lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-id: <E1KC0Qe-0005RX-Ht@titan.mandriva.com>
Date: Thu, 26 Jun 2008 16:59:00 -0600
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2008:124 ] - Updated xine-lib packages
 fix vulnerability in Speex decoder


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDVSA-2008:124
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : xine-lib
 Date    : June 26, 2008
 Affected: 2008.0, 2008.1
 _______________________________________________________________________
 
 Problem Description:
 
 A vulnerability in the Speex library was found where it did not
 properly validate input values read from the Speex files headers.
 An attacker could create a malicious Speex file that would crash an
 application or potentially allow the execution of arbitrary code
 with the privileges of the application calling the Speex library
 (CVE-2008-1686).
 
 Xine-lib is similarly affected by this issue.
 
 As well, the previous version of xine as provided in Mandriva Linux
 2008.1 would crash when playing matroska files, and a regression was
 introduced that prevented Amarok from playing m4a files.
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1686
 http://qa.mandriva.com/show_bug.cgi?id=39768
 http://qa.mandriva.com/show_bug.cgi?id=40928
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2008.0:
 ad845d6dc3353c1ca97f5aa95d992ff1  2008.0/i586/libxine1-1.1.8-4.6mdv2008.0.i586.rpm
 ae9a07c197291e8a274a276946c5b757  2008.0/i586/libxine-devel-1.1.8-4.6mdv2008.0.i586.rpm
 b9b9ce8553746b0628b4183ea2ce4b6d  2008.0/i586/xine-aa-1.1.8-4.6mdv2008.0.i586.rpm
 17c32afdfbde86f0f31097f984177d65  2008.0/i586/xine-caca-1.1.8-4.6mdv2008.0.i586.rpm
 fbd3c46574aa4ffbe8cb406c4dc88417  2008.0/i586/xine-dxr3-1.1.8-4.6mdv2008.0.i586.rpm
 f9d4d16bb9f172cf493b739bb454e9df  2008.0/i586/xine-esd-1.1.8-4.6mdv2008.0.i586.rpm
 558accfe2cc33255ccad98d6a8441064  2008.0/i586/xine-flac-1.1.8-4.6mdv2008.0.i586.rpm
 264cc6cdbce7b1f6c83e343c187cb509  2008.0/i586/xine-gnomevfs-1.1.8-4.6mdv2008.0.i586.rpm
 2aed56b1bbd7a6c3354fe75f53b4f3e2  2008.0/i586/xine-image-1.1.8-4.6mdv2008.0.i586.rpm
 e05266e2becad52ebda0cb8c02ae13b3  2008.0/i586/xine-jack-1.1.8-4.6mdv2008.0.i586.rpm
 016e9b18b74eed89bf2f200e7174b3cb  2008.0/i586/xine-plugins-1.1.8-4.6mdv2008.0.i586.rpm
 b3346291b6428d1add2fa62055cd492a  2008.0/i586/xine-pulse-1.1.8-4.6mdv2008.0.i586.rpm
 12346f664080c9cf162f235de7f91ad4  2008.0/i586/xine-sdl-1.1.8-4.6mdv2008.0.i586.rpm
 36965664cca748ae612cc6d178122ae8  2008.0/i586/xine-smb-1.1.8-4.6mdv2008.0.i586.rpm 
 ac597fd40a0b449cd4f1692ccb759572  2008.0/SRPMS/xine-lib-1.1.8-4.6mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 b1cb0d0f17d17c4c82040f8688019578  2008.0/x86_64/lib64xine1-1.1.8-4.6mdv2008.0.x86_64.rpm
 ea2ea3354c51cb308334b5ba29e23a18  2008.0/x86_64/lib64xine-devel-1.1.8-4.6mdv2008.0.x86_64.rpm
 624b0ccb940a022fd4aeda527df52bf5  2008.0/x86_64/xine-aa-1.1.8-4.6mdv2008.0.x86_64.rpm
 c50654970f441adf19bb3df7b63552a9  2008.0/x86_64/xine-caca-1.1.8-4.6mdv2008.0.x86_64.rpm
 1dc6495f61075962070fa17686ab4672  2008.0/x86_64/xine-dxr3-1.1.8-4.6mdv2008.0.x86_64.rpm
 90f792c06169cb9856a4fc5ff3755107  2008.0/x86_64/xine-esd-1.1.8-4.6mdv2008.0.x86_64.rpm
 00caa1c8cfd859ced79bd4917306aa5f  2008.0/x86_64/xine-flac-1.1.8-4.6mdv2008.0.x86_64.rpm
 5c03fc3b2167d7a10d6fbb63011bfb76  2008.0/x86_64/xine-gnomevfs-1.1.8-4.6mdv2008.0.x86_64.rpm
 df2406c34d7d157d3eaaa644b07833c1  2008.0/x86_64/xine-image-1.1.8-4.6mdv2008.0.x86_64.rpm
 76983bf74762c4bd66f849823ac2f553  2008.0/x86_64/xine-jack-1.1.8-4.6mdv2008.0.x86_64.rpm
 dd31feadafd83e1f454627064ebca047  2008.0/x86_64/xine-plugins-1.1.8-4.6mdv2008.0.x86_64.rpm
 458aeeac225e2c46dcda2a7f5e74701a  2008.0/x86_64/xine-pulse-1.1.8-4.6mdv2008.0.x86_64.rpm
 fac50b5c5b9de0862c01344e7a6c0be6  2008.0/x86_64/xine-sdl-1.1.8-4.6mdv2008.0.x86_64.rpm
 bf1935546d1de8e7df0c05076a1605bd  2008.0/x86_64/xine-smb-1.1.8-4.6mdv2008.0.x86_64.rpm 
 ac597fd40a0b449cd4f1692ccb759572  2008.0/SRPMS/xine-lib-1.1.8-4.6mdv2008.0.src.rpm

 Mandriva Linux 2008.1:
 eeb22b316f3d0bdd9955b5a2ca0c2b03  2008.1/i586/libxine1-1.1.11.1-4.1mdv2008.1.i586.rpm
 69c0fbda734b369c97681226b81e2222  2008.1/i586/libxine-devel-1.1.11.1-4.1mdv2008.1.i586.rpm
 11bb713825922a33db78225abc311aac  2008.1/i586/xine-aa-1.1.11.1-4.1mdv2008.1.i586.rpm
 aaee08af70d438550e402189d0234cec  2008.1/i586/xine-caca-1.1.11.1-4.1mdv2008.1.i586.rpm
 c803ac9dc7d0cf116bc10c5f14b8ed2e  2008.1/i586/xine-dxr3-1.1.11.1-4.1mdv2008.1.i586.rpm
 e3c997f1133f1771135e547555e1ca59  2008.1/i586/xine-esd-1.1.11.1-4.1mdv2008.1.i586.rpm
 ce3a12266a4f02ce88cc722e4a1d6b37  2008.1/i586/xine-flac-1.1.11.1-4.1mdv2008.1.i586.rpm
 2e8612901990c5cd3fcb914c4acef7ec  2008.1/i586/xine-gnomevfs-1.1.11.1-4.1mdv2008.1.i586.rpm
 dc3cd131c7b7f78bc30b59fe8c16644f  2008.1/i586/xine-image-1.1.11.1-4.1mdv2008.1.i586.rpm
 22535a08aabcd7b2966d19d06c6e902f  2008.1/i586/xine-jack-1.1.11.1-4.1mdv2008.1.i586.rpm
 eb17455995a3d8c43ff5ce8f33874f5a  2008.1/i586/xine-plugins-1.1.11.1-4.1mdv2008.1.i586.rpm
 3cf5abf164c2eb4669d693bc8045e0eb  2008.1/i586/xine-pulse-1.1.11.1-4.1mdv2008.1.i586.rpm
 2a2cb49ab2e45a345ee21742f151e58f  2008.1/i586/xine-sdl-1.1.11.1-4.1mdv2008.1.i586.rpm
 14928bb6d625aa65130be890b27745e0  2008.1/i586/xine-smb-1.1.11.1-4.1mdv2008.1.i586.rpm
 943a02cdd396ac7645622dff0eeec140  2008.1/i586/xine-wavpack-1.1.11.1-4.1mdv2008.1.i586.rpm 
 c0d83761ba92778f6dbc87e581119a71  2008.1/SRPMS/xine-lib-1.1.11.1-4.1mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 d1ac37f198a848d49cda7880dcc23102  2008.1/x86_64/lib64xine1-1.1.11.1-4.1mdv2008.1.x86_64.rpm
 ea6903d6592b1d5922a102a93ca6ea99  2008.1/x86_64/lib64xine-devel-1.1.11.1-4.1mdv2008.1.x86_64.rpm
 9e90e2ad00a78832bd578fc15f9f8b13  2008.1/x86_64/xine-aa-1.1.11.1-4.1mdv2008.1.x86_64.rpm
 6ae941e81d86abf75b39d7006dc9734d  2008.1/x86_64/xine-caca-1.1.11.1-4.1mdv2008.1.x86_64.rpm
 a59961f56512404d607efacffa5793c4  2008.1/x86_64/xine-dxr3-1.1.11.1-4.1mdv2008.1.x86_64.rpm
 01f42963ea50d644e7351790b8a24b94  2008.1/x86_64/xine-esd-1.1.11.1-4.1mdv2008.1.x86_64.rpm
 d7c790f3019049aaf14714f38b3d81ac  2008.1/x86_64/xine-flac-1.1.11.1-4.1mdv2008.1.x86_64.rpm
 2c12d76b5848845ad4de5c1bdf7a32ad  2008.1/x86_64/xine-gnomevfs-1.1.11.1-4.1mdv2008.1.x86_64.rpm
 628ae9d2ac10eaf6d3b02dd0ba2abcae  2008.1/x86_64/xine-image-1.1.11.1-4.1mdv2008.1.x86_64.rpm
 c008ce2ab72809ab87d93c23deb4d195  2008.1/x86_64/xine-jack-1.1.11.1-4.1mdv2008.1.x86_64.rpm
 559544de22e927b9d28d244b029e0d54  2008.1/x86_64/xine-plugins-1.1.11.1-4.1mdv2008.1.x86_64.rpm
 24b4fe41ecaf1f4d91ecbce88ab61b67  2008.1/x86_64/xine-pulse-1.1.11.1-4.1mdv2008.1.x86_64.rpm
 64ba32889ddf4c0c9664d49b06efe607  2008.1/x86_64/xine-sdl-1.1.11.1-4.1mdv2008.1.x86_64.rpm
 8867bb990ec77a42ea20886d3500d94d  2008.1/x86_64/xine-smb-1.1.11.1-4.1mdv2008.1.x86_64.rpm
 b10ee4d5faa7e8379d0d9cb6d02c74f1  2008.1/x86_64/xine-wavpack-1.1.11.1-4.1mdv2008.1.x86_64.rpm 
 c0d83761ba92778f6dbc87e581119a71  2008.1/SRPMS/xine-lib-1.1.11.1-4.1mdv2008.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFIY/TZmqjQ0CJFipgRAjh9AJ908v/XFv77z2Mtn+TOViX70b6pFQCgxsvQ
r32dc/MX7NEK0SjVT6EvrD8=
=d+Iw
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