To: [email protected]Subject: [ MDKSA-2006:121 ] - Updated xine-lib packages fix buffer overflow vulnerability
Date: Wed, 12 Jul 2006 15:03:00 -0600
From: [email protected]
Reply-To: <xsecurity@mandriva.com.>
Message-Id: <E1G0lrI-0002Ey-Gj@mercury.mandriva.com.>
Sender: QATeam User <qateam@mercury.mandriva.com.>
X-Virus-Scanned: antivirus-gw at tyumen.ru
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDKSA-2006:121
http://www.mandriva.com/security/
_______________________________________________________________________
Package : xine-lib
Date : July 12, 2006
Affected: 2006.0, Corporate 3.0
_______________________________________________________________________
Problem Description:
Stack-based buffer overflow in MiMMS 0.0.9 allows remote attackers to cause
a denial of service (application crash) and possibly execute arbitrary code
via the (1) send_command, (2) string_utf16, (3) get_data, and (4)
get_media_packet functions, and possibly other functions. Xine-lib contains
an embedded copy of the same vulnerable code.
The updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2200
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2006.0:
34c23d8a858d2a2687297e25618c7b04 2006.0/RPMS/libxine1-1.1.0-9.6.20060mdk.i586.rpm
57f9a069b8fc968a12ce24605390c1f1 2006.0/RPMS/libxine1-devel-1.1.0-9.6.20060mdk.i586.rpm
7c2652ce586d087793536649d7da6966 2006.0/RPMS/xine-aa-1.1.0-9.6.20060mdk.i586.rpm
37eff9bda8595acfbaf80e0998db1c9e 2006.0/RPMS/xine-arts-1.1.0-9.6.20060mdk.i586.rpm
e5672e6558978051f6878dea6ba961b5 2006.0/RPMS/xine-dxr3-1.1.0-9.6.20060mdk.i586.rpm
6527706516fb99a53f82d2c8c4b2e5f8 2006.0/RPMS/xine-esd-1.1.0-9.6.20060mdk.i586.rpm
10d172825fdd5dd2dd92dfafd5d60e23 2006.0/RPMS/xine-flac-1.1.0-9.6.20060mdk.i586.rpm
87b9a38b877b67f0ac0ee4f58ed50983 2006.0/RPMS/xine-gnomevfs-1.1.0-9.6.20060mdk.i586.rpm
8656ea92b3fca51e2fad861ea963b14d 2006.0/RPMS/xine-image-1.1.0-9.6.20060mdk.i586.rpm
6a538ee35d785dfc7ea64a03c20060da 2006.0/RPMS/xine-plugins-1.1.0-9.6.20060mdk.i586.rpm
9defa64950f2feebab9dda16d35523cb 2006.0/RPMS/xine-polyp-1.1.0-9.6.20060mdk.i586.rpm
d207307cb338b46edd703797b693ea24 2006.0/RPMS/xine-smb-1.1.0-9.6.20060mdk.i586.rpm
4dc1623162c6092eb10c755ed2c5366a 2006.0/SRPMS/xine-lib-1.1.0-9.6.20060mdk.src.rpm
Mandriva Linux 2006.0/X86_64:
8798915891b79ac134565f8ede0653b1 x86_64/2006.0/RPMS/lib64xine1-1.1.0-9.6.20060mdk.x86_64.rpm
dcd2eb828f921b04206124835eeada8e x86_64/2006.0/RPMS/lib64xine1-devel-1.1.0-9.6.20060mdk.x86_64.rpm
a933644c1c56d642a5d576cb217d0356 x86_64/2006.0/RPMS/xine-aa-1.1.0-9.6.20060mdk.x86_64.rpm
238d8526e618dff3aa31e223c14ce432 x86_64/2006.0/RPMS/xine-arts-1.1.0-9.6.20060mdk.x86_64.rpm
d9f0269ae701936ce27b6515e5c73ac1 x86_64/2006.0/RPMS/xine-dxr3-1.1.0-9.6.20060mdk.x86_64.rpm
4683507048ec6535c2c5f63997ec719d x86_64/2006.0/RPMS/xine-esd-1.1.0-9.6.20060mdk.x86_64.rpm
bc649ad82f11c8422f1e9fb711dd4803 x86_64/2006.0/RPMS/xine-flac-1.1.0-9.6.20060mdk.x86_64.rpm
52fe1d4ddeeea6ec91a776ccacf5df19 x86_64/2006.0/RPMS/xine-gnomevfs-1.1.0-9.6.20060mdk.x86_64.rpm
348cc9ecf59e378b3d1c6aa12a35f9b9 x86_64/2006.0/RPMS/xine-image-1.1.0-9.6.20060mdk.x86_64.rpm
d2f2300e0bd4e4e210bbfae485c07624 x86_64/2006.0/RPMS/xine-plugins-1.1.0-9.6.20060mdk.x86_64.rpm
afca19bc708fc5964c19fff3a2d16286 x86_64/2006.0/RPMS/xine-polyp-1.1.0-9.6.20060mdk.x86_64.rpm
ba7c60488a4459066ba4ed08046ce48c x86_64/2006.0/RPMS/xine-smb-1.1.0-9.6.20060mdk.x86_64.rpm
4dc1623162c6092eb10c755ed2c5366a x86_64/2006.0/SRPMS/xine-lib-1.1.0-9.6.20060mdk.src.rpm
Corporate 3.0:
1390c15ca893041af1076e6a02d14f47 corporate/3.0/RPMS/libxine1-1-0.rc3.6.12.C30mdk.i586.rpm
ecc53b859629edd48ef27b477332889e corporate/3.0/RPMS/libxine1-devel-1-0.rc3.6.12.C30mdk.i586.rpm
a4d85795d05266793fa61ba6bc986aa6 corporate/3.0/RPMS/xine-aa-1-0.rc3.6.12.C30mdk.i586.rpm
4dd4249d6b1911501ddcfa1ef36470af corporate/3.0/RPMS/xine-arts-1-0.rc3.6.12.C30mdk.i586.rpm
c9a3f82dad17f32a6ab6c0b1926c52c1 corporate/3.0/RPMS/xine-dxr3-1-0.rc3.6.12.C30mdk.i586.rpm
c40b65dd7cde826b8bfa5fb5720d15ed corporate/3.0/RPMS/xine-esd-1-0.rc3.6.12.C30mdk.i586.rpm
2a257f092fe4b304be7e358230aa0361 corporate/3.0/RPMS/xine-flac-1-0.rc3.6.12.C30mdk.i586.rpm
b04b482c8693272f7ead71ac3ce91e7f corporate/3.0/RPMS/xine-gnomevfs-1-0.rc3.6.12.C30mdk.i586.rpm
ae63549d198004056aacacee5b2ccbef corporate/3.0/RPMS/xine-plugins-1-0.rc3.6.12.C30mdk.i586.rpm
d8fe8f9dff1190413e81e82e67762462 corporate/3.0/SRPMS/xine-lib-1-0.rc3.6.12.C30mdk.src.rpm
Corporate 3.0/X86_64:
aad2ac9345e05d900910b8beade5ff21 x86_64/corporate/3.0/RPMS/lib64xine1-1-0.rc3.6.12.C30mdk.x86_64.rpm
b9540819f0250a2924297ce0388f6202 x86_64/corporate/3.0/RPMS/lib64xine1-devel-1-0.rc3.6.12.C30mdk.x86_64.rpm
53cc9dc911be64bf8764d76262df4a44 x86_64/corporate/3.0/RPMS/xine-aa-1-0.rc3.6.12.C30mdk.x86_64.rpm
280b7a7ceb168225d30eb97e95f45fb6 x86_64/corporate/3.0/RPMS/xine-arts-1-0.rc3.6.12.C30mdk.x86_64.rpm
4e3811096df50e37e6b10f3eedafb0be x86_64/corporate/3.0/RPMS/xine-esd-1-0.rc3.6.12.C30mdk.x86_64.rpm
e1e703b0f81edc6399225c6652049519 x86_64/corporate/3.0/RPMS/xine-flac-1-0.rc3.6.12.C30mdk.x86_64.rpm
14ce60de521e86ae7755c74a3c845d73 x86_64/corporate/3.0/RPMS/xine-gnomevfs-1-0.rc3.6.12.C30mdk.x86_64.rpm
f95f6a3222ef533ea13637cd8d9ff737 x86_64/corporate/3.0/RPMS/xine-plugins-1-0.rc3.6.12.C30mdk.x86_64.rpm
d8fe8f9dff1190413e81e82e67762462 x86_64/corporate/3.0/SRPMS/xine-lib-1-0.rc3.6.12.C30mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFEtTcXmqjQ0CJFipgRAqSMAKCgYu5Rj5uiU1ZXdDurg4O8HjMRoACcDF4O
gECJMRGglbqZVCVnyNwn7NA=
=E8fg
-----END PGP SIGNATURE-----