Mandriva 1271 Published by

Updated xine-lib packages are available for Mandriva Linux
_______________________________________________________________________

Mandriva Linux Security Update Advisory
_______________________________________________________________________

Package name: xine-lib
Advisory ID: MDKSA-2005:094
Date: May 26th, 2005

Affected versions: 10.1, 10.2, Corporate 3.0
______________________________________________________________________

Problem Description:

Two buffer overflow vulnerabilities were discovered in the MMS and Real RTSP stream handlers in the Xine libraries. If an attacker can trick a user to connect to a malicious MMS or RTSP video/audio stream source with any application using this library, they could crash the client and possibly even execute arbitrary code with the privileges of the user running the player program.

The updated packages have been patched to correct these problems.



_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1195
http://xinehq.de/index.php/security/XSA-2004-8
______________________________________________________________________

Updated Packages:

Mandrakelinux 10.1:
550971e0c9533747e55b9c0615113318 10.1/RPMS/libxine1-1-0.rc5.9.2.101mdk.i586.rpm
94b15aaa55c4e1d0f64eaca7b92ea796 10.1/RPMS/libxine1-devel-1-0.rc5.9.2.101mdk.i586.rpm
de1841e813240ced01c32d442a34b438 10.1/RPMS/xine-aa-1-0.rc5.9.2.101mdk.i586.rpm
11e3fb3498c3e48b59ecf8b9c5b91763 10.1/RPMS/xine-arts-1-0.rc5.9.2.101mdk.i586.rpm
511cc370bfb927bfd2a779b46f45eff1 10.1/RPMS/xine-dxr3-1-0.rc5.9.2.101mdk.i586.rpm
399dbca3192848a831b016d485ec3712 10.1/RPMS/xine-esd-1-0.rc5.9.2.101mdk.i586.rpm
5144e03cc71cae5a3000d2a16479656b 10.1/RPMS/xine-flac-1-0.rc5.9.2.101mdk.i586.rpm
87b7393df91d513a4f26983709f055bc 10.1/RPMS/xine-gnomevfs-1-0.rc5.9.2.101mdk.i586.rpm
b8c494c6287c4386885c39f1d313cbb2 10.1/RPMS/xine-plugins-1-0.rc5.9.2.101mdk.i586.rpm
a42d3f1faaf62a6305560085bd4f28ff 10.1/SRPMS/xine-lib-1-0.rc5.9.2.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
582cb1e8064eddeccc161c52cab94c81 x86_64/10.1/RPMS/lib64xine1-1-0.rc5.9.2.101mdk.x86_64.rpm
cd0e88ba513858e3f42d744628489da3 x86_64/10.1/RPMS/lib64xine1-devel-1-0.rc5.9.2.101mdk.x86_64.rpm
835f21902bb1178c4759a0a606331561 x86_64/10.1/RPMS/xine-aa-1-0.rc5.9.2.101mdk.x86_64.rpm
e0d6de701af47189b3f77e36b02ed039 x86_64/10.1/RPMS/xine-arts-1-0.rc5.9.2.101mdk.x86_64.rpm
52aa63a93484875ba4742ac5f79eefd8 x86_64/10.1/RPMS/xine-dxr3-1-0.rc5.9.2.101mdk.x86_64.rpm
98d6c89b038fe484578485d04bc00e31 x86_64/10.1/RPMS/xine-esd-1-0.rc5.9.2.101mdk.x86_64.rpm
4d732b3c0b110493b2525a7c8e5c3248 x86_64/10.1/RPMS/xine-flac-1-0.rc5.9.2.101mdk.x86_64.rpm
7701b26552a780e7d6ebecfcd3fea3f5 x86_64/10.1/RPMS/xine-gnomevfs-1-0.rc5.9.2.101mdk.x86_64.rpm
ca981d9b388e4c8cf94510a8efb87acd x86_64/10.1/RPMS/xine-plugins-1-0.rc5.9.2.101mdk.x86_64.rpm
a42d3f1faaf62a6305560085bd4f28ff x86_64/10.1/SRPMS/xine-lib-1-0.rc5.9.2.101mdk.src.rpm

Mandrakelinux 10.2:
430c8823bb13725c84054f53c225db85 10.2/RPMS/libxine1-1.0-8.1.102mdk.i586.rpm
b1381fe50275119d25a28dac339f7272 10.2/RPMS/libxine1-devel-1.0-8.1.102mdk.i586.rpm
5b58c4c78584519bf0b19fc9661aada7 10.2/RPMS/xine-aa-1.0-8.1.102mdk.i586.rpm
de7f073c74dfd0fb3d628d3964631e4e 10.2/RPMS/xine-arts-1.0-8.1.102mdk.i586.rpm
ff972b033b522c32e25193428677a2d2 10.2/RPMS/xine-dxr3-1.0-8.1.102mdk.i586.rpm
17d12fb16e3f58beb0c69ade3034712d 10.2/RPMS/xine-esd-1.0-8.1.102mdk.i586.rpm
0aaae60a3bc0037e3268f8b78cd2bb5e 10.2/RPMS/xine-flac-1.0-8.1.102mdk.i586.rpm
90b8ad60771a03730e228ee44ae24578 10.2/RPMS/xine-gnomevfs-1.0-8.1.102mdk.i586.rpm
740d9b80e2b79ded5700d9cdaec347a4 10.2/RPMS/xine-plugins-1.0-8.1.102mdk.i586.rpm
18023362e073c89066f60cbd81426b09 10.2/RPMS/xine-polyp-1.0-8.1.102mdk.i586.rpm
61ffb443bb979976ec77b82ffd4fe842 10.2/RPMS/xine-smb-1.0-8.1.102mdk.i586.rpm
a5eea7f704a81f23517ae7a719bc0fe6 10.2/SRPMS/xine-lib-1.0-8.1.102mdk.src.rpm

Mandrakelinux 10.2/X86_64:
3a53fc0bb164f341f9c48f10439bb914 x86_64/10.2/RPMS/lib64xine1-1.0-8.1.102mdk.x86_64.rpm
f644048646b981c918231edba554c425 x86_64/10.2/RPMS/lib64xine1-devel-1.0-8.1.102mdk.x86_64.rpm
9c015a898a61d8e62d667b595708c4c5 x86_64/10.2/RPMS/xine-aa-1.0-8.1.102mdk.x86_64.rpm
327101ebfd1c13965040cb137a5adca5 x86_64/10.2/RPMS/xine-arts-1.0-8.1.102mdk.x86_64.rpm
2256180be6b611f77b31b157db13dc0a x86_64/10.2/RPMS/xine-dxr3-1.0-8.1.102mdk.x86_64.rpm
9b51c2821a74b4033c5ef5e01459054d x86_64/10.2/RPMS/xine-esd-1.0-8.1.102mdk.x86_64.rpm
96be9cbb1ca7cab59be7cd6423a1d983 x86_64/10.2/RPMS/xine-flac-1.0-8.1.102mdk.x86_64.rpm
a9fb22f91a888a3f11a1ae0072d27b39 x86_64/10.2/RPMS/xine-gnomevfs-1.0-8.1.102mdk.x86_64.rpm
14211f1b9e951174b2b5e7f9fdac4cc8 x86_64/10.2/RPMS/xine-plugins-1.0-8.1.102mdk.x86_64.rpm
ca4006966fca3ce833c726cbe8507644 x86_64/10.2/RPMS/xine-polyp-1.0-8.1.102mdk.x86_64.rpm
69b8fea875be5d2c85e0dd20659c533c x86_64/10.2/RPMS/xine-smb-1.0-8.1.102mdk.x86_64.rpm
a5eea7f704a81f23517ae7a719bc0fe6 x86_64/10.2/SRPMS/xine-lib-1.0-8.1.102mdk.src.rpm

Corporate 3.0:
69f5d7c07314875c6a01418d5c2b69db corporate/3.0/RPMS/libxine1-1-0.rc3.6.4.C30mdk.i586.rpm
bca6392f86326b3fc1eabc56d937313b corporate/3.0/RPMS/xine-arts-1-0.rc3.6.4.C30mdk.i586.rpm
2915ce6db2655d7e352bd01568b211c7 corporate/3.0/RPMS/xine-plugins-1-0.rc3.6.4.C30mdk.i586.rpm
7074a85157522b6dcb445cd2c8ce2776 corporate/3.0/SRPMS/xine-lib-1-0.rc3.6.4.C30mdk.src.rpm

Corporate 3.0/X86_64:
e5d09fd1ddfb8402f2421b0e0c497d7b x86_64/corporate/3.0/RPMS/lib64xine1-1-0.rc3.6.4.C30mdk.x86_64.rpm
96533a024652ac48d8889a112dd44d21 x86_64/corporate/3.0/RPMS/xine-arts-1-0.rc3.6.4.C30mdk.x86_64.rpm
2b0e14bf23b4d796db5e891fd4deeb0c x86_64/corporate/3.0/RPMS/xine-plugins-1-0.rc3.6.4.C30mdk.x86_64.rpm
7074a85157522b6dcb445cd2c8ce2776 x86_64/corporate/3.0/SRPMS/xine-lib-1-0.rc3.6.4.C30mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com