Login
Newsletter
Werbung

Sicherheit: Pufferüberläufe in xine-lib
Aktuelle Meldungen Distributionen
Name: Pufferüberläufe in xine-lib
ID: TLSA-2007-33
Distribution: TurboLinux
Plattformen: Turbolinux FUJI, Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home, TurboLinux wizpy
Datum: Fr, 22. Juni 2007, 03:50
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1246
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1387
Applikationen: Xine

Originalnachricht

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

--------------------------------------------------------------------------
Turbolinux Security Advisory TLSA-2007-33
http://www.turbolinux.co.jp/security/
security-team@turbolinux.co.jp
--------------------------------------------------------------------------

Original released date: 21 Jun 2007
Last revised: 21 Jun 2007

Package: xine-lib

Summary: Buffer overflows

More information:
The xine engine is a free media player engine. It comes in the form of a
shared
libarary and is typically used by media player frontends and other
multimedia
applications for playback of multimedia streams such as movies, radio/tv
network streams, DVDs, VCDs.

Remote attackers to cause a buffer overflow.

Impact:
The DirectShow loader and DMO_VideoDecoder_Open in MPlayer 1.0rc1 used in
xine-lib,
does not set the biSize before use in a memcpy, which allows user-assisted
remote
attackers to cause a buffer overflow and possibly execute arbitrary code.

Affected Products:
- Turbolinux Wizpy
- Turbolinux FUJI
- Turbolinux Home
- Turbolinux 10 F...
- Turbolinux 10 Desktop


<wizpy>

Source Packages
Size: MD5

extrafiles-OS246-3.src.rpm
31992324 08552dba95f4bf808ed1dfbb436847e5
xine-lib-1.0.3a-7.src.rpm
7355124 e23f011b27379d3cfa1ecced3da396d8

Binary Packages
Size: MD5

extrafiles-OS246-3.i386.rpm
768345 bde22dc67fcb4bc53147245828019b2a
xine-lib-1.0.3a-7.i386.rpm
3577850 3744955594230e2ce95e238e44e44d55
xine-lib-extra-mpeg-1.0.3a-7.i386.rpm
127740 1e6b8b9ff71e01d38421828d76bfc684
xine-lib-wmf-1.0.3a-7.i386.rpm
23224 e4212550c28c8ca48e514cadb4100731

<Turbolinux FUJI>

Source Packages
Size: MD5

xine-lib-1.0.3a-7.src.rpm
7355124 26a5a94d511793801b39c5d022625e9a

Binary Packages
Size: MD5

xine-lib-1.0.3a-7.i686.rpm
3727337 fc3d8ba5b940b548f34c449bf2ee42ba
xine-lib-wmf-1.0.3a-7.i686.rpm
23442 7e66d580315952c73ac50c5d02c2586f

<Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home, Turbolinux
Multimedia, Turbolinux Personal>

Source Packages
Size: MD5

xine-lib-1rc3c-16.src.rpm
6491357 082b5ebe5a6da4f6efe51200aae16633

Binary Packages
Size: MD5

xine-lib-1rc3c-16.i586.rpm
3413325 183948bf8405b293a4119a60c865c74d
xine-lib-devel-1rc3c-16.i586.rpm
381405 6b284b831470ea09358de03c88a48ea7
xine-lib-wmf-1rc3c-16.i586.rpm
22596 463c3765ed466484dd14dd9e93bcb10d


References:

CVE
[CVE-2007-1246]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1246
[CVE-2007-1387]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1387

--------------------------------------------------------------------------
Revision History
21 Jun 2007 Initial release
--------------------------------------------------------------------------

Copyright(C) 2007 Turbolinux, Inc. All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGeh65K0LzjOqIJMwRAlAwAJ4nGWrrIQCrKvcOKXv05lUjULBSgQCfTxua
RBJYz1aWdzykFxA3EIGQ3YQ=
=L+xU
-----END PGP SIGNATURE-----
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung