[<prev] [next>] [day] [month] [year] [list]
Message-id: <E1KC0Qe-0005RX-Ht@titan.mandriva.com>
Date: Thu, 26 Jun 2008 16:59:00 -0600
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2008:124 ] - Updated xine-lib packages
fix vulnerability in Speex decoder
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2008:124
http://www.mandriva.com/security/
_______________________________________________________________________
Package : xine-lib
Date : June 26, 2008
Affected: 2008.0, 2008.1
_______________________________________________________________________
Problem Description:
A vulnerability in the Speex library was found where it did not
properly validate input values read from the Speex files headers.
An attacker could create a malicious Speex file that would crash an
application or potentially allow the execution of arbitrary code
with the privileges of the application calling the Speex library
(CVE-2008-1686).
Xine-lib is similarly affected by this issue.
As well, the previous version of xine as provided in Mandriva Linux
2008.1 would crash when playing matroska files, and a regression was
introduced that prevented Amarok from playing m4a files.
The updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1686
http://qa.mandriva.com/show_bug.cgi?id=39768
http://qa.mandriva.com/show_bug.cgi?id=40928
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.0:
ad845d6dc3353c1ca97f5aa95d992ff1 2008.0/i586/libxine1-1.1.8-4.6mdv2008.0.i586.rpm
ae9a07c197291e8a274a276946c5b757 2008.0/i586/libxine-devel-1.1.8-4.6mdv2008.0.i586.rpm
b9b9ce8553746b0628b4183ea2ce4b6d 2008.0/i586/xine-aa-1.1.8-4.6mdv2008.0.i586.rpm
17c32afdfbde86f0f31097f984177d65 2008.0/i586/xine-caca-1.1.8-4.6mdv2008.0.i586.rpm
fbd3c46574aa4ffbe8cb406c4dc88417 2008.0/i586/xine-dxr3-1.1.8-4.6mdv2008.0.i586.rpm
f9d4d16bb9f172cf493b739bb454e9df 2008.0/i586/xine-esd-1.1.8-4.6mdv2008.0.i586.rpm
558accfe2cc33255ccad98d6a8441064 2008.0/i586/xine-flac-1.1.8-4.6mdv2008.0.i586.rpm
264cc6cdbce7b1f6c83e343c187cb509 2008.0/i586/xine-gnomevfs-1.1.8-4.6mdv2008.0.i586.rpm
2aed56b1bbd7a6c3354fe75f53b4f3e2 2008.0/i586/xine-image-1.1.8-4.6mdv2008.0.i586.rpm
e05266e2becad52ebda0cb8c02ae13b3 2008.0/i586/xine-jack-1.1.8-4.6mdv2008.0.i586.rpm
016e9b18b74eed89bf2f200e7174b3cb 2008.0/i586/xine-plugins-1.1.8-4.6mdv2008.0.i586.rpm
b3346291b6428d1add2fa62055cd492a 2008.0/i586/xine-pulse-1.1.8-4.6mdv2008.0.i586.rpm
12346f664080c9cf162f235de7f91ad4 2008.0/i586/xine-sdl-1.1.8-4.6mdv2008.0.i586.rpm
36965664cca748ae612cc6d178122ae8 2008.0/i586/xine-smb-1.1.8-4.6mdv2008.0.i586.rpm
ac597fd40a0b449cd4f1692ccb759572 2008.0/SRPMS/xine-lib-1.1.8-4.6mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
b1cb0d0f17d17c4c82040f8688019578 2008.0/x86_64/lib64xine1-1.1.8-4.6mdv2008.0.x86_64.rpm
ea2ea3354c51cb308334b5ba29e23a18 2008.0/x86_64/lib64xine-devel-1.1.8-4.6mdv2008.0.x86_64.rpm
624b0ccb940a022fd4aeda527df52bf5 2008.0/x86_64/xine-aa-1.1.8-4.6mdv2008.0.x86_64.rpm
c50654970f441adf19bb3df7b63552a9 2008.0/x86_64/xine-caca-1.1.8-4.6mdv2008.0.x86_64.rpm
1dc6495f61075962070fa17686ab4672 2008.0/x86_64/xine-dxr3-1.1.8-4.6mdv2008.0.x86_64.rpm
90f792c06169cb9856a4fc5ff3755107 2008.0/x86_64/xine-esd-1.1.8-4.6mdv2008.0.x86_64.rpm
00caa1c8cfd859ced79bd4917306aa5f 2008.0/x86_64/xine-flac-1.1.8-4.6mdv2008.0.x86_64.rpm
5c03fc3b2167d7a10d6fbb63011bfb76 2008.0/x86_64/xine-gnomevfs-1.1.8-4.6mdv2008.0.x86_64.rpm
df2406c34d7d157d3eaaa644b07833c1 2008.0/x86_64/xine-image-1.1.8-4.6mdv2008.0.x86_64.rpm
76983bf74762c4bd66f849823ac2f553 2008.0/x86_64/xine-jack-1.1.8-4.6mdv2008.0.x86_64.rpm
