| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 15 Feb 2008 15:26:46 -0700 From: security@...driva.com To: bugtraq@...urityfocus.com Subject: [ MDVSA-2008:046 ] - Updated xine-lib package fixes arbitrary code execution vulnerability -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2008:046 http://www.mandriva.com/security/ _______________________________________________________________________ Package : xine-lib Date : February 15, 2008 Affected: 2007.1, 2008.0 _______________________________________________________________________ Problem Description: An array index vulnerability found in the FLAC audio demuxer might allow remote attackers to execute arbitrary code via a crafted FLAC tag, which triggers a buffer overflow. Although originally an MPlayer issue, it also affects xine-lib due to code similarity. The updated packages have been patched to prevent this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0486 _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.1: 92b105e8e45cc7c628cfea03b65e5ebc 2007.1/i586/libxine1-1.1.4-6.5mdv2007.1.i586.rpm 8c10ae324cb8e3b02fe142cae8d86b23 2007.1/i586/libxine1-devel-1.1.4-6.5mdv2007.1.i586.rpm bb26522243e95621a475b886ebedacca 2007.1/i586/xine-aa-1.1.4-6.5mdv2007.1.i586.rpm 5d01cf04b75ba1ad6a4b8e85448e7b78 2007.1/i586/xine-arts-1.1.4-6.5mdv2007.1.i586.rpm 08be3876d609ee70b0966eaaa395085b 2007.1/i586/xine-caca-1.1.4-6.5mdv2007.1.i586.rpm b0702ce5b6e2bd2bc12c8a4b42e8ee30 2007.1/i586/xine-dxr3-1.1.4-6.5mdv2007.1.i586.rpm a1dd806006624254b89f9bc6c756bd2c 2007.1/i586/xine-esd-1.1.4-6.5mdv2007.1.i586.rpm b0218b6ae17e7874a0949055f1271365 2007.1/i586/xine-flac-1.1.4-6.5mdv2007.1.i586.rpm f7b59004050060fd3ebb83bbedc7d16a 2007.1/i586/xine-gnomevfs-1.1.4-6.5mdv2007.1.i586.rpm 38ab5fb451a81ffcce9357a3884eeaff 2007.1/i586/xine-image-1.1.4-6.5mdv2007.1.i586.rpm ef5bbbf902ebf0b51a56a908ff79712c 2007.1/i586/xine-jack-1.1.4-6.5mdv2007.1.i586.rpm 0add0fbbf3e70a84739e17d66b1c851d 2007.1/i586/xine-plugins-1.1.4-6.5mdv2007.1.i586.rpm 50c7fda320ef57b995686477a5fbbfc4 2007.1/i586/xine-pulse-1.1.4-6.5mdv2007.1.i586.rpm f942f35a3d5b637b20f4b9e08c4912b8 2007.1/i586/xine-sdl-1.1.4-6.5mdv2007.1.i586.rpm 7aa83070759e8ff44153f6422c5204dd 2007.1/i586/xine-smb-1.1.4-6.5mdv2007.1.i586.rpm 0d47a2b57fa073f8618bf57b149a9f42 2007.1/SRPMS/xine-lib-1.1.4-6.5mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: 25893aeb0c101954c541a2f4f9c9c1da 2007.1/x86_64/lib64xine1-1.1.4-6.5mdv2007.1.x86_64.rpm 1fb04166eecb9a1ab1e011a0f1ababb4 2007.1/x86_64/lib64xine1-devel-1.1.4-6.5mdv2007.1.x86_64.rpm 3e48a4aafaa97bd47cb7c0bbb7ba1237 2007.1/x86_64/xine-aa-1.1.4-6.5mdv2007.1.x86_64.rpm bd2347ff386d44948c88c67485fb1b5a 2007.1/x86_64/xine-arts-1.1.4-6.5mdv2007.1.x86_64.rpm a509d9ebab2bf1941934d2cba759e770 2007.1/x86_64/xine-caca-1.1.4-6.5mdv2007.1.x86_64.rpm ba1b934caece9ae950e565d9a097b40e 2007.1/x86_64/xine-dxr3-1.1.4-6.5mdv2007.1.x86_64.rpm 95297e819a47fdcae07625741d5eabeb 2007.1/x86_64/xine-esd-1.1.4-6.5mdv2007.1.x86_64.rpm 8e8a92caa399113211cfd95336429ead 2007.1/x86_64/xine-flac-1.1.4-6.5mdv2007.1.x86_64.rpm 90aa9c3977c15458fe0c0ac98b1dabb2 2007.1/x86_64/xine-gnomevfs-1.1.4-6.5mdv2007.1.x86_64.rpm 28070563c3b364760a6fd9a93a0a64bd 2007.1/x86_64/xine-image-1.1.4-6.5mdv2007.1.x86_64.rpm 1309d3ffbdaabeaf28f8476f94fb8105 2007.1/x86_64/xine-jack-1.1.4-6.5mdv2007.1.x86_64.rpm c268f6d3a92ebee7d444470d9948bd2c 2007.1/x86_64/xine-plugins-1.1.4-6.5mdv2007.1.x86_64.rpm 46f6800167c1c8766cfa168e94a5ab89 2007.1/x86_64/xine-pulse-1.1.4-6.5mdv2007.1.x86_64.rpm 88adcbb90e87e260eb79a1f6d4c11adc 2007.1/x86_64/xine-sdl-1.1.4-6.5mdv2007.1.x86_64.rpm fb5ef2d8db31b0c6da3db2401963d1f8 2007.1/x86_64/xine-smb-1.1.4-6.5mdv2007.1.x86_64.rpm 0d47a2b57fa073f8618bf57b149a9f42 2007.1/SRPMS/xine-lib-1.1.4-6.5mdv2007.1.src.rpm Mandriva Linux 2008.0: a006ee314a3487abda9f87844a418283 2008.0/i586/libxine-devel-1.1.8-4.3mdv2008.0.i586.rpm 50300dd0ede82d905faa0148864ce5c3 2008.0/i586/libxine1-1.1.8-4.3mdv2008.0.i586.rpm f7354400019aa522a9b4c9183cdcbf01 2008.0/i586/xine-aa-1.1.8-4.3mdv2008.0.i586.rpm d9246649fabf1ec7d5ded73fc69389de 2008.0/i586/xine-caca-1.1.8-4.3mdv2008.0.i586.rpm 17cfc011b27bbee2ded3e57840892f3e 2008.0/i586/xine-dxr3-1.1.8-4.3mdv2008.0.i586.rpm b3bc62b1d9704e4c387b9dc05ca78c21 2008.0/i586/xine-esd-1.1.8-4.3mdv2008.0.i586.rpm bfc01255d453d4b024a3b219077d1410 2008.0/i586/xine-flac-1.1.8-4.3mdv2008.0.i586.rpm 76c62017cdd33345889c1582caf3b827 2008.0/i586/xine-gnomevfs-1.1.8-4.3mdv2008.0.i586.rpm 512904d1519640475146f19449398d05 2008.0/i586/xine-image-1.1.8-4.3mdv2008.0.i586.rpm b854ed87d8b85e43c766d47267e61ef1 2008.0/i586/xine-jack-1.1.8-4.3mdv2008.0.i586.rpm b3b83be2f3b0a1e5125921b17bef5b21 2008.0/i586/xine-plugins-1.1.8-4.3mdv2008.0.i586.rpm 781983b84a24bcd23ea7ed087b42d1bf 2008.0/i586/xine-pulse-1.1.8-4.3mdv2008.0.i586.rpm e7f7b472e8fd8bf30bc448fee29ae94d 2008.0/i586/xine-sdl-1.1.8-4.3mdv2008.0.i586.rpm 00d5184581be159ba607b277d4b3326d 2008.0/i586/xine-smb-1.1.8-4.3mdv2008.0.i586.rpm bc6508f3f527de2c25039bc3bff359d4 2008.0/SRPMS/xine-lib-1.1.8-4.3mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: ac5c1cf34cf85bd33c60a9707aa851d4 2008.0/x86_64/lib64xine-devel-1.1.8-4.3mdv2008.0.x86_64.rpm 2b995c0f69aa471d4700e5721b67a8af 2008.0/x86_64/lib64xine1-1.1.8-4.3mdv2008.0.x86_64.rpm cace153adb4181e62fdf6b9cbc715ab9 2008.0/x86_64/xine-aa-1.1.8-4.3mdv2008.0.x86_64.rpm d5c963ebc4814b1642937959531de6bf 2008.0/x86_64/xine-caca-1.1.8-4.3mdv2008.0.x86_64.rpm a20718c6f1abe8c06afb98ae52f36208 2008.0/x86_64/xine-dxr3-1.1.8-4.3mdv2008.0.x86_64.rpm fd4f65b926b4d9d3e5f734bfce8b7cbb 2008.0/x86_64/xine-esd-1.1.8-4.3mdv2008.0.x86_64.rpm e9f18928c5ed86e531545b98f721102b 2008.0/x86_64/xine-flac-1.1.8-4.3mdv2008.0.x86_64.rpm 0cad217d2138a6f6597db02714a5c0e8 2008.0/x86_64/xine-gnomevfs-1.1.8-4.3mdv2008.0.x86_64.rpm 3d2a618e0cc44cf47c0556ce6cc09bd9 2008.0/x86_64/xine-image-1.1.8-4.3mdv2008.0.x86_64.rpm 14baefc41749868298378b2d637c62b0 2008.0/x86_64/xine-jack-1.1.8-4.3mdv2008.0.x86_64.rpm ef3bc2769f717ac9bc6f8a1f6c801f30 2008.0/x86_64/xine-plugins-1.1.8-4.3mdv2008.0.x86_64.rpm 8296113a6b5db2f3846dd2c28755f583 2008.0/x86_64/xine-pulse-1.1.8-4.3mdv2008.0.x86_64.rpm 37745a135e8fafd10e31731048d5b58a 2008.0/x86_64/xine-sdl-1.1.8-4.3mdv2008.0.x86_64.rpm 5493e7511c3b601ffcc0632a8beab66c 2008.0/x86_64/xine-smb-1.1.8-4.3mdv2008.0.x86_64.rpm bc6508f3f527de2c25039bc3bff359d4 2008.0/SRPMS/xine-lib-1.1.8-4.3mdv2008.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (GNU/Linux) iD8DBQFHtecEmqjQ0CJFipgRAp/oAKDAs0GcPuf5v18wYBF+L2JNUCA4yQCfWnc3 ZNRY5WdeYXIevrA4KN0S9y4= =x1LB -----END PGP SIGNATURE-----
Powered by blists - more mailing lists