lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1HWyz3-0003DJ-IB@artemis.annvix.ca>
Date: Thu, 29 Mar 2007 12:04:25 -0600
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDKSA-2007:071 ] - Updated xmms packages to address integer vulnerabilities


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2007:071
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : xmms
 Date    : March 29, 2007
 Affected: Corporate 3.0
 _______________________________________________________________________
 
 Problem Description:
 
 Integer overflow in X MultiMedia System (xmms) 1.2.10, and possibly
 other versions, allows user-assisted remote attackers to execute
 arbitrary code via crafted header information in a skin bitmap image,
 which triggers memory corruption. (CVE-2007-0653)
 
 Integer underflow in X MultiMedia System (xmms) 1.2.10 allows
 user-assisted remote attackers to execute arbitrary code via crafted
 header information in a skin bitmap image, which results in a stack-
 based buffer overflow. (CVE-2007-0654)
 
 Updated packages have been patched to correct these issues.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0653
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0654
 _______________________________________________________________________
 
 Updated Packages:
 
 Corporate 3.0:
 e4e2ea4b6fafc1a9f1c04b90dfbd44ec  corporate/3.0/i586/libxmms1-1.2.9-5.1.C30mdk.i586.rpm
 f1123705c241b9f68346f6a31eeb6ae6  corporate/3.0/i586/libxmms1-devel-1.2.9-5.1.C30mdk.i586.rpm
 3a50d813a088920e00da2141cc2f8930  corporate/3.0/i586/xmms-1.2.9-5.1.C30mdk.i586.rpm
 fcc8444b30c3bb08f4a341edac0128ff  corporate/3.0/i586/xmms-alsa-1.2.9-5.1.C30mdk.i586.rpm
 79adbc46d0403e30204a48ba5c5b7b5c  corporate/3.0/i586/xmms-diskwriter-1.2.9-5.1.C30mdk.i586.rpm
 fd70b57aa74d0ab85879f37eeb65f077  corporate/3.0/i586/xmms-esd-1.2.9-5.1.C30mdk.i586.rpm
 2cbdff97924f5f36abb6928d1e5c66a5  corporate/3.0/i586/xmms-mesa-1.2.9-5.1.C30mdk.i586.rpm
 7b26d8e89bd3218a3e914bafab0f26ea  corporate/3.0/i586/xmms-mikmod-1.2.9-5.1.C30mdk.i586.rpm 
 99e91ac3f68cdff18d4930c26f96e864  corporate/3.0/SRPMS/xmms-1.2.9-5.1.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 709d0a91c3405d75188028e26d7b933c  corporate/3.0/x86_64/lib64xmms1-1.2.9-5.1.C30mdk.x86_64.rpm
 37de4ecd6aa2c70065f39e1d0f0f2cf3  corporate/3.0/x86_64/lib64xmms1-devel-1.2.9-5.1.C30mdk.x86_64.rpm
 f78f2fd4b3af81d953ed5d5103b1633d  corporate/3.0/x86_64/xmms-1.2.9-5.1.C30mdk.x86_64.rpm
 2d51b31f0be010a46a49c1ab76f3106d  corporate/3.0/x86_64/xmms-alsa-1.2.9-5.1.C30mdk.x86_64.rpm
 aaf48a4d11b6c72faa74d5cd68e32f98  corporate/3.0/x86_64/xmms-diskwriter-1.2.9-5.1.C30mdk.x86_64.rpm
 a0984dcc9099a5ba602c0553e782ffff  corporate/3.0/x86_64/xmms-esd-1.2.9-5.1.C30mdk.x86_64.rpm
 9c1e5c6380330195f4ba76f48a752d5c  corporate/3.0/x86_64/xmms-mesa-1.2.9-5.1.C30mdk.x86_64.rpm
 69af4c915f6f9db9353b388c7ca133f8  corporate/3.0/x86_64/xmms-mikmod-1.2.9-5.1.C30mdk.x86_64.rpm 
 99e91ac3f68cdff18d4930c26f96e864  corporate/3.0/SRPMS/xmms-1.2.9-5.1.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGC9TQmqjQ0CJFipgRAvFwAJ0YsZuPKZMoqovHdf3ROiYh53wTZgCg4RnI
4Qn5K3eOm6Baq+NkVGUYy5M=
=eGC8
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