[Security Announce] [ MDKSA-2006:224 ] - Updated xine-lib packages fix buffer overflow vulnerability
Posted on: 12/06/2006 10:20 AM

The Mandriva Security Team published a new security update for Mandriva Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2006:224
http://www.mandriva.com/security/
_______________________________________________________________________

Package : xine-lib
Date : December 5, 2006
Affected: 2007.0, Corporate 3.0
_______________________________________________________________________

Problem Description:

Buffer overflow in the asmrp_eval function for the Real Media input
plugin allows remote attackers to cause a denial of service and
possibly execute arbitrary code via a rulebook with a large number of
rulematches.

Updated packages have been patched to correct this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6172
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2007.0:
b0aa36d10d1ee53184b345c4a48b6fcb 2007.0/i586/libxine1-1.1.2-3.2mdv2007.0.i586.rpm
0c67ca2d47ea5594d2978573205c158f 2007.0/i586/libxine1-devel-1.1.2-3.2mdv2007.0.i586.rpm
ee79849493b4b40f207e0e135dc9f4ca 2007.0/i586/xine-aa-1.1.2-3.2mdv2007.0.i586.rpm
f0d942949cf3938287e3f4ec44275807 2007.0/i586/xine-arts-1.1.2-3.2mdv2007.0.i586.rpm
db80c09dc6050a920aeae2e410ab4471 2007.0/i586/xine-dxr3-1.1.2-3.2mdv2007.0.i586.rpm
79f07b0afcbf4682752919829bde6fcf 2007.0/i586/xine-esd-1.1.2-3.2mdv2007.0.i586.rpm
51688356ab263c95b051712ed0f70def 2007.0/i586/xine-flac-1.1.2-3.2mdv2007.0.i586.rpm
74cd9a178d86754b337e4b1217874863 2007.0/i586/xine-gnomevfs-1.1.2-3.2mdv2007.0.i586.rpm
3f331ce5c5463512038ad69a785c9dbe 2007.0/i586/xine-image-1.1.2-3.2mdv2007.0.i586.rpm
f147438cd7f07aaf70e1178bd2343133 2007.0/i586/xine-plugins-1.1.2-3.2mdv2007.0.i586.rpm
7cb84dbcf336d715b04812fbedb349cf 2007.0/i586/xine-sdl-1.1.2-3.2mdv2007.0.i586.rpm
860fe1ca635d076e9bfa1819e7b603cd 2007.0/i586/xine-smb-1.1.2-3.2mdv2007.0.i586.rpm
c7a995ee090abd62b6a580b53e3c3364 2007.0/SRPMS/xine-lib-1.1.2-3.2mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
a1a3e704ff2f356784ad084f95d41f74 2007.0/x86_64/lib64xine1-1.1.2-3.2mdv2007.0.x86_64.rpm
ee81c8526e7baf295f214338fa3d45cd 2007.0/x86_64/lib64xine1-devel-1.1.2-3.2mdv2007.0.x86_64.rpm
bdb0a918df1d9239016741bde0027f3a 2007.0/x86_64/xine-aa-1.1.2-3.2mdv2007.0.x86_64.rpm
6cc4cc4b46b3dbeb22364ecc15d9c7d6 2007.0/x86_64/xine-arts-1.1.2-3.2mdv2007.0.x86_64.rpm
4d9ce5c5ef2814e2c18dcc60e6270322 2007.0/x86_64/xine-dxr3-1.1.2-3.2mdv2007.0.x86_64.rpm
38fe8e37988df8307028778421029349 2007.0/x86_64/xine-esd-1.1.2-3.2mdv2007.0.x86_64.rpm
53ccedaeef04ff9b15bcf3d63cdb8663 2007.0/x86_64/xine-flac-1.1.2-3.2mdv2007.0.x86_64.rpm
b090fb7ac33b25d310dc8cfc4758062b 2007.0/x86_64/xine-gnomevfs-1.1.2-3.2mdv2007.0.x86_64.rpm
51d280def3f6c87276e9b4892c807d38 2007.0/x86_64/xine-image-1.1.2-3.2mdv2007.0.x86_64.rpm
fdbfa62329ac6fadba0277db33b71cff 2007.0/x86_64/xine-plugins-1.1.2-3.2mdv2007.0.x86_64.rpm
af8dda72b12c9a36d7a51d3d5916bb38 2007.0/x86_64/xine-sdl-1.1.2-3.2mdv2007.0.x86_64.rpm
dea73578f285ebe1b1aac769cc0a549a 2007.0/x86_64/xine-smb-1.1.2-3.2mdv2007.0.x86_64.rpm
c7a995ee090abd62b6a580b53e3c3364 2007.0/SRPMS/xine-lib-1.1.2-3.2mdv2007.0.src.rpm

