Secunia Security Advisory - Mandriva has issued an update for xine-lib. This fixes a weakness, which can be exploited by malicious people to crash certain applications on a user's system
14a604a9064c9a0b730dc053c22975f27bcfb16329fe6b1c9c198555c3e5b49e
----------------------------------------------------------------------
Want to join the Secunia Security Team?
Secunia offers a position as a security specialist, where your daily
work involves reverse engineering of software and exploit code,
auditing of source code, and analysis of vulnerability reports.
http://secunia.com/secunia_security_specialist/
----------------------------------------------------------------------
TITLE:
Mandriva update for xine-lib
SECUNIA ADVISORY ID:
SA20828
VERIFY ADVISORY:
http://secunia.com/advisories/20828/
CRITICAL:
Moderately critical
IMPACT:
System access, DoS
WHERE:
>From remote
OPERATING SYSTEM:
Mandriva Linux 2006
http://secunia.com/product/9020/
DESCRIPTION:
Mandriva has issued an update for xine-lib. This fixes a weakness,
which can be exploited by malicious people to crash certain
applications on a user's system
For more information:
SA20369
A boundary error in the AVI demuxer, which may be exploited to cause
a buffer overflow, has also been reported.
SOLUTION:
Apply updated packages.
-- Mandrivalinux 2006 --
904b1e86d75ee4bfa8281502b8d8dd60
2006.0/RPMS/libxine1-1.1.0-9.3.20060mdk.i586.rpm
ddae938ae14b61dc19311e3b1c43c732
2006.0/RPMS/libxine1-devel-1.1.0-9.3.20060mdk.i586.rpm
52d14f097de9909ae7fa7cb4cc079a69
2006.0/RPMS/xine-aa-1.1.0-9.3.20060mdk.i586.rpm
723156ddabd5ee3f88693e578d96e56d
2006.0/RPMS/xine-arts-1.1.0-9.3.20060mdk.i586.rpm
5f28c1bc6bf0688c6ecb260e00531846
2006.0/RPMS/xine-dxr3-1.1.0-9.3.20060mdk.i586.rpm
84dd3acde96126f2b6f0146a0a24dade
2006.0/RPMS/xine-esd-1.1.0-9.3.20060mdk.i586.rpm
3d216fdcc4bd0c0e768b6d779a0e1d49
2006.0/RPMS/xine-flac-1.1.0-9.3.20060mdk.i586.rpm
3a62513a70e360c38f3c82ea2d3e7310
2006.0/RPMS/xine-gnomevfs-1.1.0-9.3.20060mdk.i586.rpm
7e044bd1b04ee2531f5f5cd4fe7daad3
2006.0/RPMS/xine-image-1.1.0-9.3.20060mdk.i586.rpm
d75c1fcc21a53f88c5abe88497968421
2006.0/RPMS/xine-plugins-1.1.0-9.3.20060mdk.i586.rpm
dabedf3272f152fb60bb5a413050c7e0
2006.0/RPMS/xine-polyp-1.1.0-9.3.20060mdk.i586.rpm
e1885c8818bafdd885f96eaf8c12ef7f
2006.0/RPMS/xine-smb-1.1.0-9.3.20060mdk.i586.rpm
ff8503a1b8087bc9181f07678438553d
2006.0/SRPMS/xine-lib-1.1.0-9.3.20060mdk.src.rpm
-- Mandrivalinux 2006/X86_64 --
bfe9c3b5b5df347001df5cfd0bb2f644
x86_64/2006.0/RPMS/lib64xine1-1.1.0-9.3.20060mdk.x86_64.rpm
94d8aa7a860ba4aa93f655c09ad1c366
x86_64/2006.0/RPMS/lib64xine1-devel-1.1.0-9.3.20060mdk.x86_64.rpm
0a4c15b7e94af988af673273e8258328
x86_64/2006.0/RPMS/xine-aa-1.1.0-9.3.20060mdk.x86_64.rpm
299d73e1d222b28c1c2901896e2507ed
x86_64/2006.0/RPMS/xine-arts-1.1.0-9.3.20060mdk.x86_64.rpm
26add5380db72a42ef9bd67508f48dad
x86_64/2006.0/RPMS/xine-dxr3-1.1.0-9.3.20060mdk.x86_64.rpm
51cb6ba50f28b1868691460376639a6c
x86_64/2006.0/RPMS/xine-esd-1.1.0-9.3.20060mdk.x86_64.rpm
e970668f572b7e7a62530b778b3fb493
x86_64/2006.0/RPMS/xine-flac-1.1.0-9.3.20060mdk.x86_64.rpm
f5293bf40bd328e14c1291c68237b1d8
x86_64/2006.0/RPMS/xine-gnomevfs-1.1.0-9.3.20060mdk.x86_64.rpm
537a00c6c9509a99d9112440dd49e7d1
x86_64/2006.0/RPMS/xine-image-1.1.0-9.3.20060mdk.x86_64.rpm
8b752a25e5220b0a846a44f16789b7c9
x86_64/2006.0/RPMS/xine-plugins-1.1.0-9.3.20060mdk.x86_64.rpm
b66deaeca87b2e72508e1ca72024f59e
x86_64/2006.0/RPMS/xine-polyp-1.1.0-9.3.20060mdk.x86_64.rpm
e89abe16a92fc7fa2cafc9e0ab031ac5
x86_64/2006.0/RPMS/xine-smb-1.1.0-9.3.20060mdk.x86_64.rpm
ff8503a1b8087bc9181f07678438553d
x86_64/2006.0/SRPMS/xine-lib-1.1.0-9.3.20060mdk.src.rpm
ORIGINAL ADVISORY:
http://www.mandriva.com/security/advisories?name=MDKSA-2006:108
OTHER REFERENCES:
SA20369:
http://secunia.com/advisories/20369/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------