lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-id: <E1JQ914-0000Kw-4I@artemis.annvix.ca>
Date: Fri, 15 Feb 2008 15:26:46 -0700
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2008:046 ] - Updated xine-lib package
 fixes arbitrary code execution vulnerability


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDVSA-2008:046
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : xine-lib
 Date    : February 15, 2008
 Affected: 2007.1, 2008.0
 _______________________________________________________________________
 
 Problem Description:
 
 An array index vulnerability found in the FLAC audio demuxer might
 allow remote attackers to execute arbitrary code via a crafted FLAC
 tag, which triggers a buffer overflow. Although originally an MPlayer
 issue, it also affects xine-lib due to code similarity.
 
 The updated packages have been patched to prevent this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0486
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.1:
 92b105e8e45cc7c628cfea03b65e5ebc  2007.1/i586/libxine1-1.1.4-6.5mdv2007.1.i586.rpm
 8c10ae324cb8e3b02fe142cae8d86b23  2007.1/i586/libxine1-devel-1.1.4-6.5mdv2007.1.i586.rpm
 bb26522243e95621a475b886ebedacca  2007.1/i586/xine-aa-1.1.4-6.5mdv2007.1.i586.rpm
 5d01cf04b75ba1ad6a4b8e85448e7b78  2007.1/i586/xine-arts-1.1.4-6.5mdv2007.1.i586.rpm
 08be3876d609ee70b0966eaaa395085b  2007.1/i586/xine-caca-1.1.4-6.5mdv2007.1.i586.rpm
 b0702ce5b6e2bd2bc12c8a4b42e8ee30  2007.1/i586/xine-dxr3-1.1.4-6.5mdv2007.1.i586.rpm
 a1dd806006624254b89f9bc6c756bd2c  2007.1/i586/xine-esd-1.1.4-6.5mdv2007.1.i586.rpm
 b0218b6ae17e7874a0949055f1271365  2007.1/i586/xine-flac-1.1.4-6.5mdv2007.1.i586.rpm
 f7b59004050060fd3ebb83bbedc7d16a  2007.1/i586/xine-gnomevfs-1.1.4-6.5mdv2007.1.i586.rpm
 38ab5fb451a81ffcce9357a3884eeaff  2007.1/i586/xine-image-1.1.4-6.5mdv2007.1.i586.rpm
 ef5bbbf902ebf0b51a56a908ff79712c  2007.1/i586/xine-jack-1.1.4-6.5mdv2007.1.i586.rpm
 0add0fbbf3e70a84739e17d66b1c851d  2007.1/i586/xine-plugins-1.1.4-6.5mdv2007.1.i586.rpm
 50c7fda320ef57b995686477a5fbbfc4  2007.1/i586/xine-pulse-1.1.4-6.5mdv2007.1.i586.rpm
 f942f35a3d5b637b20f4b9e08c4912b8  2007.1/i586/xine-sdl-1.1.4-6.5mdv2007.1.i586.rpm
 7aa83070759e8ff44153f6422c5204dd  2007.1/i586/xine-smb-1.1.4-6.5mdv2007.1.i586.rpm 
 0d47a2b57fa073f8618bf57b149a9f42  2007.1/SRPMS/xine-lib-1.1.4-6.5mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 25893aeb0c101954c541a2f4f9c9c1da  2007.1/x86_64/lib64xine1-1.1.4-6.5mdv2007.1.x86_64.rpm
 1fb04166eecb9a1ab1e011a0f1ababb4  2007.1/x86_64/lib64xine1-devel-1.1.4-6.5mdv2007.1.x86_64.rpm
 3e48a4aafaa97bd47cb7c0bbb7ba1237  2007.1/x86_64/xine-aa-1.1.4-6.5mdv2007.1.x86_64.rpm
 bd2347ff386d44948c88c67485fb1b5a  2007.1/x86_64/xine-arts-1.1.4-6.5mdv2007.1.x86_64.rpm
 a509d9ebab2bf1941934d2cba759e770  2007.1/x86_64/xine-caca-1.1.4-6.5mdv2007.1.x86_64.rpm
 ba1b934caece9ae950e565d9a097b40e  2007.1/x86_64/xine-dxr3-1.1.4-6.5mdv2007.1.x86_64.rpm
 95297e819a47fdcae07625741d5eabeb  2007.1/x86_64/xine-esd-1.1.4-6.5mdv2007.1.x86_64.rpm
 8e8a92caa399113211cfd95336429ead  2007.1/x86_64/xine-flac-1.1.4-6.5mdv2007.1.x86_64.rpm
 90aa9c3977c15458fe0c0ac98b1dabb2  2007.1/x86_64/xine-gnomevfs-1.1.4-6.5mdv2007.1.x86_64.rpm
 28070563c3b364760a6fd9a93a0a64bd  2007.1/x86_64/xine-image-1.1.4-6.5mdv2007.1.x86_64.rpm
 1309d3ffbdaabeaf28f8476f94fb8105  2007.1/x86_64/xine-jack-1.1.4-6.5mdv2007.1.x86_64.rpm
 c268f6d3a92ebee7d444470d9948bd2c  2007.1/x86_64/xine-plugins-1.1.4-6.5mdv2007.1.x86_64.rpm
 46f6800167c1c8766cfa168e94a5ab89  2007.1/x86_64/xine-pulse-1.1.4-6.5mdv2007.1.x86_64.rpm
 88adcbb90e87e260eb79a1f6d4c11adc  2007.1/x86_64/xine-sdl-1.1.4-6.5mdv2007.1.x86_64.rpm
 fb5ef2d8db31b0c6da3db2401963d1f8  2007.1/x86_64/xine-smb-1.1.4-6.5mdv2007.1.x86_64.rpm 
 0d47a2b57fa073f8618bf57b149a9f42  2007.1/SRPMS/xine-lib-1.1.4-6.5mdv2007.1.src.rpm

