-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2006:176 http://www.mandriva.com/security/ _______________________________________________________________________ Package : xine-lib Date : September 28, 2006 Affected: 2006.0, 2007.0, Corporate 3.0 _______________________________________________________________________ Problem Description: Xine-lib uses an embedded copy of ffmpeg and as such has been updated to address the following issue: Multiple buffer overflows in libavcodec in ffmpeg before 0.4.9_p20060530 allow remote attackers to cause a denial of service or possibly execute arbitrary code via multiple unspecified vectors in (1) dtsdec.c, (2) vorbis.c, (3) rm.c, (4)sierravmd.c, (5) smacker.c, (6) tta.c, (7) 4xm.c, (8) alac.c, (9) cook.c, (10)shorten.c, (11) smacker.c, (12) snow.c, and (13) tta.c. NOTE: it is likely that this is a different vulnerability than CVE-2005-4048 and CVE-2006-2802.
Updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4800 _______________________________________________________________________ Updated Packages: Mandriva Linux 2006.0: d1f80d9b93a76660d51ad5df0c8c2e19 2006.0/i586/libxine1-1.1.0-9.7.20060mdk.i586.rpm f671d0176cf054d166c1e16e874aaaa2 2006.0/i586/libxine1-devel-1.1.0-9.7.20060mdk.i586.rpm 6f0953a17f812a39f95e3b9287b9e069 2006.0/i586/xine-aa-1.1.0-9.7.20060mdk.i586.rpm 42d3d3fb0dacc20837ce9b29e63ee7b4 2006.0/i586/xine-arts-1.1.0-9.7.20060mdk.i586.rpm 730747a34c5c0b257b491c444e8e5d84 2006.0/i586/xine-dxr3-1.1.0-9.7.20060mdk.i586.rpm 15e53a29ac2538c42ac127004d1ace0a 2006.0/i586/xine-esd-1.1.0-9.7.20060mdk.i586.rpm 9a70a80f3a1bc3cd3d58c21ff84a60bb 2006.0/i586/xine-flac-1.1.0-9.7.20060mdk.i586.rpm c587a6f90f1e0dae31fd2c168f46f7e0 2006.0/i586/xine-gnomevfs-1.1.0-9.7.20060mdk.i586.rpm bf556f57f35ae3a70157c925cceeadce 2006.0/i586/xine-image-1.1.0-9.7.20060mdk.i586.rpm 6b902ec1c26032f86733e50c0576db20 2006.0/i586/xine-plugins-1.1.0-9.7.20060mdk.i586.rpm dc86818eeda6ebe99f4c4736aa26915d 2006.0/i586/xine-polyp-1.1.0-9.7.20060mdk.i586.rpm 0f2d148a0b52157e8598ec42c8f2a3c5 2006.0/i586/xine-smb-1.1.0-9.7.20060mdk.i586.rpm a1727cb46b7790690d8970371538a767 2006.0/SRPMS/xine-lib-1.1.0-9.7.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: d2072c8ed9dc58f785afa6f091368540 2006.0/x86_64/lib64xine1-1.1.0-9.7.20060mdk.x86_64.rpm 4e89998dece0c89eb08e70ff1c463839 2006.0/x86_64/lib64xine1-devel-1.1.0-9.7.20060mdk.x86_64.rpm 8a85f46ca8642413d262a10ccf9d83f5 2006.0/x86_64/xine-aa-1.1.0-9.7.20060mdk.x86_64.rpm 8d5cf41e362c82ff439ac7f016133e3b 2006.0/x86_64/xine-arts-1.1.0-9.7.20060mdk.x86_64.rpm 59d13f29dce4010c44b7ded12bf72b0c 2006.0/x86_64/xine-dxr3-1.1.0-9.7.20060mdk.x86_64.rpm ff0e3b94866e27e16c0879466edfe8ad 2006.0/x86_64/xine-esd-1.1.0-9.7.20060mdk.x86_64.rpm dbe2fc276bb83ebadcd60ffe65695600 2006.0/x86_64/xine-flac-1.1.0-9.7.20060mdk.x86_64.rpm 399b3cf66525e55b29efdd7ab2d16f4e 2006.0/x86_64/xine-gnomevfs-1.1.0-9.7.20060mdk.x86_64.rpm 585d0753c5465c3be61374c633b9a849 2006.0/x86_64/xine-image-1.1.0-9.7.20060mdk.x86_64.rpm caa986167205f61d3b2cd332de8f9ea9 2006.0/x86_64/xine-plugins-1.1.0-9.7.20060mdk.x86_64.rpm 4c8105732f02c99499743baf3a8bee82 2006.0/x86_64/xine-polyp-1.1.0-9.7.20060mdk.x86_64.rpm 92849a576e00179b379d46ad09ef69c6 2006.0/x86_64/xine-smb-1.1.0-9.7.20060mdk.x86_64.rpm a1727cb46b7790690d8970371538a767 2006.0/SRPMS/xine-lib-1.1.0-9.7.20060mdk.src.rpm Mandriva Linux 2007.0: d404c25c046cb8a33c8ad0e2b2072754 2007.0/i586/libxine1-1.1.2-3.1mdv2007.0.i586.rpm 5cc4212e46690c5910f11bb574e073d3 2007.0/i586/libxine1-devel-1.1.2-3.1mdv2007.0.i586.rpm ac59fa02078f3989ceb189b96cdef41f 2007.0/i586/xine-aa-1.1.2-3.1mdv2007.0.i586.rpm 86efab30b6c71cb3847b5229ca1067ca 2007.0/i586/xine-arts-1.1.2-3.1mdv2007.0.i586.rpm 3d731488c545b27e1295e758e3f674ac 2007.0/i586/xine-dxr3-1.1.2-3.1mdv2007.0.i586.rpm c85c713e002fe6009eef3a8ce191ca73 2007.0/i586/xine-esd-1.1.2-3.1mdv2007.0.i586.rpm af8bf9bd553334e8bce2dbc257fb2ce9 2007.0/i586/xine-flac-1.1.2-3.1mdv2007.0.i586.rpm 8da4facf9142237c874da9790f44e014 2007.0/i586/xine-gnomevfs-1.1.2-3.1mdv2007.0.i586.rpm da7022eb9498f9dba321893fc35378a4 2007.0/i586/xine-image-1.1.2-3.1mdv2007.0.i586.rpm 6dfe4067a98de2e9344752ec369149bb 2007.0/i586/xine-plugins-1.1.2-3.1mdv2007.0.i586.rpm 89a7386ed3c2b821f9dd2715d23699c2 2007.0/i586/xine-sdl-1.1.2-3.1mdv2007.0.i586.rpm 6a8c17bd9d98744c57ddb5b12d78d197 2007.0/i586/xine-smb-1.1.2-3.1mdv2007.0.i586.rpm eb3473147c0d7cdfa3b0d48ff37dc61a 2007.0/SRPMS/xine-lib-1.1.2-3.1mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: bdd79df2e0097f84a2f5772c4ca6136f 2007.0/x86_64/lib64xine1-1.1.2-3.1mdv2007.0.x86_64.rpm 6ba8f3c17541fd13ac77d55120758042 2007.0/x86_64/lib64xine1-devel-1.1.2-3.1mdv2007.0.x86_64.rpm d71799253d4c012e1e3f64d3bc58d7cc 2007.0/x86_64/xine-aa-1.1.2-3.1mdv2007.0.x86_64.rpm 9d39171f79b30e7eb4c8ca2370e483b5 2007.0/x86_64/xine-arts-1.1.2-3.1mdv2007.0.x86_64.rpm 246c0799945641ea013cc41b5409deea 2007.0/x86_64/xine-dxr3-1.1.2-3.1mdv2007.0.x86_64.rpm dcc81b8d0ba73799019e2d8638d5ec20 2007.0/x86_64/xine-esd-1.1.2-3.1mdv2007.0.x86_64.rpm f3d6cf4c186265c72b235bf20817de9d 2007.0/x86_64/xine-flac-1.1.2-3.1mdv2007.0.x86_64.rpm 57684a9c46601d685fb2a00bdc01eddd 2007.0/x86_64/xine-gnomevfs-1.1.2-3.1mdv2007.0.x86_64.rpm fdf75b1bcaecb2f49fddd40d96a75ea7 2007.0/x86_64/xine-image-1.1.2-3.1mdv2007.0.x86_64.rpm 3c8f9ab5f54574b6c1ac04e494597631 2007.0/x86_64/xine-plugins-1.1.2-3.1mdv2007.0.x86_64.rpm fa5133b6f2543e6de6425efcbd7cd435 2007.0/x86_64/xine-sdl-1.1.2-3.1mdv2007.0.x86_64.rpm fd42d77bf716df6f53fb3dd4093bdafc 2007.0/x86_64/xine-smb-1.1.2-3.1mdv2007.0.x86_64.rpm eb3473147c0d7cdfa3b0d48ff37dc61a 2007.0/SRPMS/xine-lib-1.1.2-3.1mdv2007.0.src.rpm Corporate 3.0: db41592447e7e73730797aa9bf498ad5 corporate/3.0/i586/libxine1-1-0.rc3.6.13.C30mdk.i586.rpm 84b3f62d20a29c48e8e910b6316bcfb5 corporate/3.0/i586/libxine1-devel-1-0.rc3.6.13.C30mdk.i586.rpm f805b3d9402c19ab772f80b2e8b1eafc corporate/3.0/i586/xine-aa-1-0.rc3.6.13.C30mdk.i586.rpm 8825c4a718b38706da515ec6c35ccaba corporate/3.0/i586/xine-arts-1-0.rc3.6.13.C30mdk.i586.rpm 261649da7010f98bff6a83e690f9c7cc corporate/3.0/i586/xine-dxr3-1-0.rc3.6.13.C30mdk.i586.rpm f38a295e8a8fb8c61d7dfd607498c0ad corporate/3.0/i586/xine-esd-1-0.rc3.6.13.C30mdk.i586.rpm 5a06155242921b82936a1e727ae0f95d corporate/3.0/i586/xine-flac-1-0.rc3.6.13.C30mdk.i586.rpm e50866249d9ceacc9a487ea9d7ae42d6 corporate/3.0/i586/xine-gnomevfs-1-0.rc3.6.13.C30mdk.i586.rpm 9c9ddb6cbd1c57cb8f31a29214666b78 corporate/3.0/i586/xine-plugins-1-0.rc3.6.13.C30mdk.i586.rpm 6c87980235f4aaeedb8671384c8542a7 corporate/3.0/SRPMS/xine-lib-1-0.rc3.6.13.C30mdk.src.rpm Corporate 3.0/X86_64: 3f2792ec38f9f9327a8de63d0d0fa675 corporate/3.0/x86_64/lib64xine1-1-0.rc3.6.13.C30mdk.x86_64.rpm 6c9491f30d6ba186d65e287bc86ad48f corporate/3.0/x86_64/lib64xine1-devel-1-0.rc3.6.13.C30mdk.x86_64.rpm 83629afd6aa2e9abeb479e7bf8abd969 corporate/3.0/x86_64/xine-aa-1-0.rc3.6.13.C30mdk.x86_64.rpm bcd60c934b0c514a0e3f877c616b1582 corporate/3.0/x86_64/xine-arts-1-0.rc3.6.13.C30mdk.x86_64.rpm 1ba79beb8e795aefa83a5033e78cd5a8 corporate/3.0/x86_64/xine-esd-1-0.rc3.6.13.C30mdk.x86_64.rpm 43c80a0e726695afe9e9e22fb11e7ceb corporate/3.0/x86_64/xine-flac-1-0.rc3.6.13.C30mdk.x86_64.rpm f20e49f4a5b8ee79172b2c2b153f7d9b corporate/3.0/x86_64/xine-gnomevfs-1-0.rc3.6.13.C30mdk.x86_64.rpm bea5d059056a9771172fc3b25c04ac5a corporate/3.0/x86_64/xine-plugins-1-0.rc3.6.13.C30mdk.x86_64.rpm 6c87980235f4aaeedb8671384c8542a7 corporate/3.0/SRPMS/xine-lib-1-0.rc3.6.13.C30mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQFFHDosmqjQ0CJFipgRAvIwAJ9ksuDWipI2eiizX1c1z63pikV6ZgCglg46 5adSZ8Y+mHDBnF10FxZxh6Q= =Eqae -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