dd31feadafd83e1f454627064ebca047 2008.0/x86_64/xine-plugins-1.1.8-4.6mdv2008.0.x86_64.rpm
458aeeac225e2c46dcda2a7f5e74701a 2008.0/x86_64/xine-pulse-1.1.8-4.6mdv2008.0.x86_64.rpm
fac50b5c5b9de0862c01344e7a6c0be6 2008.0/x86_64/xine-sdl-1.1.8-4.6mdv2008.0.x86_64.rpm
bf1935546d1de8e7df0c05076a1605bd 2008.0/x86_64/xine-smb-1.1.8-4.6mdv2008.0.x86_64.rpm
ac597fd40a0b449cd4f1692ccb759572 2008.0/SRPMS/xine-lib-1.1.8-4.6mdv2008.0.src.rpm
Mandriva Linux 2008.1:
eeb22b316f3d0bdd9955b5a2ca0c2b03 2008.1/i586/libxine1-1.1.11.1-4.1mdv2008.1.i586.rpm
69c0fbda734b369c97681226b81e2222 2008.1/i586/libxine-devel-1.1.11.1-4.1mdv2008.1.i586.rpm
11bb713825922a33db78225abc311aac 2008.1/i586/xine-aa-1.1.11.1-4.1mdv2008.1.i586.rpm
aaee08af70d438550e402189d0234cec 2008.1/i586/xine-caca-1.1.11.1-4.1mdv2008.1.i586.rpm
c803ac9dc7d0cf116bc10c5f14b8ed2e 2008.1/i586/xine-dxr3-1.1.11.1-4.1mdv2008.1.i586.rpm
e3c997f1133f1771135e547555e1ca59 2008.1/i586/xine-esd-1.1.11.1-4.1mdv2008.1.i586.rpm
ce3a12266a4f02ce88cc722e4a1d6b37 2008.1/i586/xine-flac-1.1.11.1-4.1mdv2008.1.i586.rpm
2e8612901990c5cd3fcb914c4acef7ec 2008.1/i586/xine-gnomevfs-1.1.11.1-4.1mdv2008.1.i586.rpm
dc3cd131c7b7f78bc30b59fe8c16644f 2008.1/i586/xine-image-1.1.11.1-4.1mdv2008.1.i586.rpm
22535a08aabcd7b2966d19d06c6e902f 2008.1/i586/xine-jack-1.1.11.1-4.1mdv2008.1.i586.rpm
eb17455995a3d8c43ff5ce8f33874f5a 2008.1/i586/xine-plugins-1.1.11.1-4.1mdv2008.1.i586.rpm
3cf5abf164c2eb4669d693bc8045e0eb 2008.1/i586/xine-pulse-1.1.11.1-4.1mdv2008.1.i586.rpm
2a2cb49ab2e45a345ee21742f151e58f 2008.1/i586/xine-sdl-1.1.11.1-4.1mdv2008.1.i586.rpm
14928bb6d625aa65130be890b27745e0 2008.1/i586/xine-smb-1.1.11.1-4.1mdv2008.1.i586.rpm
943a02cdd396ac7645622dff0eeec140 2008.1/i586/xine-wavpack-1.1.11.1-4.1mdv2008.1.i586.rpm
c0d83761ba92778f6dbc87e581119a71 2008.1/SRPMS/xine-lib-1.1.11.1-4.1mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64:
d1ac37f198a848d49cda7880dcc23102 2008.1/x86_64/lib64xine1-1.1.11.1-4.1mdv2008.1.x86_64.rpm
ea6903d6592b1d5922a102a93ca6ea99 2008.1/x86_64/lib64xine-devel-1.1.11.1-4.1mdv2008.1.x86_64.rpm
9e90e2ad00a78832bd578fc15f9f8b13 2008.1/x86_64/xine-aa-1.1.11.1-4.1mdv2008.1.x86_64.rpm
6ae941e81d86abf75b39d7006dc9734d 2008.1/x86_64/xine-caca-1.1.11.1-4.1mdv2008.1.x86_64.rpm
a59961f56512404d607efacffa5793c4 2008.1/x86_64/xine-dxr3-1.1.11.1-4.1mdv2008.1.x86_64.rpm
01f42963ea50d644e7351790b8a24b94 2008.1/x86_64/xine-esd-1.1.11.1-4.1mdv2008.1.x86_64.rpm
d7c790f3019049aaf14714f38b3d81ac 2008.1/x86_64/xine-flac-1.1.11.1-4.1mdv2008.1.x86_64.rpm
2c12d76b5848845ad4de5c1bdf7a32ad 2008.1/x86_64/xine-gnomevfs-1.1.11.1-4.1mdv2008.1.x86_64.rpm
628ae9d2ac10eaf6d3b02dd0ba2abcae 2008.1/x86_64/xine-image-1.1.11.1-4.1mdv2008.1.x86_64.rpm
c008ce2ab72809ab87d93c23deb4d195 2008.1/x86_64/xine-jack-1.1.11.1-4.1mdv2008.1.x86_64.rpm
559544de22e927b9d28d244b029e0d54 2008.1/x86_64/xine-plugins-1.1.11.1-4.1mdv2008.1.x86_64.rpm
24b4fe41ecaf1f4d91ecbce88ab61b67 2008.1/x86_64/xine-pulse-1.1.11.1-4.1mdv2008.1.x86_64.rpm
64ba32889ddf4c0c9664d49b06efe607 2008.1/x86_64/xine-sdl-1.1.11.1-4.1mdv2008.1.x86_64.rpm
8867bb990ec77a42ea20886d3500d94d 2008.1/x86_64/xine-smb-1.1.11.1-4.1mdv2008.1.x86_64.rpm
b10ee4d5faa7e8379d0d9cb6d02c74f1 2008.1/x86_64/xine-wavpack-1.1.11.1-4.1mdv2008.1.x86_64.rpm
c0d83761ba92778f6dbc87e581119a71 2008.1/SRPMS/xine-lib-1.1.11.1-4.1mdv2008.1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFIY/TZmqjQ0CJFipgRAjh9AJ908v/XFv77z2Mtn+TOViX70b6pFQCgxsvQ
r32dc/MX7NEK0SjVT6EvrD8=
=d+Iw
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists