-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2006:108 http://www.mandriva.com/security/ _______________________________________________________________________ Package : xine-lib Date : June 20, 2006 Affected: 10.2, 2006.0, Corporate 3.0 _______________________________________________________________________ Problem Description: A buffer overflow in the HTTP Plugin (xineplug_inp_http.so) for xine-lib 1.1.1 allows remote attackers to cause a denial of service (application crash) via a long reply from an HTTP server, as demonstrated using gxine 0.5.6. (CVE-2006-2802) In addition, a possible buffer overflow exists in the AVI demuxer, similar in nature to CVE-2006-1502 for MPlayer. The Corporate 3 release of xine-lib does not have this issue. The updated packages have been patched to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2802 _______________________________________________________________________ Updated Packages: Mandriva Linux 10.2: d681a8b19b18a2dc5452e7df07e83e3f 10.2/RPMS/libxine1-1.0-8.3.102mdk.i586.rpm fff9e7c0837d2231a6e3b2654f383e9d 10.2/RPMS/libxine1-devel-1.0-8.3.102mdk.i586.rpm 7e92134803618e43514f24b3709b4c55 10.2/RPMS/xine-aa-1.0-8.3.102mdk.i586.rpm 0ced315ae520ab8530e577d80b618bf3 10.2/RPMS/xine-arts-1.0-8.3.102mdk.i586.rpm 7e5c2fe58c56877e0b58e77c61f7a600 10.2/RPMS/xine-dxr3-1.0-8.3.102mdk.i586.rpm 2c16e0b8e7bb0d481f834fcf90749c66 10.2/RPMS/xine-esd-1.0-8.3.102mdk.i586.rpm 473b446c63ea1a698f82465925161c63 10.2/RPMS/xine-flac-1.0-8.3.102mdk.i586.rpm 07709eec2ca1e86350f966122752c175 10.2/RPMS/xine-gnomevfs-1.0-8.3.102mdk.i586.rpm 63a0d2f3244334e66e36b267100bd7b5 10.2/RPMS/xine-plugins-1.0-8.3.102mdk.i586.rpm 17c00929f7ae10ba2c7ebe8460396c6b 10.2/RPMS/xine-polyp-1.0-8.3.102mdk.i586.rpm 6d8bda0b35bb615d458053a5489f4e8e 10.2/RPMS/xine-smb-1.0-8.3.102mdk.i586.rpm 5efc378a2f15f33f080d938d27100861 10.2/SRPMS/xine-lib-1.0-8.3.102mdk.src.rpm Mandriva Linux 10.2/X86_64: 4d21ed79acf486e861842133747594ae x86_64/10.2/RPMS/lib64xine1-1.0-8.3.102mdk.x86_64.rpm 20132d26d3a57c55992fe580333f74fe x86_64/10.2/RPMS/lib64xine1-devel-1.0-8.3.102mdk.x86_64.rpm 13bf0e99dbb3e4ec88848dfd59e6961f x86_64/10.2/RPMS/xine-aa-1.0-8.3.102mdk.x86_64.rpm 78cf2f4087c17f330499b5448e502865 x86_64/10.2/RPMS/xine-arts-1.0-8.3.102mdk.x86_64.rpm c1c17f1c4373837dff5d22b3cf2391ce x86_64/10.2/RPMS/xine-dxr3-1.0-8.3.102mdk.x86_64.rpm 3aa27fd3bd5817d1fc75410dd0508aef x86_64/10.2/RPMS/xine-esd-1.0-8.3.102mdk.x86_64.rpm 