Login
Newsletter
Werbung
Sicherheit: Pufferüberlauf in xine-lib
Aktuelle Meldungen Distributionen
Name: Pufferüberlauf in xine-lib
ID: MDVSA-2008:046-1
Distribution: Mandriva
Plattformen: Mandriva 2007.1, Mandriva 2008.0
Datum: Do, 21. Februar 2008, 02:05
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0486
http://qa.mandriva.com/show_bug.cgi?id=37846
Applikationen: Xine

Originalnachricht

 
This is a multi-part message in MIME format...

------------=_1203555917-4794-10490


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                       MDVSA-2008:046-1
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : xine-lib
 Date    : February 20, 2008
 Affected: 2007.1, 2008.0
 _______________________________________________________________________
 
 Problem Description:
 
 An array index vulnerability found in the FLAC audio demuxer might
 allow remote attackers to execute arbitrary code via a crafted FLAC
 tag, which triggers a buffer overflow. Although originally an MPlayer
 issue, it also affects xine-lib due to code similarity.
 
 The updated packages have been patched to prevent this issue.

 Update:

 The previous update used a bad patch which made Amarok interface
 very unresponsive while playing FLAC files. This new update fixes
 the security issue with a better patch.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0486
 http://qa.mandriva.com/show_bug.cgi?id=37846
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.1:
 178998f3f0d0452e0c041f496ba03dc8 
 2007.1/i586/libxine1-1.1.4-6.7mdv2007.1.i586.rpm
 c7f6f99a5fcb674e587081234dde21a7 
 2007.1/i586/libxine1-devel-1.1.4-6.7mdv2007.1.i586.rpm
 678e9c99966c7edf7dd95e7c87305338 
 2007.1/i586/xine-aa-1.1.4-6.7mdv2007.1.i586.rpm
 5aea25425105ca75d26ff8970ae02ad6 
 2007.1/i586/xine-arts-1.1.4-6.7mdv2007.1.i586.rpm
 c25a7c127828f31add319f645ad55b86 
 2007.1/i586/xine-caca-1.1.4-6.7mdv2007.1.i586.rpm
 eca85b0d9e6a79dfc58e6085315d1d32 
 2007.1/i586/xine-dxr3-1.1.4-6.7mdv2007.1.i586.rpm
 a711b0278a16de79e905cb95b9121521 
 2007.1/i586/xine-esd-1.1.4-6.7mdv2007.1.i586.rpm
 26a905e33cfe9aa422da1684f6c0019b 
 2007.1/i586/xine-flac-1.1.4-6.7mdv2007.1.i586.rpm
 6634b2c97e4e96afeb540778ea42d522 
 2007.1/i586/xine-gnomevfs-1.1.4-6.7mdv2007.1.i586.rpm
 9b5d2a1c1d29ffbcda4820e317151985 
 2007.1/i586/xine-image-1.1.4-6.7mdv2007.1.i586.rpm
 f9085c7a5abbbdeda51b53b00bfdeb96 
 2007.1/i586/xine-jack-1.1.4-6.7mdv2007.1.i586.rpm
 5e3c733e097c4d5405509a9b7bf09a9c 
 2007.1/i586/xine-plugins-1.1.4-6.7mdv2007.1.i586.rpm
 6ae1f58bdc1e02a13dd53ad7098a39a2 
 2007.1/i586/xine-pulse-1.1.4-6.7mdv2007.1.i586.rpm
 f8d91cc3e12d683f508cc4a972375227 
 2007.1/i586/xine-sdl-1.1.4-6.7mdv2007.1.i586.rpm
 8cfb3b489466b2d75513a88982939605 
 2007.1/i586/xine-smb-1.1.4-6.7mdv2007.1.i586.rpm 
 5dbeba8e5dc8dfc8f33c119a22c9216a 
 2007.1/SRPMS/xine-lib-1.1.4-6.7mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 5d087d041ce6f601bd126ad7cbeaf885 
 2007.1/x86_64/lib64xine1-1.1.4-6.7mdv2007.1.x86_64.rpm
 b3039816dd8675c3b7a53fbd02d7985a 
 2007.1/x86_64/lib64xine1-devel-1.1.4-6.7mdv2007.1.x86_64.rpm
 abeba0838384ef6db0fdcf9daa73b72a 
 2007.1/x86_64/xine-aa-1.1.4-6.7mdv2007.1.x86_64.rpm
 49ac0466be942b411c8f09fa7b3252f4 
 2007.1/x86_64/xine-arts-1.1.4-6.7mdv2007.1.x86_64.rpm
 94b5fece762703f3ce7e9c8a698d0d38 
 2007.1/x86_64/xine-caca-1.1.4-6.7mdv2007.1.x86_64.rpm
 28983abc5e237d5299ce5339c4c55de3 
 2007.1/x86_64/xine-dxr3-1.1.4-6.7mdv2007.1.x86_64.rpm
 efabb6cc2b4354b9642ee9509ac85529 
 2007.1/x86_64/xine-esd-1.1.4-6.7mdv2007.1.x86_64.rpm
 a1ba6ef73175029d9bff30c18c8da03c 
 2007.1/x86_64/xine-flac-1.1.4-6.7mdv2007.1.x86_64.rpm
 c0339fe8b0b7088c00f57c5825dede60 
 2007.1/x86_64/xine-gnomevfs-1.1.4-6.7mdv2007.1.x86_64.rpm
 1f75876e108d4a3fd395dc6200c29247 
 2007.1/x86_64/xine-image-1.1.4-6.7mdv2007.1.x86_64.rpm
 2726efd011a6bc8e4a93f58c932d94ff 
 2007.1/x86_64/xine-jack-1.1.4-6.7mdv2007.1.x86_64.rpm
 d77a456b2693aaa123af5d3623b1ce0c 
 2007.1/x86_64/xine-plugins-1.1.4-6.7mdv2007.1.x86_64.rpm
 63558627e698b8b4fd959ebb804bdf7d 
 2007.1/x86_64/xine-pulse-1.1.4-6.7mdv2007.1.x86_64.rpm
 de93098e4bacad485dc7640172ee6e84 
 2007.1/x86_64/xine-sdl-1.1.4-6.7mdv2007.1.x86_64.rpm
 048058ec44c6359e9fc453c2d1cc9a4d 
 2007.1/x86_64/xine-smb-1.1.4-6.7mdv2007.1.x86_64.rpm 
 5dbeba8e5dc8dfc8f33c119a22c9216a 
 2007.1/SRPMS/xine-lib-1.1.4-6.7mdv2007.1.src.rpm

 Mandriva Linux 2008.0:
 de0ab0de5c9982a78f610ac25a112287 
 2008.0/i586/libxine-devel-1.1.8-4.5mdv2008.0.i586.rpm
 d19aa7c095f817f4329607aa42fee17e 
 2008.0/i586/libxine1-1.1.8-4.5mdv2008.0.i586.rpm
 3f19ea43ab25102df874527ee87d678e 
 2008.0/i586/xine-aa-1.1.8-4.5mdv2008.0.i586.rpm
 19ef41664e46e2942de9e53a9c2e0501 
 2008.0/i586/xine-caca-1.1.8-4.5mdv2008.0.i586.rpm
 4b0481b2a6b94e70604a1d20e6114506 
 2008.0/i586/xine-dxr3-1.1.8-4.5mdv2008.0.i586.rpm
 f0c3cf715c42f89ad554305c781fb540 
 2008.0/i586/xine-esd-1.1.8-4.5mdv2008.0.i586.rpm
 7b17ea27ddf9ae0aa6bbfe6e2e77d5bf 
 2008.0/i586/xine-flac-1.1.8-4.5mdv2008.0.i586.rpm
 18c86fe493f6669d606ab61bd1d175e4 
 2008.0/i586/xine-gnomevfs-1.1.8-4.5mdv2008.0.i586.rpm
 19320b5d160c734e277c47df7fd20ef7 
 2008.0/i586/xine-image-1.1.8-4.5mdv2008.0.i586.rpm
 bd215036c6a7c8bde6f417524dd3ceda 
 2008.0/i586/xine-jack-1.1.8-4.5mdv2008.0.i586.rpm
 1266dbb2810d66306f4d92190f523ba2 
 2008.0/i586/xine-plugins-1.1.8-4.5mdv2008.0.i586.rpm
 6b035b6038ad0930aa9acc688f9865b3 
 2008.0/i586/xine-pulse-1.1.8-4.5mdv2008.0.i586.rpm
 2c46f3c1877198063d52454fd6b63ac2 
 2008.0/i586/xine-sdl-1.1.8-4.5mdv2008.0.i586.rpm
 ab4d3d4caca7d173788554878884ce87 
 2008.0/i586/xine-smb-1.1.8-4.5mdv2008.0.i586.rpm 
 e5f0cb9b2566282ba0b41925af139998 
 2008.0/SRPMS/xine-lib-1.1.8-4.5mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 107a63ccbace08da5186649f3eac5bd9 
 2008.0/x86_64/lib64xine-devel-1.1.8-4.5mdv2008.0.x86_64.rpm
 9d95d192b4be04ace9d818c67133fcff 
 2008.0/x86_64/lib64xine1-1.1.8-4.5mdv2008.0.x86_64.rpm
 63eea92672429c96183b0565e6b1a198 
 2008.0/x86_64/xine-aa-1.1.8-4.5mdv2008.0.x86_64.rpm
 671da88b33fe1124860604e4e680f071 
 2008.0/x86_64/xine-caca-1.1.8-4.5mdv2008.0.x86_64.rpm
 f88a405b6443e1074651339f48a85827 
 2008.0/x86_64/xine-dxr3-1.1.8-4.5mdv2008.0.x86_64.rpm
 3173feb9a5079fd109f58af244d8f505 
 2008.0/x86_64/xine-esd-1.1.8-4.5mdv2008.0.x86_64.rpm
 8d7e3712b016a86816df2a412876b3f4 
 2008.0/x86_64/xine-flac-1.1.8-4.5mdv2008.0.x86_64.rpm
 646ddb89d4e98caf09fd190dd97f1a0b 
 2008.0/x86_64/xine-gnomevfs-1.1.8-4.5mdv2008.0.x86_64.rpm
 71f6065a2bb2d8f80544d823da0418df 
 2008.0/x86_64/xine-image-1.1.8-4.5mdv2008.0.x86_64.rpm
 46c733f0759a53cdf6acb7b526e5fdbf 
 2008.0/x86_64/xine-jack-1.1.8-4.5mdv2008.0.x86_64.rpm
 aaf50def0e0fda34895b8b618c552c0b 
 2008.0/x86_64/xine-plugins-1.1.8-4.5mdv2008.0.x86_64.rpm
 d3458757334d52da98ace5715a324aa1 
 2008.0/x86_64/xine-pulse-1.1.8-4.5mdv2008.0.x86_64.rpm
 e5bc9c60737c1c2237a1e04f6a5e1112 
 2008.0/x86_64/xine-sdl-1.1.8-4.5mdv2008.0.x86_64.rpm
 de7dfc36dd7089287cd650fbb765e76f 
 2008.0/x86_64/xine-smb-1.1.8-4.5mdv2008.0.x86_64.rpm 
 e5f0cb9b2566282ba0b41925af139998 
 2008.0/SRPMS/xine-lib-1.1.8-4.5mdv2008.0.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)

iD8DBQFHvKLAmqjQ0CJFipgRAtrRAJ9pBwGQs6XeLhxl0egoZ568oYJJjwCfXvVm
4kk3mJmPGwLsDQugpe+aWV0=
=WcZv
-----END PGP SIGNATURE-----


------------=_1203555917-4794-10490
Content-Type: text/plain; name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva? 
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1203555917-4794-10490--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung