lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1GrmjQ-0000iw-Ko@mercury.mandriva.com>
Date: Tue,  5 Dec 2006 19:42:00 -0700
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDKSA-2006:224 ] - Updated xine-lib packages fix buffer overflow vulnerability


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:224
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : xine-lib
 Date    : December 5, 2006
 Affected: 2007.0, Corporate 3.0
 _______________________________________________________________________
 
 Problem Description:
 
 Buffer overflow in the asmrp_eval function for the Real Media input
 plugin allows remote attackers to cause a denial of service and
 possibly execute arbitrary code via a rulebook with a large number of
 rulematches.

 Updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6172
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 b0aa36d10d1ee53184b345c4a48b6fcb  2007.0/i586/libxine1-1.1.2-3.2mdv2007.0.i586.rpm
 0c67ca2d47ea5594d2978573205c158f  2007.0/i586/libxine1-devel-1.1.2-3.2mdv2007.0.i586.rpm
 ee79849493b4b40f207e0e135dc9f4ca  2007.0/i586/xine-aa-1.1.2-3.2mdv2007.0.i586.rpm
 f0d942949cf3938287e3f4ec44275807  2007.0/i586/xine-arts-1.1.2-3.2mdv2007.0.i586.rpm
 db80c09dc6050a920aeae2e410ab4471  2007.0/i586/xine-dxr3-1.1.2-3.2mdv2007.0.i586.rpm
 79f07b0afcbf4682752919829bde6fcf  2007.0/i586/xine-esd-1.1.2-3.2mdv2007.0.i586.rpm
 51688356ab263c95b051712ed0f70def  2007.0/i586/xine-flac-1.1.2-3.2mdv2007.0.i586.rpm
 74cd9a178d86754b337e4b1217874863  2007.0/i586/xine-gnomevfs-1.1.2-3.2mdv2007.0.i586.rpm
 3f331ce5c5463512038ad69a785c9dbe  2007.0/i586/xine-image-1.1.2-3.2mdv2007.0.i586.rpm
 f147438cd7f07aaf70e1178bd2343133  2007.0/i586/xine-plugins-1.1.2-3.2mdv2007.0.i586.rpm
 7cb84dbcf336d715b04812fbedb349cf  2007.0/i586/xine-sdl-1.1.2-3.2mdv2007.0.i586.rpm
 860fe1ca635d076e9bfa1819e7b603cd  2007.0/i586/xine-smb-1.1.2-3.2mdv2007.0.i586.rpm 
 c7a995ee090abd62b6a580b53e3c3364  2007.0/SRPMS/xine-lib-1.1.2-3.2mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 a1a3e704ff2f356784ad084f95d41f74  2007.0/x86_64/lib64xine1-1.1.2-3.2mdv2007.0.x86_64.rpm
 ee81c8526e7baf295f214338fa3d45cd  2007.0/x86_64/lib64xine1-devel-1.1.2-3.2mdv2007.0.x86_64.rpm
 bdb0a918df1d9239016741bde0027f3a  2007.0/x86_64/xine-aa-1.1.2-3.2mdv2007.0.x86_64.rpm
 6cc4cc4b46b3dbeb22364ecc15d9c7d6  2007.0/x86_64/xine-arts-1.1.2-3.2mdv2007.0.x86_64.rpm
 4d9ce5c5ef2814e2c18dcc60e6270322  2007.0/x86_64/xine-dxr3-1.1.2-3.2mdv2007.0.x86_64.rpm
 38fe8e37988df8307028778421029349  2007.0/x86_64/xine-esd-1.1.2-3.2mdv2007.0.x86_64.rpm
 53ccedaeef04ff9b15bcf3d63cdb8663  2007.0/x86_64/xine-flac-1.1.2-3.2mdv2007.0.x86_64.rpm
 b090fb7ac33b25d310dc8cfc4758062b  2007.0/x86_64/xine-gnomevfs-1.1.2-3.2mdv2007.0.x86_64.rpm
 51d280def3f6c87276e9b4892c807d38  2007.0/x86_64/xine-image-1.1.2-3.2mdv2007.0.x86_64.rpm
 fdbfa62329ac6fadba0277db33b71cff  2007.0/x86_64/xine-plugins-1.1.2-3.2mdv2007.0.x86_64.rpm
 af8dda72b12c9a36d7a51d3d5916bb38  2007.0/x86_64/xine-sdl-1.1.2-3.2mdv2007.0.x86_64.rpm
 dea73578f285ebe1b1aac769cc0a549a  2007.0/x86_64/xine-smb-1.1.2-3.2mdv2007.0.x86_64.rpm 
 c7a995ee090abd62b6a580b53e3c3364  2007.0/SRPMS/xine-lib-1.1.2-3.2mdv2007.0.src.rpm

