Login
Newsletter
Werbung
Sicherheit: Ausführen beliebigen Codes in xine-lib
Aktuelle Meldungen Distributionen
Name: Ausführen beliebigen Codes in xine-lib
ID: MDKSA-2004:105
Distribution: Mandrake
Plattformen: Mandrake 10.0
Datum: Do, 7. Oktober 2004, 13:00
Referenzen: http://xinehq.de/index.php/security/XSA-2004-4
http://xinehq.de/index.php/security/XSA-2004-5
Applikationen: Xine

Originalnachricht

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                 Mandrakelinux Security Update Advisory
 _______________________________________________________________________

 Package name:           xine-lib
 Advisory ID:            MDKSA-2004:105
 Date:                   October 6th, 2004

 Affected versions:	 10.0
 ______________________________________________________________________

 Problem Description:

 A number of string overflows were discovered in the xine-lib program,
 some of which can be used for remote buffer overflow exploits that 
 lead to the execution of arbitrary code with the permissions of the
 user running a xine-lib-based media application.  xine-lib versions
 1-rc2 through, and including, 1-rc5 are vulnerable to these problems.
 
 As well, a heap overflow was found in the DVD subpicture decoder of
 xine-lib; this vulnerability is also remotely exploitable.  All
 versions of xine-lib prior to and including 0.5.2 through, and
 including, 1-rc5 are vulnerable to this problem.
 
 Patches from the xine-lib team have been backported and applied to
 the program to solve these problems.
 _______________________________________________________________________

 References:

  http://xinehq.de/index.php/security/XSA-2004-4
  http://xinehq.de/index.php/security/XSA-2004-5
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 10ce6885addcfa3a9ed0380805fcbce6 
 10.0/RPMS/libxine1-1-0.rc3.6.2.100mdk.i586.rpm
 2a1341dfa762f5208673ab20ec5d9092 
 10.0/RPMS/libxine1-devel-1-0.rc3.6.2.100mdk.i586.rpm
 a654845136034c4cdb30ed89a0ca81b7 
 10.0/RPMS/xine-aa-1-0.rc3.6.2.100mdk.i586.rpm
 e70b118d3bdd2a9a9dc48143601f78a4 
 10.0/RPMS/xine-arts-1-0.rc3.6.2.100mdk.i586.rpm
 1ff7a30cd60c470f4d89cebfaf33d5f8 
 10.0/RPMS/xine-dxr3-1-0.rc3.6.2.100mdk.i586.rpm
 2be55268cb20ff387313f662d19e5112 
 10.0/RPMS/xine-esd-1-0.rc3.6.2.100mdk.i586.rpm
 8ea540e75311662ee5db57a0fa38e51a 
 10.0/RPMS/xine-flac-1-0.rc3.6.2.100mdk.i586.rpm
 ba12f4c0368e6d81f6965c64e13796a0 
 10.0/RPMS/xine-gnomevfs-1-0.rc3.6.2.100mdk.i586.rpm
 253a8c8dac5200fe7afc3d5d502be1ed 
 10.0/RPMS/xine-plugins-1-0.rc3.6.2.100mdk.i586.rpm
 0f65783b02ceea2ee697af41a4406d76 
 10.0/SRPMS/xine-lib-1-0.rc3.6.2.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 12e4e1ef7a03cee73b025f106de3f05e 
 amd64/10.0/RPMS/lib64xine1-1-0.rc3.6.2.100mdk.amd64.rpm
 b04a4aa8e15009fe67e7cbd2b5d7304f 
 amd64/10.0/RPMS/lib64xine1-devel-1-0.rc3.6.2.100mdk.amd64.rpm
 dec9a4e10c6c1f3cda08a252bfa54963 
 amd64/10.0/RPMS/xine-aa-1-0.rc3.6.2.100mdk.amd64.rpm
 76890b85ba9cc2ddd84bc8f7f79e1482 
 amd64/10.0/RPMS/xine-arts-1-0.rc3.6.2.100mdk.amd64.rpm
 fbf465711eda60e57198666c0c693267 
 amd64/10.0/RPMS/xine-esd-1-0.rc3.6.2.100mdk.amd64.rpm
 e5921bb72c4a819a685d736301643c4d 
 amd64/10.0/RPMS/xine-flac-1-0.rc3.6.2.100mdk.amd64.rpm
 c79055804621f8ff95ad738a75bcc5d6 
 amd64/10.0/RPMS/xine-gnomevfs-1-0.rc3.6.2.100mdk.amd64.rpm
 72781a34d4b3f83d2e4a3e5226ed5942 
 amd64/10.0/RPMS/xine-plugins-1-0.rc3.6.2.100mdk.amd64.rpm
 0f65783b02ceea2ee697af41a4406d76 
 amd64/10.0/SRPMS/xine-lib-1-0.rc3.6.2.100mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandrakesoft for security.  You can obtain
 the GPG public key of the Mandrakelinux Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandrakelinux at:

  http://www.mandrakesoft.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFBZEpAmqjQ0CJFipgRAlxcAJwIKy+YgZjkGEM/FS6iG0WKnXmtGQCgs5vw
o1mdmtdIISSyK1vpnbFzBuo=
=sYnL
-----END PGP SIGNATURE-----


____________________________________________________
Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com
Join the Club : http://www.mandrakeclub.com
____________________________________________________
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung