before use in a memcpy, which allows
 user-assisted remote attackers to cause a buffer overflow and possibly
 execute arbitrary code.
 
 Updated packages have been patched to address this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1246
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 241273125b4e2014a0fa1580c7ed0413  2007.0/i586/libxine1-1.1.2-3.3mdv2007.0.i586.rpm
 e2855220283ec658301068cf00bb266a  2007.0/i586/libxine1-devel-1.1.2-3.3mdv2007.0.i586.rpm
 b98b3376e156fb87a34f30aad34e65e5  2007.0/i586/xine-aa-1.1.2-3.3mdv2007.0.i586.rpm
 88d1b8d538dcff220bf528674d0bf5b0  2007.0/i586/xine-arts-1.1.2-3.3mdv2007.0.i586.rpm
 ce54bd05bd941b2224c549bf685c0a08  2007.0/i586/xine-dxr3-1.1.2-3.3mdv2007.0.i586.rpm
 0e33ea09058a1cd82fd8720278243c14  2007.0/i586/xine-esd-1.1.2-3.3mdv2007.0.i586.rpm
 0e8c92ffdc4c3c8073531a72a47da8ca  2007.0/i586/xine-flac-1.1.2-3.3mdv2007.0.i586.rpm
 3d7eb8f9a5f45ddebd7ccc20cec808f0  2007.0/i586/xine-gnomevfs-1.1.2-3.3mdv2007.0.i586.rpm
 5a1390613c4505b2bfcd326ff0156b0c  2007.0/i586/xine-image-1.1.2-3.3mdv2007.0.i586.rpm
 79899e7608558bb490003b9cba2a978c  2007.0/i586/xine-plugins-1.1.2-3.3mdv2007.0.i586.rpm
 ed4c39cfe82d66caa19c023a8495c4a1  2007.0/i586/xine-sdl-1.1.2-3.3mdv2007.0.i586.rpm
 9256f65fff35cd6c25fd0b19823dcc8a  2007.0/i586/xine-smb-1.1.2-3.3mdv2007.0.i586.rpm 
 0bf2ceba6a15a079bf2890265b8f1a55  2007.0/SRPMS/xine-lib-1.1.2-3.3mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 d92a6bebe5c1e915ed6dca150f32de2e  2007.0/x86_64/lib64xine1-1.1.2-3.3mdv2007.0.x86_64.rpm
 eb0c2f9d95f04e3d9c8ea1282c41f5dc  2007.0/x86_64/lib64xine1-devel-1.1.2-3.3mdv2007.0.x86_64.rpm
 cd81757a9c25e480d10932cb4d40f6e0  2007.0/x86_64/xine-aa-1.1.2-3.3mdv2007.0.x86_64.rpm
 acbaf60373d75281d3c3c7da24d7a1de  2007.0/x86_64/xine-arts-1.1.2-3.3mdv2007.0.x86_64.rpm
 38997b2bd174345dcec41682569868c1  2007.0/x86_64/xine-dxr3-1.1.2-3.3mdv2007.0.x86_64.rpm
 2425cc89f26171fc32f889ccf0b5b96c  2007.0/x86_64/xine-esd-1.1.2-3.3mdv2007.0.x86_64.rpm
 5ddcb92e47e6f35de1db5482edf98a9c  2007.0/x86_64/xine-flac-1.1.2-3.3mdv2007.0.x86_64.rpm
 c68e811900a94bd92d65832f64bcdb8a  2007.0/x86_64/xine-gnomevfs-1.1.2-3.3mdv2007.0.x86_64.rpm
 f6aa73615c7c9a7238838641afc6af6a  2007.0/x86_64/xine-image-1.1.2-3.3mdv2007.0.x86_64.rpm
 4437aff317d159abbd1785fbe53368e7  2007.0/x86_64/xine-plugins-1.1.2-3.3mdv2007.0.x86_64.rpm