Corporate 3.0:
e27a1f3f0a92a65ea9673d0aa7bd9660 corporate/3.0/i586/libxine1-1-0.rc3.6.14.C30mdk.i586.rpm
cef9a906baabe8c8e18bbe45762268fd corporate/3.0/i586/libxine1-devel-1-0.rc3.6.14.C30mdk.i586.rpm
5260c623ea029663a3166c8e350b6306 corporate/3.0/i586/xine-aa-1-0.rc3.6.14.C30mdk.i586.rpm
aa8ed9640d1e42608f1cd531d4d00dd6 corporate/3.0/i586/xine-arts-1-0.rc3.6.14.C30mdk.i586.rpm
1d311b51dc2ea55a1590ef409bfd9d9f corporate/3.0/i586/xine-dxr3-1-0.rc3.6.14.C30mdk.i586.rpm
d8602b10e1b5b0ea29959c981bf5866e corporate/3.0/i586/xine-esd-1-0.rc3.6.14.C30mdk.i586.rpm
ba65fc2fa69c85b848f7fe5728381003 corporate/3.0/i586/xine-flac-1-0.rc3.6.14.C30mdk.i586.rpm
bbf13c446ebf132b6a474a9bf4a300cd corporate/3.0/i586/xine-gnomevfs-1-0.rc3.6.14.C30mdk.i586.rpm
18168e188258d645ba33103a743af3cb corporate/3.0/i586/xine-plugins-1-0.rc3.6.14.C30mdk.i586.rpm
11ff55c81b52559ff1b08bab917d63db corporate/3.0/SRPMS/xine-lib-1-0.rc3.6.14.C30mdk.src.rpm

Corporate 3.0/X86_64:
fad4ae51ebdd06fe3b3f7848994bc7f0 corporate/3.0/x86_64/lib64xine1-1-0.rc3.6.14.C30mdk.x86_64.rpm
0aeb5bb0a613d0fa13788c7f2c64c871 corporate/3.0/x86_64/lib64xine1-devel-1-0.rc3.6.14.C30mdk.x86_64.rpm
755ab190b656fdbb9313189cce7f5a80 corporate/3.0/x86_64/xine-aa-1-0.rc3.6.14.C30mdk.x86_64.rpm
ecf0b4ee0c12d1506432c297080bbb67 corporate/3.0/x86_64/xine-arts-1-0.rc3.6.14.C30mdk.x86_64.rpm
8433359eaa5ec8987efe65e6ada96132 corporate/3.0/x86_64/xine-esd-1-0.rc3.6.14.C30mdk.x86_64.rpm
bbb1ac4807f1e8a7960d8704c79c6134 corporate/3.0/x86_64/xine-flac-1-0.rc3.6.14.C30mdk.x86_64.rpm
356f64f53ce7d552acc239cde30b60ea corporate/3.0/x86_64/xine-gnomevfs-1-0.rc3.6.14.C30mdk.x86_64.rpm
4661d21604ad2b6d2443e1ba357a9491 corporate/3.0/x86_64/xine-plugins-1-0.rc3.6.14.C30mdk.x86_64.rpm
11ff55c81b52559ff1b08bab917d63db corporate/3.0/SRPMS/xine-lib-1-0.rc3.6.14.C30mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
lt;security*mandriva.comgt;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFdgJvmqjQ0CJFipgRAsGsAKC/hIBRO42PeuMhjv0q1Pe6S7SDigCg3Q90
6ILMjlqmpJ/U+9ga8dyvKZs=
=MYl3
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/security_announce_mdksa_2006224__updated_xine_lib_packages_fix_buffer_overflow_vulnerability.html)