lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1GT67h-0006Je-0U@mercury.mandriva.com>
Date: Thu, 28 Sep 2006 18:21:00 -0600
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDKSA-2006:176 ] - Updated xine-lib packages
	fix buffer overflow vulnerabilities


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:176
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : xine-lib
 Date    : September 28, 2006
 Affected: 2006.0, 2007.0, Corporate 3.0
 _______________________________________________________________________
 
 Problem Description:
 
 Xine-lib uses an embedded copy of ffmpeg and as such has been updated
 to address the following issue:  Multiple buffer overflows in
 libavcodec in ffmpeg before 0.4.9_p20060530 allow remote attackers to
 cause a denial of service or possibly execute arbitrary code via
 multiple unspecified vectors in (1) dtsdec.c, (2) vorbis.c, (3) rm.c,
 (4)sierravmd.c, (5) smacker.c, (6) tta.c, (7) 4xm.c, (8) alac.c, (9)
 cook.c, (10)shorten.c, (11) smacker.c, (12) snow.c, and (13) tta.c.
 NOTE: it is likely that this is a different vulnerability than
 CVE-2005-4048 and CVE-2006-2802.

 Updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4800
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2006.0:
 d1f80d9b93a76660d51ad5df0c8c2e19  2006.0/i586/libxine1-1.1.0-9.7.20060mdk.i586.rpm
 f671d0176cf054d166c1e16e874aaaa2  2006.0/i586/libxine1-devel-1.1.0-9.7.20060mdk.i586.rpm
 6f0953a17f812a39f95e3b9287b9e069  2006.0/i586/xine-aa-1.1.0-9.7.20060mdk.i586.rpm
 42d3d3fb0dacc20837ce9b29e63ee7b4  2006.0/i586/xine-arts-1.1.0-9.7.20060mdk.i586.rpm
 730747a34c5c0b257b491c444e8e5d84  2006.0/i586/xine-dxr3-1.1.0-9.7.20060mdk.i586.rpm
 15e53a29ac2538c42ac127004d1ace0a  2006.0/i586/xine-esd-1.1.0-9.7.20060mdk.i586.rpm
 9a70a80f3a1bc3cd3d58c21ff84a60bb  2006.0/i586/xine-flac-1.1.0-9.7.20060mdk.i586.rpm
 c587a6f90f1e0dae31fd2c168f46f7e0  2006.0/i586/xine-gnomevfs-1.1.0-9.7.20060mdk.i586.rpm
 bf556f57f35ae3a70157c925cceeadce  2006.0/i586/xine-image-1.1.0-9.7.20060mdk.i586.rpm
 6b902ec1c26032f86733e50c0576db20  2006.0/i586/xine-plugins-1.1.0-9.7.20060mdk.i586.rpm
 dc86818eeda6ebe99f4c4736aa26915d  2006.0/i586/xine-polyp-1.1.0-9.7.20060mdk.i586.rpm
 0f2d148a0b52157e8598ec42c8f2a3c5  2006.0/i586/xine-smb-1.1.0-9.7.20060mdk.i586.rpm 
 a1727cb46b7790690d8970371538a767  2006.0/SRPMS/xine-lib-1.1.0-9.7.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 d2072c8ed9dc58f785afa6f091368540  2006.0/x86_64/lib64xine1-1.1.0-9.7.20060mdk.x86_64.rpm
 4e89998dece0c89eb08e70ff1c463839  2006.0/x86_64/lib64xine1-devel-1.1.0-9.7.20060mdk.x86_64.rpm
 8a85f46ca8642413d262a10ccf9d83f5  2006.0/x86_64/xine-aa-1.1.0-9.7.20060mdk.x86_64.rpm
 8d5cf41e362c82ff439ac7f016133e3b  2006.0/x86_64/xine-arts-1.1.0-9.7.20060mdk.x86_64.rpm
 59d13f29dce4010c44b7ded12bf72b0c  2006.0/x86_64/xine-dxr3-1.1.0-9.7.20060mdk.x86_64.rpm
 ff0e3b94866e27e16c0879466edfe8ad  2006.0/x86_64/xine-esd-1.1.0-9.7.20060mdk.x86_64.rpm
 dbe2fc276bb83ebadcd60ffe65695600  2006.0/x86_64/xine-flac-1.1.0-9.7.20060mdk.x86_64.rpm
 399b3cf66525e55b29efdd7ab2d16f4e  2006.0/x86_64/xine-gnomevfs-1.1.0-9.7.20060mdk.x86_64.rpm
 585d0753c5465c3be61374c633b9a849  2006.0/x86_64/xine-image-1.1.0-9.7.20060mdk.x86_64.rpm
 caa986167205f61d3b2cd332de8f9ea9  2006.0/x86_64/xine-plugins-1.1.0-9.7.20060mdk.x86_64.rpm
 4c8105732f02c99499743baf3a8bee82  2006.0/x86_64/xine-polyp-1.1.0-9.7.20060mdk.x86_64.rpm
 92849a576e00179b379d46ad09ef69c6  2006.0/x86_64/xine-smb-1.1.0-9.7.20060mdk.x86_64.rpm 
 a1727cb46b7790690d8970371538a767  2006.0/SRPMS/xine-lib-1.1.0-9.7.20060mdk.src.rpm

