-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2006:224 http://www.mandriva.com/security/ _______________________________________________________________________ Package : xine-lib Date : December 5, 2006 Affected: 2007.0, Corporate 3.0 _______________________________________________________________________ Problem Description: Buffer overflow in the asmrp_eval function for the Real Media input plugin allows remote attackers to cause a denial of service and possibly execute arbitrary code via a rulebook with a large number of rulematches.
Updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6172 _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.0: b0aa36d10d1ee53184b345c4a48b6fcb 2007.0/i586/libxine1-1.1.2-3.2mdv2007.0.i586.rpm 0c67ca2d47ea5594d2978573205c158f 2007.0/i586/libxine1-devel-1.1.2-3.2mdv2007.0.i586.rpm ee79849493b4b40f207e0e135dc9f4ca 2007.0/i586/xine-aa-1.1.2-3.2mdv2007.0.i586.rpm f0d942949cf3938287e3f4ec44275807 2007.0/i586/xine-arts-1.1.2-3.2mdv2007.0.i586.rpm db80c09dc6050a920aeae2e410ab4471 2007.0/i586/xine-dxr3-1.1.2-3.2mdv2007.0.i586.rpm 79f07b0afcbf4682752919829bde6fcf 2007.0/i586/xine-esd-1.1.2-3.2mdv2007.0.i586.rpm 51688356ab263c95b051712ed0f70def 2007.0/i586/xine-flac-1.1.2-3.2mdv2007.0.i586.rpm 74cd9a178d86754b337e4b1217874863 2007.0/i586/xine-gnomevfs-1.1.2-3.2mdv2007.0.i586.rpm 3f331ce5c5463512038ad69a785c9dbe 2007.0/i586/xine-image-1.1.2-3.2mdv2007.0.i586.rpm f147438cd7f07aaf70e1178bd2343133 2007.0/i586/xine-plugins-1.1.2-3.2mdv2007.0.i586.rpm 7cb84dbcf336d715b04812fbedb349cf 2007.0/i586/xine-sdl-1.1.2-3.2mdv2007.0.i586.rpm 860fe1ca635d076e9bfa1819e7b603cd 2007.0/i586/xine-smb-1.1.2-3.2mdv2007.0.i586.rpm c7a995ee090abd62b6a580b53e3c3364 2007.0/SRPMS/xine-lib-1.1.2-3.2mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: a1a3e704ff2f356784ad084f95d41f74 2007.0/x86_64/lib64xine1-1.1.2-3.2mdv2007.0.x86_64.rpm ee81c8526e7baf295f214338fa3d45cd 2007.0/x86_64/lib64xine1-devel-1.1.2-3.2mdv2007.0.x86_64.rpm bdb0a918df1d9239016741bde0027f3a 2007.0/x86_64/xine-aa-1.1.2-3.2mdv2007.0.x86_64.rpm 6cc4cc4b46b3dbeb22364ecc15d9c7d6 2007.0/x86_64/xine-arts-1.1.2-3.2mdv2007.0.x86_64.rpm 4d9ce5c5ef2814e2c18dcc60e6270322 2007.0/x86_64/xine-dxr3-1.1.2-3.2mdv2007.0.x86_64.rpm 38fe8e37988df8307028778421029349 2007.0/x86_64/xine-esd-1.1.2-3.2mdv2007.0.x86_64.rpm 53ccedaeef04ff9b15bcf3d63cdb8663 2007.0/x86_64/xine-flac-1.1.2-3.2mdv2007.0.x86_64.rpm b090fb7ac33b25d310dc8cfc4758062b 2007.0/x86_64/xine-gnomevfs-1.1.2-3.2mdv2007.0.x86_64.rpm 51d280def3f6c87276e9b4892c807d38 2007.0/x86_64/xine-image-1.1.2-3.2mdv2007.0.x86_64.rpm fdbfa62329ac6fadba0277db33b71cff 2007.0/x86_64/xine-plugins-1.1.2-3.2mdv2007.0.x86_64.rpm af8dda72b12c9a36d7a51d3d5916bb38 2007.0/x86_64/xine-sdl-1.1.2-3.2mdv2007.0.x86_64.rpm dea73578f285ebe1b1aac769cc0a549a 2007.0/x86_64/xine-smb-1.1.2-3.2mdv2007.0.x86_64.rpm c7a995ee090abd62b6a580b53e3c3364 2007.0/SRPMS/xine-lib-1.1.2-3.2mdv2007.0.src.rpm Corporate 3.0: e27a1f3f0a92a65ea9673d0aa7bd9660 corporate/3.0/i586/libxine1-1-0.rc3.6.14.C30mdk.i586.rpm cef9a906baabe8c8e18bbe45762268fd corporate/3.0/i586/libxine1-devel-1-0.rc3.6.14.C30mdk.i586.rpm 5260c623ea029663a3166c8e350b6306 corporate/3.0/i586/xine-aa-1-0.rc3.6.14.C30mdk.i586.rpm aa8ed9640d1e42608f1cd531d4d00dd6 corporate/3.0/i586/xine-arts-1-0.rc3.6.14.C30mdk.i586.rpm 1d311b51dc2ea55a1590ef409bfd9d9f corporate/3.0/i586/xine-dxr3-1-0.rc3.6.14.C30mdk.i586.rpm d8602b10e1b5b0ea29959c981bf5866e corporate/3.0/i586/xine-esd-1-0.rc3.6.14.C30mdk.i586.rpm ba65fc2fa69c85b848f7fe5728381003 corporate/3.0/i586/xine-flac-1-0.rc3.6.14.C30mdk.i586.rpm bbf13c446ebf132b6a474a9bf4a300cd corporate/3.0/i586/xine-gnomevfs-1-0.rc3.6.14.C30mdk.i586.rpm 18168e188258d645ba33103a743af3cb corporate/3.0/i586/xine-plugins-1-0.rc3.6.14.C30mdk.i586.rpm 11ff55c81b52559ff1b08bab917d63db corporate/3.0/SRPMS/xine-lib-1-0.rc3.6.14.C30mdk.src.rpm Corporate 3.0/X86_64: fad4ae51ebdd06fe3b3f7848994bc7f0 corporate/3.0/x86_64/lib64xine1-1-0.rc3.6.14.C30mdk.x86_64.rpm 0aeb5bb0a613d0fa13788c7f2c64c871 corporate/3.0/x86_64/lib64xine1-devel-1-0.rc3.6.14.C30mdk.x86_64.rpm 755ab190b656fdbb9313189cce7f5a80 corporate/3.0/x86_64/xine-aa-1-0.rc3.6.14.C30mdk.x86_64.rpm ecf0b4ee0c12d1506432c297080bbb67 corporate/3.0/x86_64/xine-arts-1-0.rc3.6.14.C30mdk.x86_64.rpm 8433359eaa5ec8987efe65e6ada96132 corporate/3.0/x86_64/xine-esd-1-0.rc3.6.14.C30mdk.x86_64.rpm bbb1ac4807f1e8a7960d8704c79c6134 corporate/3.0/x86_64/xine-flac-1-0.rc3.6.14.C30mdk.x86_64.rpm 356f64f53ce7d552acc239cde30b60ea corporate/3.0/x86_64/xine-gnomevfs-1-0.rc3.6.14.C30mdk.x86_64.rpm 4661d21604ad2b6d2443e1ba357a9491 corporate/3.0/x86_64/xine-plugins-1-0.rc3.6.14.C30mdk.x86_64.rpm 11ff55c81b52559ff1b08bab917d63db corporate/3.0/SRPMS/xine-lib-1-0.rc3.6.14.C30mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQFFdgJvmqjQ0CJFipgRAsGsAKC/hIBRO42PeuMhjv0q1Pe6S7SDigCg3Q90 6ILMjlqmpJ/U+9ga8dyvKZs= =MYl3 -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/