 Mandriva Linux 2008.0:
 a006ee314a3487abda9f87844a418283  2008.0/i586/libxine-devel-1.1.8-4.3mdv2008.0.i586.rpm
 50300dd0ede82d905faa0148864ce5c3  2008.0/i586/libxine1-1.1.8-4.3mdv2008.0.i586.rpm
 f7354400019aa522a9b4c9183cdcbf01  2008.0/i586/xine-aa-1.1.8-4.3mdv2008.0.i586.rpm
 d9246649fabf1ec7d5ded73fc69389de  2008.0/i586/xine-caca-1.1.8-4.3mdv2008.0.i586.rpm
 17cfc011b27bbee2ded3e57840892f3e  2008.0/i586/xine-dxr3-1.1.8-4.3mdv2008.0.i586.rpm
 b3bc62b1d9704e4c387b9dc05ca78c21  2008.0/i586/xine-esd-1.1.8-4.3mdv2008.0.i586.rpm
 bfc01255d453d4b024a3b219077d1410  2008.0/i586/xine-flac-1.1.8-4.3mdv2008.0.i586.rpm
 76c62017cdd33345889c1582caf3b827  2008.0/i586/xine-gnomevfs-1.1.8-4.3mdv2008.0.i586.rpm
 512904d1519640475146f19449398d05  2008.0/i586/xine-image-1.1.8-4.3mdv2008.0.i586.rpm
 b854ed87d8b85e43c766d47267e61ef1  2008.0/i586/xine-jack-1.1.8-4.3mdv2008.0.i586.rpm
 b3b83be2f3b0a1e5125921b17bef5b21  2008.0/i586/xine-plugins-1.1.8-4.3mdv2008.0.i586.rpm
 781983b84a24bcd23ea7ed087b42d1bf  2008.0/i586/xine-pulse-1.1.8-4.3mdv2008.0.i586.rpm
 e7f7b472e8fd8bf30bc448fee29ae94d  2008.0/i586/xine-sdl-1.1.8-4.3mdv2008.0.i586.rpm
 00d5184581be159ba607b277d4b3326d  2008.0/i586/xine-smb-1.1.8-4.3mdv2008.0.i586.rpm 
 bc6508f3f527de2c25039bc3bff359d4  2008.0/SRPMS/xine-lib-1.1.8-4.3mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 ac5c1cf34cf85bd33c60a9707aa851d4  2008.0/x86_64/lib64xine-devel-1.1.8-4.3mdv2008.0.x86_64.rpm
 2b995c0f69aa471d4700e5721b67a8af  2008.0/x86_64/lib64xine1-1.1.8-4.3mdv2008.0.x86_64.rpm
 cace153adb4181e62fdf6b9cbc715ab9  2008.0/x86_64/xine-aa-1.1.8-4.3mdv2008.0.x86_64.rpm
 d5c963ebc4814b1642937959531de6bf  2008.0/x86_64/xine-caca-1.1.8-4.3mdv2008.0.x86_64.rpm
 a20718c6f1abe8c06afb98ae52f36208  2008.0/x86_64/xine-dxr3-1.1.8-4.3mdv2008.0.x86_64.rpm
 fd4f65b926b4d9d3e5f734bfce8b7cbb  2008.0/x86_64/xine-esd-1.1.8-4.3mdv2008.0.x86_64.rpm
 e9f18928c5ed86e531545b98f721102b  2008.0/x86_64/xine-flac-1.1.8-4.3mdv2008.0.x86_64.rpm
 0cad217d2138a6f6597db02714a5c0e8  2008.0/x86_64/xine-gnomevfs-1.1.8-4.3mdv2008.0.x86_64.rpm
 3d2a618e0cc44cf47c0556ce6cc09bd9  2008.0/x86_64/xine-image-1.1.8-4.3mdv2008.0.x86_64.rpm
 14baefc41749868298378b2d637c62b0  2008.0/x86_64/xine-jack-1.1.8-4.3mdv2008.0.x86_64.rpm
 ef3bc2769f717ac9bc6f8a1f6c801f30  2008.0/x86_64/xine-plugins-1.1.8-4.3mdv2008.0.x86_64.rpm
 8296113a6b5db2f3846dd2c28755f583  2008.0/x86_64/xine-pulse-1.1.8-4.3mdv2008.0.x86_64.rpm
 37745a135e8fafd10e31731048d5b58a  2008.0/x86_64/xine-sdl-1.1.8-4.3mdv2008.0.x86_64.rpm
 5493e7511c3b601ffcc0632a8beab66c  2008.0/x86_64/xine-smb-1.1.8-4.3mdv2008.0.x86_64.rpm 
 bc6508f3f527de2c25039bc3bff359d4  2008.0/SRPMS/xine-lib-1.1.8-4.3mdv2008.0.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)

iD8DBQFHtecEmqjQ0CJFipgRAp/oAKDAs0GcPuf5v18wYBF+L2JNUCA4yQCfWnc3
ZNRY5WdeYXIevrA4KN0S9y4=
=x1LB
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