 Mandriva Linux 2007.0:
 d404c25c046cb8a33c8ad0e2b2072754  2007.0/i586/libxine1-1.1.2-3.1mdv2007.0.i586.rpm
 5cc4212e46690c5910f11bb574e073d3  2007.0/i586/libxine1-devel-1.1.2-3.1mdv2007.0.i586.rpm
 ac59fa02078f3989ceb189b96cdef41f  2007.0/i586/xine-aa-1.1.2-3.1mdv2007.0.i586.rpm
 86efab30b6c71cb3847b5229ca1067ca  2007.0/i586/xine-arts-1.1.2-3.1mdv2007.0.i586.rpm
 3d731488c545b27e1295e758e3f674ac  2007.0/i586/xine-dxr3-1.1.2-3.1mdv2007.0.i586.rpm
 c85c713e002fe6009eef3a8ce191ca73  2007.0/i586/xine-esd-1.1.2-3.1mdv2007.0.i586.rpm
 af8bf9bd553334e8bce2dbc257fb2ce9  2007.0/i586/xine-flac-1.1.2-3.1mdv2007.0.i586.rpm
 8da4facf9142237c874da9790f44e014  2007.0/i586/xine-gnomevfs-1.1.2-3.1mdv2007.0.i586.rpm
 da7022eb9498f9dba321893fc35378a4  2007.0/i586/xine-image-1.1.2-3.1mdv2007.0.i586.rpm
 6dfe4067a98de2e9344752ec369149bb  2007.0/i586/xine-plugins-1.1.2-3.1mdv2007.0.i586.rpm
 89a7386ed3c2b821f9dd2715d23699c2  2007.0/i586/xine-sdl-1.1.2-3.1mdv2007.0.i586.rpm
 6a8c17bd9d98744c57ddb5b12d78d197  2007.0/i586/xine-smb-1.1.2-3.1mdv2007.0.i586.rpm 
 eb3473147c0d7cdfa3b0d48ff37dc61a  2007.0/SRPMS/xine-lib-1.1.2-3.1mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 bdd79df2e0097f84a2f5772c4ca6136f  2007.0/x86_64/lib64xine1-1.1.2-3.1mdv2007.0.x86_64.rpm
 6ba8f3c17541fd13ac77d55120758042  2007.0/x86_64/lib64xine1-devel-1.1.2-3.1mdv2007.0.x86_64.rpm
 d71799253d4c012e1e3f64d3bc58d7cc  2007.0/x86_64/xine-aa-1.1.2-3.1mdv2007.0.x86_64.rpm
 9d39171f79b30e7eb4c8ca2370e483b5  2007.0/x86_64/xine-arts-1.1.2-3.1mdv2007.0.x86_64.rpm
 246c0799945641ea013cc41b5409deea  2007.0/x86_64/xine-dxr3-1.1.2-3.1mdv2007.0.x86_64.rpm
 dcc81b8d0ba73799019e2d8638d5ec20  2007.0/x86_64/xine-esd-1.1.2-3.1mdv2007.0.x86_64.rpm
 f3d6cf4c186265c72b235bf20817de9d  2007.0/x86_64/xine-flac-1.1.2-3.1mdv2007.0.x86_64.rpm
 57684a9c46601d685fb2a00bdc01eddd  2007.0/x86_64/xine-gnomevfs-1.1.2-3.1mdv2007.0.x86_64.rpm
 fdf75b1bcaecb2f49fddd40d96a75ea7  2007.0/x86_64/xine-image-1.1.2-3.1mdv2007.0.x86_64.rpm
 3c8f9ab5f54574b6c1ac04e494597631  2007.0/x86_64/xine-plugins-1.1.2-3.1mdv2007.0.x86_64.rpm
 fa5133b6f2543e6de6425efcbd7cd435  2007.0/x86_64/xine-sdl-1.1.2-3.1mdv2007.0.x86_64.rpm
 fd42d77bf716df6f53fb3dd4093bdafc  2007.0/x86_64/xine-smb-1.1.2-3.1mdv2007.0.x86_64.rpm 
 eb3473147c0d7cdfa3b0d48ff37dc61a  2007.0/SRPMS/xine-lib-1.1.2-3.1mdv2007.0.src.rpm

