[Security Announce] [ MDKSA-2006:176 ] - Updated xine-lib packages fix buffer overflow vulnerabilities
Posted on: 09/29/2006 02:15 AM

The Mandriva Security Team published a new security update for Mandriva Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2006:176
http://www.mandriva.com/security/
_______________________________________________________________________

Package : xine-lib
Date : September 28, 2006
Affected: 2006.0, 2007.0, Corporate 3.0
_______________________________________________________________________

Problem Description:

Xine-lib uses an embedded copy of ffmpeg and as such has been updated
to address the following issue: Multiple buffer overflows in
libavcodec in ffmpeg before 0.4.9_p20060530 allow remote attackers to
cause a denial of service or possibly execute arbitrary code via
multiple unspecified vectors in (1) dtsdec.c, (2) vorbis.c, (3) rm.c,
(4)sierravmd.c, (5) smacker.c, (6) tta.c, (7) 4xm.c, (8) alac.c, (9)
cook.c, (10)shorten.c, (11) smacker.c, (12) snow.c, and (13) tta.c.
NOTE: it is likely that this is a different vulnerability than
CVE-2005-4048 and CVE-2006-2802.

Updated packages have been patched to correct this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4800
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2006.0:
d1f80d9b93a76660d51ad5df0c8c2e19 2006.0/i586/libxine1-1.1.0-9.7.20060mdk.i586.rpm
f671d0176cf054d166c1e16e874aaaa2 2006.0/i586/libxine1-devel-1.1.0-9.7.20060mdk.i586.rpm
6f0953a17f812a39f95e3b9287b9e069 2006.0/i586/xine-aa-1.1.0-9.7.20060mdk.i586.rpm
42d3d3fb0dacc20837ce9b29e63ee7b4 2006.0/i586/xine-arts-1.1.0-9.7.20060mdk.i586.rpm
730747a34c5c0b257b491c444e8e5d84 2006.0/i586/xine-dxr3-1.1.0-9.7.20060mdk.i586.rpm
15e53a29ac2538c42ac127004d1ace0a 2006.0/i586/xine-esd-1.1.0-9.7.20060mdk.i586.rpm
9a70a80f3a1bc3cd3d58c21ff84a60bb 2006.0/i586/xine-flac-1.1.0-9.7.20060mdk.i586.rpm
c587a6f90f1e0dae31fd2c168f46f7e0 2006.0/i586/xine-gnomevfs-1.1.0-9.7.20060mdk.i586.rpm
bf556f57f35ae3a70157c925cceeadce 2006.0/i586/xine-image-1.1.0-9.7.20060mdk.i586.rpm
6b902ec1c26032f86733e50c0576db20 2006.0/i586/xine-plugins-1.1.0-9.7.20060mdk.i586.rpm
dc86818eeda6ebe99f4c4736aa26915d 2006.0/i586/xine-polyp-1.1.0-9.7.20060mdk.i586.rpm
0f2d148a0b52157e8598ec42c8f2a3c5 2006.0/i586/xine-smb-1.1.0-9.7.20060mdk.i586.rpm
a1727cb46b7790690d8970371538a767 2006.0/SRPMS/xine-lib-1.1.0-9.7.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
d2072c8ed9dc58f785afa6f091368540 2006.0/x86_64/lib64xine1-1.1.0-9.7.20060mdk.x86_64.rpm
4e89998dece0c89eb08e70ff1c463839 2006.0/x86_64/lib64xine1-devel-1.1.0-9.7.20060mdk.x86_64.rpm
8a85f46ca8642413d262a10ccf9d83f5 2006.0/x86_64/xine-aa-1.1.0-9.7.20060mdk.x86_64.rpm
8d5cf41e362c82ff439ac7f016133e3b 2006.0/x86_64/xine-arts-1.1.0-9.7.20060mdk.x86_64.rpm
59d13f29dce4010c44b7ded12bf72b0c 2006.0/x86_64/xine-dxr3-1.1.0-9.7.20060mdk.x86_64.rpm
ff0e3b94866e27e16c0879466edfe8ad 2006.0/x86_64/xine-esd-1.1.0-9.7.20060mdk.x86_64.rpm
dbe2fc276bb83ebadcd60ffe65695600 2006.0/x86_64/xine-flac-1.1.0-9.7.20060mdk.x86_64.rpm
399b3cf66525e55b29efdd7ab2d16f4e 2006.0/x86_64/xine-gnomevfs-1.1.0-9.7.20060mdk.x86_64.rpm
585d0753c5465c3be61374c633b9a849 2006.0/x86_64/xine-image-1.1.0-9.7.20060mdk.x86_64.rpm
caa986167205f61d3b2cd332de8f9ea9 2006.0/x86_64/xine-plugins-1.1.0-9.7.20060mdk.x86_64.rpm
4c8105732f02c99499743baf3a8bee82 2006.0/x86_64/xine-polyp-1.1.0-9.7.20060mdk.x86_64.rpm
92849a576e00179b379d46ad09ef69c6 2006.0/x86_64/xine-smb-1.1.0-9.7.20060mdk.x86_64.rpm
a1727cb46b7790690d8970371538a767 2006.0/SRPMS/xine-lib-1.1.0-9.7.20060mdk.src.rpm

Mandriva Linux 2007.0:
d404c25c046cb8a33c8ad0e2b2072754 2007.0/i586/libxine1-1.1.2-3.1mdv2007.0.i586.rpm
5cc4212e46690c5910f11bb574e073d3 2007.0/i586/libxine1-devel-1.1.2-3.1mdv2007.0.i586.rpm
ac59fa02078f3989ceb189b96cdef41f 2007.0/i586/xine-aa-1.1.2-3.1mdv2007.0.i586.rpm
86efab30b6c71cb3847b5229ca1067ca 2007.0/i586/xine-arts-1.1.2-3.1mdv2007.0.i586.rpm
3d731488c545b27e1295e758e3f674ac 2007.0/i586/xine-dxr3-1.1.2-3.1mdv2007.0.i586.rpm
c85c713e002fe6009eef3a8ce191ca73 2007.0/i586/xine-esd-1.1.2-3.1mdv2007.0.i586.rpm
af8bf9bd553334e8bce2dbc257fb2ce9 2007.0/i586/xine-flac-1.1.2-3.1mdv2007.0.i586.rpm
8da4facf9142237c874da9790f44e014 2007.0/i586/xine-gnomevfs-1.1.2-3.1mdv2007.0.i586.rpm
da7022eb9498f9dba321893fc35378a4 2007.0/i586/xine-image-1.1.2-3.1mdv2007.0.i586.rpm
6dfe4067a98de2e9344752ec369149bb 2007.0/i586/xine-plugins-1.1.2-3.1mdv2007.0.i586.rpm
89a7386ed3c2b821f9dd2715d23699c2 2007.0/i586/xine-sdl-1.1.2-3.1mdv2007.0.i586.rpm
6a8c17bd9d98744c57ddb5b12d78d197 2007.0/i586/xine-smb-1.1.2-3.1mdv2007.0.i586.rpm
eb3473147c0d7cdfa3b0d48ff37dc61a 2007.0/SRPMS/xine-lib-1.1.2-3.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
bdd79df2e0097f84a2f5772c4ca6136f 2007.0/x86_64/lib64xine1-1.1.2-3.1mdv2007.0.x86_64.rpm
6ba8f3c17541fd13ac77d55120758042 2007.0/x86_64/lib64xine1-devel-1.1.2-3.1mdv2007.0.x86_64.rpm
d71799253d4c012e1e3f64d3bc58d7cc 2007.0/x86_64/xine-aa-1.1.2-3.1mdv2007.0.x86_64.rpm
9d39171f79b30e7eb4c8ca2370e483b5 2007.0/x86_64/xine-arts-1.1.2-3.1mdv2007.0.x86_64.rpm
246c0799945641ea013cc41b5409deea 2007.0/x86_64/xine-dxr3-1.1.2-3.1mdv2007.0.x86_64.rpm
dcc81b8d0ba73799019e2d8638d5ec20 2007.0/x86_64/xine-esd-1.1.2-3.1mdv2007.0.x86_64.rpm
f3d6cf4c186265c72b235bf20817de9d 2007.0/x86_64/xine-flac-1.1.2-3.1mdv2007.0.x86_64.rpm
57684a9c46601d685fb2a00bdc01eddd 2007.0/x86_64/xine-gnomevfs-1.1.2-3.1mdv2007.0.x86_64.rpm
fdf75b1bcaecb2f49fddd40d96a75ea7 2007.0/x86_64/xine-image-1.1.2-3.1mdv2007.0.x86_64.rpm
3c8f9ab5f54574b6c1ac04e494597631 2007.0/x86_64/xine-plugins-1.1.2-3.1mdv2007.0.x86_64.rpm
fa5133b6f2543e6de6425efcbd7cd435 2007.0/x86_64/xine-sdl-1.1.2-3.1mdv2007.0.x86_64.rpm
fd42d77bf716df6f53fb3dd4093bdafc 2007.0/x86_64/xine-smb-1.1.2-3.1mdv2007.0.x86_64.rpm
eb3473147c0d7cdfa3b0d48ff37dc61a 2007.0/SRPMS/xine-lib-1.1.2-3.1mdv2007.0.src.rpm

