drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Pufferüberläufe in xine-lib
Name: |
Pufferüberläufe in xine-lib |
|
ID: |
TLSA-2007-33 |
|
Distribution: |
TurboLinux |
|
Plattformen: |
Turbolinux FUJI, Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home, TurboLinux wizpy |
|
Datum: |
Fr, 22. Juni 2007, 03:50 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1246
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1387 |
|
Applikationen: |
Xine |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
-------------------------------------------------------------------------- Turbolinux Security Advisory TLSA-2007-33 http://www.turbolinux.co.jp/security/ security-team@turbolinux.co.jp --------------------------------------------------------------------------
Original released date: 21 Jun 2007 Last revised: 21 Jun 2007
Package: xine-lib
Summary: Buffer overflows
More information: The xine engine is a free media player engine. It comes in the form of a shared libarary and is typically used by media player frontends and other multimedia applications for playback of multimedia streams such as movies, radio/tv network streams, DVDs, VCDs.
Remote attackers to cause a buffer overflow.
Impact: The DirectShow loader and DMO_VideoDecoder_Open in MPlayer 1.0rc1 used in xine-lib, does not set the biSize before use in a memcpy, which allows user-assisted remote attackers to cause a buffer overflow and possibly execute arbitrary code.
Affected Products: - Turbolinux Wizpy - Turbolinux FUJI - Turbolinux Home - Turbolinux 10 F... - Turbolinux 10 Desktop
<wizpy>
Source Packages Size: MD5
extrafiles-OS246-3.src.rpm 31992324 08552dba95f4bf808ed1dfbb436847e5 xine-lib-1.0.3a-7.src.rpm 7355124 e23f011b27379d3cfa1ecced3da396d8
Binary Packages Size: MD5
extrafiles-OS246-3.i386.rpm 768345 bde22dc67fcb4bc53147245828019b2a xine-lib-1.0.3a-7.i386.rpm 3577850 3744955594230e2ce95e238e44e44d55 xine-lib-extra-mpeg-1.0.3a-7.i386.rpm 127740 1e6b8b9ff71e01d38421828d76bfc684 xine-lib-wmf-1.0.3a-7.i386.rpm 23224 e4212550c28c8ca48e514cadb4100731
<Turbolinux FUJI>
Source Packages Size: MD5
xine-lib-1.0.3a-7.src.rpm 7355124 26a5a94d511793801b39c5d022625e9a
Binary Packages Size: MD5
xine-lib-1.0.3a-7.i686.rpm 3727337 fc3d8ba5b940b548f34c449bf2ee42ba xine-lib-wmf-1.0.3a-7.i686.rpm 23442 7e66d580315952c73ac50c5d02c2586f
<Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal>
Source Packages Size: MD5
xine-lib-1rc3c-16.src.rpm 6491357 082b5ebe5a6da4f6efe51200aae16633
Binary Packages Size: MD5
xine-lib-1rc3c-16.i586.rpm 3413325 183948bf8405b293a4119a60c865c74d xine-lib-devel-1rc3c-16.i586.rpm 381405 6b284b831470ea09358de03c88a48ea7 xine-lib-wmf-1rc3c-16.i586.rpm 22596 463c3765ed466484dd14dd9e93bcb10d
References:
CVE [CVE-2007-1246] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1246 [CVE-2007-1387] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1387
-------------------------------------------------------------------------- Revision History 21 Jun 2007 Initial release --------------------------------------------------------------------------
Copyright(C) 2007 Turbolinux, Inc. All rights reserved.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFGeh65K0LzjOqIJMwRAlAwAJ4nGWrrIQCrKvcOKXv05lUjULBSgQCfTxua RBJYz1aWdzykFxA3EIGQ3YQ= =L+xU -----END PGP SIGNATURE-----
|
|
|
|