 Corporate 3.0:
 db41592447e7e73730797aa9bf498ad5  corporate/3.0/i586/libxine1-1-0.rc3.6.13.C30mdk.i586.rpm
 84b3f62d20a29c48e8e910b6316bcfb5  corporate/3.0/i586/libxine1-devel-1-0.rc3.6.13.C30mdk.i586.rpm
 f805b3d9402c19ab772f80b2e8b1eafc  corporate/3.0/i586/xine-aa-1-0.rc3.6.13.C30mdk.i586.rpm
 8825c4a718b38706da515ec6c35ccaba  corporate/3.0/i586/xine-arts-1-0.rc3.6.13.C30mdk.i586.rpm
 261649da7010f98bff6a83e690f9c7cc  corporate/3.0/i586/xine-dxr3-1-0.rc3.6.13.C30mdk.i586.rpm
 f38a295e8a8fb8c61d7dfd607498c0ad  corporate/3.0/i586/xine-esd-1-0.rc3.6.13.C30mdk.i586.rpm
 5a06155242921b82936a1e727ae0f95d  corporate/3.0/i586/xine-flac-1-0.rc3.6.13.C30mdk.i586.rpm
 e50866249d9ceacc9a487ea9d7ae42d6  corporate/3.0/i586/xine-gnomevfs-1-0.rc3.6.13.C30mdk.i586.rpm
 9c9ddb6cbd1c57cb8f31a29214666b78  corporate/3.0/i586/xine-plugins-1-0.rc3.6.13.C30mdk.i586.rpm 
 6c87980235f4aaeedb8671384c8542a7  corporate/3.0/SRPMS/xine-lib-1-0.rc3.6.13.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 3f2792ec38f9f9327a8de63d0d0fa675  corporate/3.0/x86_64/lib64xine1-1-0.rc3.6.13.C30mdk.x86_64.rpm
 6c9491f30d6ba186d65e287bc86ad48f  corporate/3.0/x86_64/lib64xine1-devel-1-0.rc3.6.13.C30mdk.x86_64.rpm
 83629afd6aa2e9abeb479e7bf8abd969  corporate/3.0/x86_64/xine-aa-1-0.rc3.6.13.C30mdk.x86_64.rpm
 bcd60c934b0c514a0e3f877c616b1582  corporate/3.0/x86_64/xine-arts-1-0.rc3.6.13.C30mdk.x86_64.rpm
 1ba79beb8e795aefa83a5033e78cd5a8  corporate/3.0/x86_64/xine-esd-1-0.rc3.6.13.C30mdk.x86_64.rpm
 43c80a0e726695afe9e9e22fb11e7ceb  corporate/3.0/x86_64/xine-flac-1-0.rc3.6.13.C30mdk.x86_64.rpm
 f20e49f4a5b8ee79172b2c2b153f7d9b  corporate/3.0/x86_64/xine-gnomevfs-1-0.rc3.6.13.C30mdk.x86_64.rpm
 bea5d059056a9771172fc3b25c04ac5a  corporate/3.0/x86_64/xine-plugins-1-0.rc3.6.13.C30mdk.x86_64.rpm 
 6c87980235f4aaeedb8671384c8542a7  corporate/3.0/SRPMS/xine-lib-1-0.rc3.6.13.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFHDosmqjQ0CJFipgRAvIwAJ9ksuDWipI2eiizX1c1z63pikV6ZgCglg46
5adSZ8Y+mHDBnF10FxZxh6Q=
=Eqae
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