Corporate 3.0:
db41592447e7e73730797aa9bf498ad5 corporate/3.0/i586/libxine1-1-0.rc3.6.13.C30mdk.i586.rpm
84b3f62d20a29c48e8e910b6316bcfb5 corporate/3.0/i586/libxine1-devel-1-0.rc3.6.13.C30mdk.i586.rpm
f805b3d9402c19ab772f80b2e8b1eafc corporate/3.0/i586/xine-aa-1-0.rc3.6.13.C30mdk.i586.rpm
8825c4a718b38706da515ec6c35ccaba corporate/3.0/i586/xine-arts-1-0.rc3.6.13.C30mdk.i586.rpm
261649da7010f98bff6a83e690f9c7cc corporate/3.0/i586/xine-dxr3-1-0.rc3.6.13.C30mdk.i586.rpm
f38a295e8a8fb8c61d7dfd607498c0ad corporate/3.0/i586/xine-esd-1-0.rc3.6.13.C30mdk.i586.rpm
5a06155242921b82936a1e727ae0f95d corporate/3.0/i586/xine-flac-1-0.rc3.6.13.C30mdk.i586.rpm
e50866249d9ceacc9a487ea9d7ae42d6 corporate/3.0/i586/xine-gnomevfs-1-0.rc3.6.13.C30mdk.i586.rpm
9c9ddb6cbd1c57cb8f31a29214666b78 corporate/3.0/i586/xine-plugins-1-0.rc3.6.13.C30mdk.i586.rpm
6c87980235f4aaeedb8671384c8542a7 corporate/3.0/SRPMS/xine-lib-1-0.rc3.6.13.C30mdk.src.rpm

Corporate 3.0/X86_64:
3f2792ec38f9f9327a8de63d0d0fa675 corporate/3.0/x86_64/lib64xine1-1-0.rc3.6.13.C30mdk.x86_64.rpm
6c9491f30d6ba186d65e287bc86ad48f corporate/3.0/x86_64/lib64xine1-devel-1-0.rc3.6.13.C30mdk.x86_64.rpm
83629afd6aa2e9abeb479e7bf8abd969 corporate/3.0/x86_64/xine-aa-1-0.rc3.6.13.C30mdk.x86_64.rpm
bcd60c934b0c514a0e3f877c616b1582 corporate/3.0/x86_64/xine-arts-1-0.rc3.6.13.C30mdk.x86_64.rpm
1ba79beb8e795aefa83a5033e78cd5a8 corporate/3.0/x86_64/xine-esd-1-0.rc3.6.13.C30mdk.x86_64.rpm
43c80a0e726695afe9e9e22fb11e7ceb corporate/3.0/x86_64/xine-flac-1-0.rc3.6.13.C30mdk.x86_64.rpm
f20e49f4a5b8ee79172b2c2b153f7d9b corporate/3.0/x86_64/xine-gnomevfs-1-0.rc3.6.13.C30mdk.x86_64.rpm
bea5d059056a9771172fc3b25c04ac5a corporate/3.0/x86_64/xine-plugins-1-0.rc3.6.13.C30mdk.x86_64.rpm
6c87980235f4aaeedb8671384c8542a7 corporate/3.0/SRPMS/xine-lib-1-0.rc3.6.13.C30mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
lt;security*mandriva.comgt;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFHDosmqjQ0CJFipgRAvIwAJ9ksuDWipI2eiizX1c1z63pikV6ZgCglg46
5adSZ8Y+mHDBnF10FxZxh6Q=
=Eqae
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/security_announce_mdksa_2006176__updated_xine_lib_packages_fix_buffer_overflow_vulnerabilities.html)