-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2008:124 http://www.mandriva.com/security/ _______________________________________________________________________ Package : xine-lib Date : June 26, 2008 Affected: 2008.0, 2008.1 _______________________________________________________________________ Problem Description: A vulnerability in the Speex library was found where it did not properly validate input values read from the Speex files headers. An attacker could create a malicious Speex file that would crash an application or potentially allow the execution of arbitrary code with the privileges of the application calling the Speex library (CVE-2008-1686). Xine-lib is similarly affected by this issue. As well, the previous version of xine as provided in Mandriva Linux 2008.1 would crash when playing matroska files, and a regression was introduced that prevented Amarok from playing m4a files. The updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1686 http://qa.mandriva.com/show_bug.cgi?id=39768 http://qa.mandriva.com/show_bug.cgi?id=40928 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: ad845d6dc3353c1ca97f5aa95d992ff1 2008.0/i586/libxine1-1.1.8-4.6mdv2008.0.i586.rpm ae9a07c197291e8a274a276946c5b757 2008.0/i586/libxine-devel-1.1.8-4.6mdv2008.0.i586.rpm b9b9ce8553746b0628b4183ea2ce4b6d 2008.0/i586/xine-aa-1.1.8-4.6mdv2008.0.i586.rpm 17c32afdfbde86f0f31097f984177d65 2008.0/i586/xine-caca-1.1.8-4.6mdv2008.0.i586.rpm fbd3c46574aa4ffbe8cb406c4dc88417 2008.0/i586/xine-dxr3-1.1.8-4.6mdv2008.0.i586.rpm f9d4d16bb9f172cf493b739bb454e9df 2008.0/i586/xine-esd-1.1.8-4.6mdv2008.0.i586.rpm 558accfe2cc33255ccad98d6a8441064 2008.0/i586/xine-flac-1.1.8-4.6mdv2008.0.i586.rpm 264cc6cdbce7b1f6c83e343c187cb509 2008.0/i586/xine-gnomevfs-1.1.8-4.6mdv2008.0.i586.rpm 2aed56b1bbd7a6c3354fe75f53b4f3e2 2008.0/i586/xine-image-1.1.8-4.6mdv2008.0.i586.rpm e05266e2becad52ebda0cb8c02ae13b3 2008.0/i586/xine-jack-1.1.8-4.6mdv2008.0.i586.rpm 016e9b18b74eed89bf2f200e7174b3cb 2008.0/i586/xine-plugins-1.1.8-4.6mdv2008.0.i586.rpm b3346291b6428d1add2fa62055cd492a 2008.0/i586/xine-pulse-1.1.8-4.6mdv2008.0.i586.rpm 12346f664080c9cf162f235de7f91ad4 2008.0/i586/xine-sdl-1.1.8-4.6mdv2008.0.i586.rpm 36965664cca748ae612cc6d178122ae8 2008.0/i586/xine-smb-1.1.8-4.6mdv2008.0.i586.rpm ac597fd40a0b449cd4f1692ccb759572 2008.0/SRPMS/xine-lib-1.1.8-4.6mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: b1cb0d0f17d17c4c82040f8688019578 2008.0/x86_64/lib64xine1-1.1.8-4.6mdv2008.0.x86_64.rpm ea2ea3354c51cb308334b5ba29e23a18 2008.0/x86_64/lib64xine-devel-1.1.8-4.6mdv2008.0.x86_64.rpm 624b0ccb940a022fd4aeda527df52bf5 2008.0/x86_64/xine-aa-1.1.8-4.6mdv2008.0.x86_64.rpm c50654970f441adf19bb3df7b63552a9 2008.0/x86_64/xine-caca-1.1.8-4.6mdv2008.0.x86_64.rpm 1dc6495f61075962070fa17686ab4672 2008.0/x86_64/xine-dxr3-1.1.8-4.6mdv2008.0.x86_64.rpm 90f792c06169cb9856a4fc5ff3755107 2008.0/x86_64/xine-esd-1.1.8-4.6mdv2008.0.x86_64.rpm 00caa1c8cfd859ced79bd4917306aa5f 2008.0/x86_64/xine-flac-1.1.8-4.6mdv2008.0.x86_64.rpm 5c03fc3b2167d7a10d6fbb63011bfb76 2008.0/x86_64/xine-gnomevfs-1.1.8-4.6mdv2008.0.x86_64.rpm df2406c34d7d157d3eaaa644b07833c1 2008.0/x86_64/xine-image-1.1.8-4.6mdv2008.0.x86_64.rpm 76983bf74762c4bd66f849823ac2f553 2008.0/x86_64/xine-jack-1.1.8-4.6mdv2008.0.x86_64.rpm dd31feadafd83e1f454627064ebca047 2008.0/x86_64/xine-plugins-1.1.8-4.6mdv2008.0.x86_64.rpm 458aeeac225e2c46dcda2a7f5e74701a 2008.0/x86_64/xine-pulse-1.1.8-4.6mdv2008.0.x86_64.rpm fac50b5c5b9de0862c01344e7a6c0be6 2008.0/x86_64/xine-sdl-1.1.8-4.6mdv2008.0.x86_64.rpm bf1935546d1de8e7df0c05076a1605bd 2008.0/x86_64/xine-smb-1.1.8-4.6mdv2008.0.x86_64.rpm ac597fd40a0b449cd4f1692ccb759572 2008.0/SRPMS/xine-lib-1.1.8-4.6mdv2008.0.src.rpm Mandriva Linux 2008.1: eeb22b316f3d0bdd9955b5a2ca0c2b03 2008.1/i586/libxine1-1.1.11.1-4.1mdv2008.1.i586.rpm 69c0fbda734b369c97681226b81e2222 2008.1/i586/libxine-devel-1.1.11.1-4.1mdv2008.1.i586.rpm 11bb713825922a33db78225abc311aac 2008.1/i586/xine-aa-1.1.11.1-4.1mdv2008.1.i586.rpm aaee08af70d438550e402189d0234cec 2008.1/i586/xine-caca-1.1.11.1-4.1mdv2008.1.i586.rpm c803ac9dc7d0cf116bc10c5f14b8ed2e 2008.1/i586/xine-dxr3-1.1.11.1-4.1mdv2008.1.i586.rpm e3c997f1133f1771135e547555e1ca59 2008.1/i586/xine-esd-1.1.11.1-4.1mdv2008.1.i586.rpm ce3a12266a4f02ce88cc722e4a1d6b37 2008.1/i586/xine-flac-1.1.11.1-4.1mdv2008.1.i586.rpm 2e8612901990c5cd3fcb914c4acef7ec 2008.1/i586/xine-gnomevfs-1.1.11.1-4.1mdv2008.1.i586.rpm dc3cd131c7b7f78bc30b59fe8c16644f 2008.1/i586/xine-image-1.1.11.1-4.1mdv2008.1.i586.rpm 22535a08aabcd7b2966d19d06c6e902f 2008.1/i586/xine-jack-1.1.11.1-4.1mdv2008.1.i586.rpm eb17455995a3d8c43ff5ce8f33874f5a 2008.1/i586/xine-plugins-1.1.11.1-4.1mdv2008.1.i586.rpm 3cf5abf164c2eb4669d693bc8045e0eb 2008.1/i586/xine-pulse-1.1.11.1-4.1mdv2008.1.i586.rpm 2a2cb49ab2e45a345ee21742f151e58f 2008.1/i586/xine-sdl-1.1.11.1-4.1mdv2008.1.i586.rpm 14928bb6d625aa65130be890b27745e0 2008.1/i586/xine-smb-1.1.11.1-4.1mdv2008.1.i586.rpm 943a02cdd396ac7645622dff0eeec140 2008.1/i586/xine-wavpack-1.1.11.1-4.1mdv2008.1.i586.rpm c0d83761ba92778f6dbc87e581119a71 2008.1/SRPMS/xine-lib-1.1.11.1-4.1mdv2008.1.src.rpm Mandriva Linux 2008.1/X86_64: d1ac37f198a848d49cda7880dcc23102 2008.1/x86_64/lib64xine1-1.1.11.1-4.1mdv2008.1.x86_64.rpm ea6903d6592b1d5922a102a93ca6ea99 2008.1/x86_64/lib64xine-devel-1.1.11.1-4.1mdv2008.1.x86_64.rpm 9e90e2ad00a78832bd578fc15f9f8b13 2008.1/x86_64/xine-aa-1.1.11.1-4.1mdv2008.1.x86_64.rpm 6ae941e81d86abf75b39d7006dc9734d 2008.1/x86_64/xine-caca-1.1.11.1-4.1mdv2008.1.x86_64.rpm a59961f56512404d607efacffa5793c4 2008.1/x86_64/xine-dxr3-1.1.11.1-4.1mdv2008.1.x86_64.rpm 01f42963ea50d644e7351790b8a24b94 2008.1/x86_64/xine-esd-1.1.11.1-4.1mdv2008.1.x86_64.rpm d7c790f3019049aaf14714f38b3d81ac 2008.1/x86_64/xine-flac-1.1.11.1-4.1mdv2008.1.x86_64.rpm 2c12d76b5848845ad4de5c1bdf7a32ad 2008.1/x86_64/xine-gnomevfs-1.1.11.1-4.1mdv2008.1.x86_64.rpm 628ae9d2ac10eaf6d3b02dd0ba2abcae 2008.1/x86_64/xine-image-1.1.11.1-4.1mdv2008.1.x86_64.rpm c008ce2ab72809ab87d93c23deb4d195 2008.1/x86_64/xine-jack-1.1.11.1-4.1mdv2008.1.x86_64.rpm 559544de22e927b9d28d244b029e0d54 2008.1/x86_64/xine-plugins-1.1.11.1-4.1mdv2008.1.x86_64.rpm 24b4fe41ecaf1f4d91ecbce88ab61b67 2008.1/x86_64/xine-pulse-1.1.11.1-4.1mdv2008.1.x86_64.rpm 64ba32889ddf4c0c9664d49b06efe607 2008.1/x86_64/xine-sdl-1.1.11.1-4.1mdv2008.1.x86_64.rpm 8867bb990ec77a42ea20886d3500d94d 2008.1/x86_64/xine-smb-1.1.11.1-4.1mdv2008.1.x86_64.rpm b10ee4d5faa7e8379d0d9cb6d02c74f1 2008.1/x86_64/xine-wavpack-1.1.11.1-4.1mdv2008.1.x86_64.rpm c0d83761ba92778f6dbc87e581119a71 2008.1/SRPMS/xine-lib-1.1.11.1-4.1mdv2008.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFIY/TZmqjQ0CJFipgRAjh9AJ908v/XFv77z2Mtn+TOViX70b6pFQCgxsvQ r32dc/MX7NEK0SjVT6EvrD8= =d+Iw -----END PGP SIGNATURE-----