-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2006:121 http://www.mandriva.com/security/ _______________________________________________________________________ Package : xine-lib Date : July 12, 2006 Affected: 2006.0, Corporate 3.0 _______________________________________________________________________ Problem Description: Stack-based buffer overflow in MiMMS 0.0.9 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via the (1) send_command, (2) string_utf16, (3) get_data, and (4) get_media_packet functions, and possibly other functions. Xine-lib contains an embedded copy of the same vulnerable code. The updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2200 _______________________________________________________________________ Updated Packages: Mandriva Linux 2006.0: 34c23d8a858d2a2687297e25618c7b04 2006.0/RPMS/libxine1-1.1.0-9.6.20060mdk.i586.rpm 57f9a069b8fc968a12ce24605390c1f1 2006.0/RPMS/libxine1-devel-1.1.0-9.6.20060mdk.i586.rpm 7c2652ce586d087793536649d7da6966 2006.0/RPMS/xine-aa-1.1.0-9.6.20060mdk.i586.rpm 37eff9bda8595acfbaf80e0998db1c9e 2006.0/RPMS/xine-arts-1.1.0-9.6.20060mdk.i586.rpm e5672e6558978051f6878dea6ba961b5 2006.0/RPMS/xine-dxr3-1.1.0-9.6.20060mdk.i586.rpm 6527706516fb99a53f82d2c8c4b2e5f8 2006.0/RPMS/xine-esd-1.1.0-9.6.20060mdk.i586.rpm 10d172825fdd5dd2dd92dfafd5d60e23 2006.0/RPMS/xine-flac-1.1.0-9.6.20060mdk.i586.rpm 87b9a38b877b67f0ac0ee4f58ed50983 2006.0/RPMS/xine-gnomevfs-1.1.0-9.6.20060mdk.i586.rpm 8656ea92b3fca51e2fad861ea963b14d 2006.0/RPMS/xine-image-1.1.0-9.6.20060mdk.i586.rpm 6a538ee35d785dfc7ea64a03c20060da 2006.0/RPMS/xine-plugins-1.1.0-9.6.20060mdk.i586.rpm 9defa64950f2feebab9dda16d35523cb 2006.0/RPMS/xine-polyp-1.1.0-9.6.20060mdk.i586.rpm d207307cb338b46edd703797b693ea24 2006.0/RPMS/xine-smb-1.1.0-9.6.20060mdk.i586.rpm 4dc1623162c6092eb10c755ed2c5366a 2006.0/SRPMS/xine-lib-1.1.0-9.6.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: 8798915891b79ac134565f8ede0653b1 x86_64/2006.0/RPMS/lib64xine1-1.1.0-9.6.20060mdk.x86_64.rpm dcd2eb828f921b04206124835eeada8e x86_64/2006.0/RPMS/lib64xine1-devel-1.1.0-9.6.20060mdk.x86_64.rpm a933644c1c56d642a5d576cb217d0356 x86_64/2006.0/RPMS/xine-aa-1.1.0-9.6.20060mdk.x86_64.rpm 238d8526e618dff3aa31e223c14ce432 x86_64/2006.0/RPMS/xine-arts-1.1.0-9.6.20060mdk.x86_64.rpm d9f0269ae701936ce27b6515e5c73ac1 x86_64/2006.0/RPMS/xine-dxr3-1.1.0-9.6.20060mdk.x86_64.rpm 4683507048ec6535c2c5f63997ec719d x86_64/2006.0/RPMS/xine-esd-1.1.0-9.6.20060mdk.x86_64.rpm bc649ad82f11c8422f1e9fb711dd4803 x86_64/2006.0/RPMS/xine-flac-1.1.0-9.6.20060mdk.x86_64.rpm 52fe1d4ddeeea6ec91a776ccacf5df19 x86_64/2006.0/RPMS/xine-gnomevfs-1.1.0-9.6.20060mdk.x86_64.rpm 348cc9ecf59e378b3d1c6aa12a35f9b9 x86_64/2006.0/RPMS/xine-image-1.1.0-9.6.20060mdk.x86_64.rpm d2f2300e0bd4e4e210bbfae485c07624 x86_64/2006.0/RPMS/xine-plugins-1.1.0-9.6.20060mdk.x86_64.rpm afca19bc708fc5964c19fff3a2d16286 x86_64/2006.0/RPMS/xine-polyp-1.1.0-9.6.20060mdk.x86_64.rpm ba7c60488a4459066ba4ed08046ce48c x86_64/2006.0/RPMS/xine-smb-1.1.0-9.6.20060mdk.x86_64.rpm 4dc1623162c6092eb10c755ed2c5366a x86_64/2006.0/SRPMS/xine-lib-1.1.0-9.6.20060mdk.src.rpm Corporate 3.0: 1390c15ca893041af1076e6a02d14f47 corporate/3.0/RPMS/libxine1-1-0.rc3.6.12.C30mdk.i586.rpm ecc53b859629edd48ef27b477332889e corporate/3.0/RPMS/libxine1-devel-1-0.rc3.6.12.C30mdk.i586.rpm a4d85795d05266793fa61ba6bc986aa6 corporate/3.0/RPMS/xine-aa-1-0.rc3.6.12.C30mdk.i586.rpm 4dd4249d6b1911501ddcfa1ef36470af corporate/3.0/RPMS/xine-arts-1-0.rc3.6.12.C30mdk.i586.rpm c9a3f82dad17f32a6ab6c0b1926c52c1 corporate/3.0/RPMS/xine-dxr3-1-0.rc3.6.12.C30mdk.i586.rpm c40b65dd7cde826b8bfa5fb5720d15ed corporate/3.0/RPMS/xine-esd-1-0.rc3.6.12.C30mdk.i586.rpm 2a257f092fe4b304be7e358230aa0361 corporate/3.0/RPMS/xine-flac-1-0.rc3.6.12.C30mdk.i586.rpm b04b482c8693272f7ead71ac3ce91e7f corporate/3.0/RPMS/xine-gnomevfs-1-0.rc3.6.12.C30mdk.i586.rpm ae63549d198004056aacacee5b2ccbef corporate/3.0/RPMS/xine-plugins-1-0.rc3.6.12.C30mdk.i586.rpm d8fe8f9dff1190413e81e82e67762462 corporate/3.0/SRPMS/xine-lib-1-0.rc3.6.12.C30mdk.src.rpm Corporate 3.0/X86_64: aad2ac9345e05d900910b8beade5ff21 x86_64/corporate/3.0/RPMS/lib64xine1-1-0.rc3.6.12.C30mdk.x86_64.rpm b9540819f0250a2924297ce0388f6202 x86_64/corporate/3.0/RPMS/lib64xine1-devel-1-0.rc3.6.12.C30mdk.x86_64.rpm 53cc9dc911be64bf8764d76262df4a44 x86_64/corporate/3.0/RPMS/xine-aa-1-0.rc3.6.12.C30mdk.x86_64.rpm 280b7a7ceb168225d30eb97e95f45fb6 x86_64/corporate/3.0/RPMS/xine-arts-1-0.rc3.6.12.C30mdk.x86_64.rpm 4e3811096df50e37e6b10f3eedafb0be x86_64/corporate/3.0/RPMS/xine-esd-1-0.rc3.6.12.C30mdk.x86_64.rpm e1e703b0f81edc6399225c6652049519 x86_64/corporate/3.0/RPMS/xine-flac-1-0.rc3.6.12.C30mdk.x86_64.rpm 14ce60de521e86ae7755c74a3c845d73 x86_64/corporate/3.0/RPMS/xine-gnomevfs-1-0.rc3.6.12.C30mdk.x86_64.rpm f95f6a3222ef533ea13637cd8d9ff737 x86_64/corporate/3.0/RPMS/xine-plugins-1-0.rc3.6.12.C30mdk.x86_64.rpm d8fe8f9dff1190413e81e82e67762462 x86_64/corporate/3.0/SRPMS/xine-lib-1-0.rc3.6.12.C30mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQFEtTcXmqjQ0CJFipgRAqSMAKCgYu5Rj5uiU1ZXdDurg4O8HjMRoACcDF4O gECJMRGglbqZVCVnyNwn7NA= =E8fg -----END PGP SIGNATURE-----