 4f062b56c298e09b0ec364c18814917f  2007.0/x86_64/xine-sdl-1.1.2-3.3mdv2007.0.x86_64.rpm
 fa2a314dbde0ccedf85043e10d94f3d3  2007.0/x86_64/xine-smb-1.1.2-3.3mdv2007.0.x86_64.rpm 
 0bf2ceba6a15a079bf2890265b8f1a55  2007.0/SRPMS/xine-lib-1.1.2-3.3mdv2007.0.src.rpm

 Corporate 3.0:
 dffe302693d57f09ad55573f20400258  corporate/3.0/i586/libxine1-1-0.rc3.6.15.C30mdk.i586.rpm
 76bb6cba723566a5a0a02043d5e02fe2  corporate/3.0/i586/libxine1-devel-1-0.rc3.6.15.C30mdk.i586.rpm
 24645aa6d547c1077236248eb54645f0  corporate/3.0/i586/xine-aa-1-0.rc3.6.15.C30mdk.i586.rpm
 246938c45fe9d795c96aa349bf8cd107  corporate/3.0/i586/xine-arts-1-0.rc3.6.15.C30mdk.i586.rpm
 0af50984ecd9fd2979f3da178871ac1d  corporate/3.0/i586/xine-dxr3-1-0.rc3.6.15.C30mdk.i586.rpm
 80b08a823d7793fb677bbb121a07f9cb  corporate/3.0/i586/xine-esd-1-0.rc3.6.15.C30mdk.i586.rpm
 31c8ad519bfab253300f5d575ea22f5b  corporate/3.0/i586/xine-flac-1-0.rc3.6.15.C30mdk.i586.rpm
 38bcaf1e4bf6f673c0e39048e7701348  corporate/3.0/i586/xine-gnomevfs-1-0.rc3.6.15.C30mdk.i586.rpm
 27627560d6c1c7e5aa2fd63bde435b37  corporate/3.0/i586/xine-plugins-1-0.rc3.6.15.C30mdk.i586.rpm 
 3f124f14f5fa8b1e7e3f3917afda3705  corporate/3.0/SRPMS/xine-lib-1-0.rc3.6.15.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 0182ddc1159b46c24589b397412733e1  corporate/3.0/x86_64/lib64xine1-1-0.rc3.6.15.C30mdk.x86_64.rpm
 01cb9805548452a161da99ad385ed474  corporate/3.0/x86_64/lib64xine1-devel-1-0.rc3.6.15.C30mdk.x86_64.rpm
 b121a2b09b0da74ad2553f94319c2771  corporate/3.0/x86_64/xine-aa-1-0.rc3.6.15.C30mdk.x86_64.rpm
 91534b8494ab6ac1eec6c47261f6389b  corporate/3.0/x86_64/xine-arts-1-0.rc3.6.15.C30mdk.x86_64.rpm
 81d95f1a15722144e856384e4fe4a27b  corporate/3.0/x86_64/xine-esd-1-0.rc3.6.15.C30mdk.x86_64.rpm
 f35de55cb2d1b241c60479728ab84ca0  corporate/3.0/x86_64/xine-flac-1-0.rc3.6.15.C30mdk.x86_64.rpm
 b83e2f8b1cbf0802077ee0f7bc1ac6ec  corporate/3.0/x86_64/xine-gnomevfs-1-0.rc3.6.15.C30mdk.x86_64.rpm
 aa6982efb1978493f4d278e5d7ee8787  corporate/3.0/x86_64/xine-plugins-1-0.rc3.6.15.C30mdk.x86_64.rpm 
 3f124f14f5fa8b1e7e3f3917afda3705  corporate/3.0/SRPMS/xine-lib-1-0.rc3.6.15.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFF7/rEmqjQ0CJFipgRAtZdAJ94tgd8KDteZ2S363e6T0kKNlNV/ACeMI5H
JdD2wOBXCUVX7Vv3c2bdD1Y=
=X6nW
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists