Home / vulnerabilitiesPDF  

MDVSA-2008-177.txt

Posted on 21 August 2008
Source : packetstormsecurity.org Link

 


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2008:177
http://www.mandriva.com/security/
_______________________________________________________________________

Package : xine-lib
Date : August 20, 2008
Affected: 2008.1
_______________________________________________________________________

Problem Description:

Guido Landi found A stack-based buffer overflow in xine-lib
that could allow a remote attacker to cause a denial of service
(crash) and potentially execute arbitrary code via a long NSF title
(CVE-2008-1878).

The updated packages have been patched to correct this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1878
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2008.1:
10db71c6a43508d36ba8d93f290f72d6 2008.1/i586/libxine1-1.1.11.1-4.2mdv2008.1.i586.rpm
106e82cbd1e2ed40f533fe6d28f2ccfb 2008.1/i586/libxine-devel-1.1.11.1-4.2mdv2008.1.i586.rpm
80f94cbfc8be99ea04de884066a5b95e 2008.1/i586/xine-aa-1.1.11.1-4.2mdv2008.1.i586.rpm
9d42258f0e3ae0128d054ae53805cbd8 2008.1/i586/xine-caca-1.1.11.1-4.2mdv2008.1.i586.rpm
31d7177e7ae1b81e89fc28811ba4567e 2008.1/i586/xine-dxr3-1.1.11.1-4.2mdv2008.1.i586.rpm
b0a98953adc702b1921135412ad603cd 2008.1/i586/xine-esd-1.1.11.1-4.2mdv2008.1.i586.rpm
086ee1475478bd3e64a3dc4b9f677dcd 2008.1/i586/xine-flac-1.1.11.1-4.2mdv2008.1.i586.rpm
43e7881b465be3ed1df25247af758692 2008.1/i586/xine-gnomevfs-1.1.11.1-4.2mdv2008.1.i586.rpm
e07999dc5149e38ed39a778e46298523 2008.1/i586/xine-image-1.1.11.1-4.2mdv2008.1.i586.rpm
fdc64b384993234582716d49beadd3e0 2008.1/i586/xine-jack-1.1.11.1-4.2mdv2008.1.i586.rpm
6ec501e08df57145bcf1eeb4730f43dd 2008.1/i586/xine-plugins-1.1.11.1-4.2mdv2008.1.i586.rpm
6d0a6630688d65cad364fb4b60449867 2008.1/i586/xine-pulse-1.1.11.1-4.2mdv2008.1.i586.rpm
cb42e25b94a5c6bbf640878cedef4ab1 2008.1/i586/xine-sdl-1.1.11.1-4.2mdv2008.1.i586.rpm
61dc627d3b187ba4cf0281b956b7fa56 2008.1/i586/xine-smb-1.1.11.1-4.2mdv2008.1.i586.rpm
b032fa9c5083bcc6130b550983efb024 2008.1/i586/xine-wavpack-1.1.11.1-4.2mdv2008.1.i586.rpm
b8c89ebf6906c01d471205934bcdcfd3 2008.1/SRPMS/xine-lib-1.1.11.1-4.2mdv2008.1.src.rpm

Mandriva Linux 2008.1/X86_64:
a9ff3e2ff6df1a32a53f5c18d4f0385a 2008.1/x86_64/lib64xine1-1.1.11.1-4.2mdv2008.1.x86_64.rpm
87c32e02d5cd1fb408e934a2dc3007ba 2008.1/x86_64/lib64xine-devel-1.1.11.1-4.2mdv2008.1.x86_64.rpm
59375c9ce1868bb410b03851d6798718 2008.1/x86_64/xine-aa-1.1.11.1-4.2mdv2008.1.x86_64.rpm
f45bcfce4d66d8a2b683371dd7030e37 2008.1/x86_64/xine-caca-1.1.11.1-4.2mdv2008.1.x86_64.rpm
4775483c71308e162ef87b99ac303d90 2008.1/x86_64/xine-dxr3-1.1.11.1-4.2mdv2008.1.x86_64.rpm
bdb716d2e1bd7477a78cba9725b93b90 2008.1/x86_64/xine-esd-1.1.11.1-4.2mdv2008.1.x86_64.rpm
5bfe733f4a30232c91c573238fc3beb2 2008.1/x86_64/xine-flac-1.1.11.1-4.2mdv2008.1.x86_64.rpm
7ac3d2c4b723f5e72727d8719d50b35c 2008.1/x86_64/xine-gnomevfs-1.1.11.1-4.2mdv2008.1.x86_64.rpm
401c5dbc008597aa06774b3eeb02e57d 2008.1/x86_64/xine-image-1.1.11.1-4.2mdv2008.1.x86_64.rpm
2957efe6941036a9f97621068587614f 2008.1/x86_64/xine-jack-1.1.11.1-4.2mdv2008.1.x86_64.rpm
acdba1ff341e79ce14b31aeecfb5d573 2008.1/x86_64/xine-plugins-1.1.11.1-4.2mdv2008.1.x86_64.rpm
0b5a46d078f22d304e413e7772992903 2008.1/x86_64/xine-pulse-1.1.11.1-4.2mdv2008.1.x86_64.rpm
312ef813d09a5dfd7456e9a3a500fc06 2008.1/x86_64/xine-sdl-1.1.11.1-4.2mdv2008.1.x86_64.rpm
ad61d3fd3e66e92f18464e5622cba4c3 2008.1/x86_64/xine-smb-1.1.11.1-4.2mdv2008.1.x86_64.rpm
74380a1f6f47ae4ba8f88031b39304a5 2008.1/x86_64/xine-wavpack-1.1.11.1-4.2mdv2008.1.x86_64.rpm
b8c89ebf6906c01d471205934bcdcfd3 2008.1/SRPMS/xine-lib-1.1.11.1-4.2mdv2008.1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFIrLcLmqjQ0CJFipgRAp23AJ49CR1uJr/8p9/aV9YmWSCeR7C0iwCg4QCI
bvyTd48CZg+Yaqi3nHJHXU4=
=CBFe
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

 

TOP