6156eb751055ec1b6f2f6a578d7dff12 x86_64/10.2/RPMS/xine-flac-1.0-8.3.102mdk.x86_64.rpm 0e8c7357b1ab03f5f117e4033b4e5d77 x86_64/10.2/RPMS/xine-gnomevfs-1.0-8.3.102mdk.x86_64.rpm 6f9cf73474c200b3d50e48b53a3fd5f6 x86_64/10.2/RPMS/xine-plugins-1.0-8.3.102mdk.x86_64.rpm 3a8520e98e7acdf6f30dda1b12f76664 x86_64/10.2/RPMS/xine-polyp-1.0-8.3.102mdk.x86_64.rpm 8de73b5ea3c73607138581175e0670c1 x86_64/10.2/RPMS/xine-smb-1.0-8.3.102mdk.x86_64.rpm 5efc378a2f15f33f080d938d27100861 x86_64/10.2/SRPMS/xine-lib-1.0-8.3.102mdk.src.rpm Mandriva Linux 2006.0: 904b1e86d75ee4bfa8281502b8d8dd60 2006.0/RPMS/libxine1-1.1.0-9.3.20060mdk.i586.rpm ddae938ae14b61dc19311e3b1c43c732 2006.0/RPMS/libxine1-devel-1.1.0-9.3.20060mdk.i586.rpm 52d14f097de9909ae7fa7cb4cc079a69 2006.0/RPMS/xine-aa-1.1.0-9.3.20060mdk.i586.rpm 723156ddabd5ee3f88693e578d96e56d 2006.0/RPMS/xine-arts-1.1.0-9.3.20060mdk.i586.rpm 5f28c1bc6bf0688c6ecb260e00531846 2006.0/RPMS/xine-dxr3-1.1.0-9.3.20060mdk.i586.rpm 84dd3acde96126f2b6f0146a0a24dade 2006.0/RPMS/xine-esd-1.1.0-9.3.20060mdk.i586.rpm 3d216fdcc4bd0c0e768b6d779a0e1d49 2006.0/RPMS/xine-flac-1.1.0-9.3.20060mdk.i586.rpm 3a62513a70e360c38f3c82ea2d3e7310 2006.0/RPMS/xine-gnomevfs-1.1.0-9.3.20060mdk.i586.rpm 7e044bd1b04ee2531f5f5cd4fe7daad3 2006.0/RPMS/xine-image-1.1.0-9.3.20060mdk.i586.rpm d75c1fcc21a53f88c5abe88497968421 2006.0/RPMS/xine-plugins-1.1.0-9.3.20060mdk.i586.rpm dabedf3272f152fb60bb5a413050c7e0 2006.0/RPMS/xine-polyp-1.1.0-9.3.20060mdk.i586.rpm e1885c8818bafdd885f96eaf8c12ef7f 2006.0/RPMS/xine-smb-1.1.0-9.3.20060mdk.i586.rpm ff8503a1b8087bc9181f07678438553d 2006.0/SRPMS/xine-lib-1.1.0-9.3.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: bfe9c3b5b5df347001df5cfd0bb2f644 x86_64/2006.0/RPMS/lib64xine1-1.1.0-9.3.20060mdk.x86_64.rpm 94d8aa7a860ba4aa93f655c09ad1c366 x86_64/2006.0/RPMS/lib64xine1-devel-1.1.0-9.3.20060mdk.x86_64.rpm 0a4c15b7e94af988af673273e8258328 x86_64/2006.0/RPMS/xine-aa-1.1.0-9.3.20060mdk.x86_64.rpm 299d73e1d222b28c1c2901896e2507ed x86_64/2006.0/RPMS/xine-arts-1.1.0-9.3.20060mdk.x86_64.rpm 26add5380db72a42ef9bd67508f48dad x86_64/2006.0/RPMS/xine-dxr3-1.1.0-9.3.20060mdk.x86_64.rpm 51cb6ba50f28b1868691460376639a6c x86_64/2006.0/RPMS/xine-esd-1.1.0-9.3.20060mdk.x86_64.rpm e970668f572b7e7a62530b778b3fb493 x86_64/2006.0/RPMS/xine-flac-1.1.0-9.3.20060mdk.x86_64.rpm f5293bf40bd328e14c1291c68237b1d8 x86_64/2006.0/RPMS/xine-gnomevfs-1.1.0-9.3.20060mdk.x86_64.rpm 537a00c6c9509a99d9112440dd49e7d1 x86_64/2006.0/RPMS/xine-image-1.1.0-9.3.20060mdk.x86_64.rpm 8b752a25e5220b0a846a44f16789b7c9 x86_64/2006.0/RPMS/xine-plugins-1.1.0-9.3.20060mdk.x86_64.rpm b66deaeca87b2e72508e1ca72024f59e x86_64/2006.0/RPMS/xine-polyp-1.1.0-9.3.20060mdk.x86_64.rpm e89abe16a92fc7fa2cafc9e0ab031ac5 x86_64/2006.0/RPMS/xine-smb-1.1.0-9.3.20060mdk.x86_64.rpm ff8503a1b8087bc9181f07678438553d x86_64/2006.0/SRPMS/xine-lib-1.1.0-9.3.20060mdk.src.rpm Corporate 3.0: 66d0662ba00565b4476925a9902d0f9a corporate/3.0/RPMS/libxine1-1-0.rc3.6.9.C30mdk.i586.rpm 2a084d80fe44d600fe0e609cde830539 corporate/3.0/RPMS/libxine1-devel-1-0.rc3.6.9.C30mdk.i586.rpm b57f175e35f525f6b6b753823fc325d2 corporate/3.0/RPMS/xine-aa-1-0.rc3.6.9.C30mdk.i586.rpm e0d664e3fc1a2b8d99102e24c496a272 corporate/3.0/RPMS/xine-arts-1-0.rc3.6.9.C30mdk.i586.rpm 38c038ef6e7d075308c4a2611b3f584c corporate/3.0/RPMS/xine-dxr3-1-0.rc3.6.9.C30mdk.i586.rpm 6afecd5f975522201bec5646fbd2ae21 corporate/3.0/RPMS/xine-esd-1-0.rc3.6.9.C30mdk.i586.rpm c8895ac5be58e07ed8cd15cd81e350e6 corporate/3.0/RPMS/xine-flac-1-0.rc3.6.9.C30mdk.i586.rpm c255ed0880402fe216f217056c9672ea corporate/3.0/RPMS/xine-gnomevfs-1-0.rc3.6.9.C30mdk.i586.rpm b61bb1c61c95522f1dd5757fa3bd4a71 corporate/3.0/RPMS/xine-plugins-1-0.rc3.6.9.C30mdk.i586.rpm d0a1c45466bb122ec7e4fb9caefa2cad corporate/3.0/SRPMS/xine-lib-1-0.rc3.6.9.C30mdk.src.rpm Corporate 3.0/X86_64: 6b61bb4adaf12bcbf3b0a499321eaad0 x86_64/corporate/3.0/RPMS/lib64xine1-1-0.rc3.6.9.C30mdk.x86_64.rpm de9ab25205ea761b93a80167a580f833 x86_64/corporate/3.0/RPMS/lib64xine1-devel-1-0.rc3.6.9.C30mdk.x86_64.rpm 21cff9416555046fbb635597c21488ee x86_64/corporate/3.0/RPMS/xine-aa-1-0.rc3.6.9.C30mdk.x86_64.rpm ae45767a2cec62c5bd4881cfd6128679 x86_64/corporate/3.0/RPMS/xine-arts-1-0.rc3.6.9.C30mdk.x86_64.rpm b936148403fc056d0c6427de93dd43e9 x86_64/corporate/3.0/RPMS/xine-esd-1-0.rc3.6.9.C30mdk.x86_64.rpm 077ef2b064905109f8dc9f0473fb92e2 x86_64/corporate/3.0/RPMS/xine-flac-1-0.rc3.6.9.C30mdk.x86_64.rpm 0524630808f7398834e8234ddcbef63e x86_64/corporate/3.0/RPMS/xine-gnomevfs-1-0.rc3.6.9.C30mdk.x86_64.rpm 438c3ca4e2050d253d6d0108db150811 x86_64/corporate/3.0/RPMS/xine-plugins-1-0.rc3.6.9.C30mdk.x86_64.rpm d0a1c45466bb122ec7e4fb9caefa2cad x86_64/corporate/3.0/SRPMS/xine-lib-1-0.rc3.6.9.C30mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQFEmHBfmqjQ0CJFipgRAlbUAKDUUil0PlZfHc0NjOkdEi0QXQf11ACcC+FW E+NQPFSVEummnHm6+6kmdxU= =ft5m -----END PGP SIGNATURE-----