lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1KW0u1-0004KO-Hy@titan.mandriva.com>
Date: Wed, 20 Aug 2008 21:32:01 -0600
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2008:177 ] xine-lib


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2008:177
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : xine-lib
 Date    : August 20, 2008
 Affected: 2008.1
 _______________________________________________________________________

 Problem Description:

 Guido Landi found A stack-based buffer overflow in xine-lib
 that could allow a remote attacker to cause a denial of service
 (crash) and potentially execute arbitrary code via a long NSF title
 (CVE-2008-1878).
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1878
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.1:
 10db71c6a43508d36ba8d93f290f72d6  2008.1/i586/libxine1-1.1.11.1-4.2mdv2008.1.i586.rpm
 106e82cbd1e2ed40f533fe6d28f2ccfb  2008.1/i586/libxine-devel-1.1.11.1-4.2mdv2008.1.i586.rpm
 80f94cbfc8be99ea04de884066a5b95e  2008.1/i586/xine-aa-1.1.11.1-4.2mdv2008.1.i586.rpm
 9d42258f0e3ae0128d054ae53805cbd8  2008.1/i586/xine-caca-1.1.11.1-4.2mdv2008.1.i586.rpm
 31d7177e7ae1b81e89fc28811ba4567e  2008.1/i586/xine-dxr3-1.1.11.1-4.2mdv2008.1.i586.rpm
 b0a98953adc702b1921135412ad603cd  2008.1/i586/xine-esd-1.1.11.1-4.2mdv2008.1.i586.rpm
 086ee1475478bd3e64a3dc4b9f677dcd  2008.1/i586/xine-flac-1.1.11.1-4.2mdv2008.1.i586.rpm
 43e7881b465be3ed1df25247af758692  2008.1/i586/xine-gnomevfs-1.1.11.1-4.2mdv2008.1.i586.rpm
 e07999dc5149e38ed39a778e46298523  2008.1/i586/xine-image-1.1.11.1-4.2mdv2008.1.i586.rpm
 fdc64b384993234582716d49beadd3e0  2008.1/i586/xine-jack-1.1.11.1-4.2mdv2008.1.i586.rpm
 6ec501e08df57145bcf1eeb4730f43dd  2008.1/i586/xine-plugins-1.1.11.1-4.2mdv2008.1.i586.rpm
 6d0a6630688d65cad364fb4b60449867  2008.1/i586/xine-pulse-1.1.11.1-4.2mdv2008.1.i586.rpm
 cb42e25b94a5c6bbf640878cedef4ab1  2008.1/i586/xine-sdl-1.1.11.1-4.2mdv2008.1.i586.rpm
 61dc627d3b187ba4cf0281b956b7fa56  2008.1/i586/xine-smb-1.1.11.1-4.2mdv2008.1.i586.rpm
 b032fa9c5083bcc6130b550983efb024  2008.1/i586/xine-wavpack-1.1.11.1-4.2mdv2008.1.i586.rpm 
 b8c89ebf6906c01d471205934bcdcfd3  2008.1/SRPMS/xine-lib-1.1.11.1-4.2mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 a9ff3e2ff6df1a32a53f5c18d4f0385a  2008.1/x86_64/lib64xine1-1.1.11.1-4.2mdv2008.1.x86_64.rpm
 87c32e02d5cd1fb408e934a2dc3007ba  2008.1/x86_64/lib64xine-devel-1.1.11.1-4.2mdv2008.1.x86_64.rpm
 59375c9ce1868bb410b03851d6798718  2008.1/x86_64/xine-aa-1.1.11.1-4.2mdv2008.1.x86_64.rpm
 f45bcfce4d66d8a2b683371dd7030e37  2008.1/x86_64/xine-caca-1.1.11.1-4.2mdv2008.1.x86_64.rpm
 4775483c71308e162ef87b99ac303d90  2008.1/x86_64/xine-dxr3-1.1.11.1-4.2mdv2008.1.x86_64.rpm
 bdb716d2e1bd7477a78cba9725b93b90  2008.1/x86_64/xine-esd-1.1.11.1-4.2mdv2008.1.x86_64.rpm
 5bfe733f4a30232c91c573238fc3beb2  2008.1/x86_64/xine-flac-1.1.11.1-4.2mdv2008.1.x86_64.rpm
 7ac3d2c4b723f5e72727d8719d50b35c  2008.1/x86_64/xine-gnomevfs-1.1.11.1-4.2mdv2008.1.x86_64.rpm
 401c5dbc008597aa06774b3eeb02e57d  2008.1/x86_64/xine-image-1.1.11.1-4.2mdv2008.1.x86_64.rpm
 2957efe6941036a9f97621068587614f  2008.1/x86_64/xine-jack-1.1.11.1-4.2mdv2008.1.x86_64.rpm
 acdba1ff341e79ce14b31aeecfb5d573  2008.1/x86_64/xine-plugins-1.1.11.1-4.2mdv2008.1.x86_64.rpm
 0b5a46d078f22d304e413e7772992903  2008.1/x86_64/xine-pulse-1.1.11.1-4.2mdv2008.1.x86_64.rpm
 312ef813d09a5dfd7456e9a3a500fc06  2008.1/x86_64/xine-sdl-1.1.11.1-4.2mdv2008.1.x86_64.rpm
 ad61d3fd3e66e92f18464e5622cba4c3  2008.1/x86_64/xine-smb-1.1.11.1-4.2mdv2008.1.x86_64.rpm
 74380a1f6f47ae4ba8f88031b39304a5  2008.1/x86_64/xine-wavpack-1.1.11.1-4.2mdv2008.1.x86_64.rpm 
 b8c89ebf6906c01d471205934bcdcfd3  2008.1/SRPMS/xine-lib-1.1.11.1-4.2mdv2008.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFIrLcLmqjQ0CJFipgRAp23AJ49CR1uJr/8p9/aV9YmWSCeR7C0iwCg4QCI
bvyTd48CZg+Yaqi3nHJHXU4=
=CBFe
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