 Corporate 3.0:
 e27a1f3f0a92a65ea9673d0aa7bd9660  corporate/3.0/i586/libxine1-1-0.rc3.6.14.C30mdk.i586.rpm
 cef9a906baabe8c8e18bbe45762268fd  corporate/3.0/i586/libxine1-devel-1-0.rc3.6.14.C30mdk.i586.rpm
 5260c623ea029663a3166c8e350b6306  corporate/3.0/i586/xine-aa-1-0.rc3.6.14.C30mdk.i586.rpm
 aa8ed9640d1e42608f1cd531d4d00dd6  corporate/3.0/i586/xine-arts-1-0.rc3.6.14.C30mdk.i586.rpm
 1d311b51dc2ea55a1590ef409bfd9d9f  corporate/3.0/i586/xine-dxr3-1-0.rc3.6.14.C30mdk.i586.rpm
 d8602b10e1b5b0ea29959c981bf5866e  corporate/3.0/i586/xine-esd-1-0.rc3.6.14.C30mdk.i586.rpm
 ba65fc2fa69c85b848f7fe5728381003  corporate/3.0/i586/xine-flac-1-0.rc3.6.14.C30mdk.i586.rpm
 bbf13c446ebf132b6a474a9bf4a300cd  corporate/3.0/i586/xine-gnomevfs-1-0.rc3.6.14.C30mdk.i586.rpm
 18168e188258d645ba33103a743af3cb  corporate/3.0/i586/xine-plugins-1-0.rc3.6.14.C30mdk.i586.rpm 
 11ff55c81b52559ff1b08bab917d63db  corporate/3.0/SRPMS/xine-lib-1-0.rc3.6.14.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 fad4ae51ebdd06fe3b3f7848994bc7f0  corporate/3.0/x86_64/lib64xine1-1-0.rc3.6.14.C30mdk.x86_64.rpm
 0aeb5bb0a613d0fa13788c7f2c64c871  corporate/3.0/x86_64/lib64xine1-devel-1-0.rc3.6.14.C30mdk.x86_64.rpm
 755ab190b656fdbb9313189cce7f5a80  corporate/3.0/x86_64/xine-aa-1-0.rc3.6.14.C30mdk.x86_64.rpm
 ecf0b4ee0c12d1506432c297080bbb67  corporate/3.0/x86_64/xine-arts-1-0.rc3.6.14.C30mdk.x86_64.rpm
 8433359eaa5ec8987efe65e6ada96132  corporate/3.0/x86_64/xine-esd-1-0.rc3.6.14.C30mdk.x86_64.rpm
 bbb1ac4807f1e8a7960d8704c79c6134  corporate/3.0/x86_64/xine-flac-1-0.rc3.6.14.C30mdk.x86_64.rpm
 356f64f53ce7d552acc239cde30b60ea  corporate/3.0/x86_64/xine-gnomevfs-1-0.rc3.6.14.C30mdk.x86_64.rpm
 4661d21604ad2b6d2443e1ba357a9491  corporate/3.0/x86_64/xine-plugins-1-0.rc3.6.14.C30mdk.x86_64.rpm 
 11ff55c81b52559ff1b08bab917d63db  corporate/3.0/SRPMS/xine-lib-1-0.rc3.6.14.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFdgJvmqjQ0CJFipgRAsGsAKC/hIBRO42PeuMhjv0q1Pe6S7SDigCg3Q90
6ILMjlqmpJ/U+9ga8dyvKZs=
=MYl3
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