-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2008:177 http://www.mandriva.com/security/ _______________________________________________________________________ Package : xine-lib Date : August 20, 2008 Affected: 2008.1 _______________________________________________________________________ Problem Description: Guido Landi found A stack-based buffer overflow in xine-lib that could allow a remote attacker to cause a denial of service (crash) and potentially execute arbitrary code via a long NSF title (CVE-2008-1878). The updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1878 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.1: 10db71c6a43508d36ba8d93f290f72d6 2008.1/i586/libxine1-1.1.11.1-4.2mdv2008.1.i586.rpm 106e82cbd1e2ed40f533fe6d28f2ccfb 2008.1/i586/libxine-devel-1.1.11.1-4.2mdv2008.1.i586.rpm 80f94cbfc8be99ea04de884066a5b95e 2008.1/i586/xine-aa-1.1.11.1-4.2mdv2008.1.i586.rpm 9d42258f0e3ae0128d054ae53805cbd8 2008.1/i586/xine-caca-1.1.11.1-4.2mdv2008.1.i586.rpm 31d7177e7ae1b81e89fc28811ba4567e 2008.1/i586/xine-dxr3-1.1.11.1-4.2mdv2008.1.i586.rpm b0a98953adc702b1921135412ad603cd 2008.1/i586/xine-esd-1.1.11.1-4.2mdv2008.1.i586.rpm 086ee1475478bd3e64a3dc4b9f677dcd 2008.1/i586/xine-flac-1.1.11.1-4.2mdv2008.1.i586.rpm 43e7881b465be3ed1df25247af758692 2008.1/i586/xine-gnomevfs-1.1.11.1-4.2mdv2008.1.i586.rpm e07999dc5149e38ed39a778e46298523 2008.1/i586/xine-image-1.1.11.1-4.2mdv2008.1.i586.rpm fdc64b384993234582716d49beadd3e0 2008.1/i586/xine-jack-1.1.11.1-4.2mdv2008.1.i586.rpm 6ec501e08df57145bcf1eeb4730f43dd 2008.1/i586/xine-plugins-1.1.11.1-4.2mdv2008.1.i586.rpm 6d0a6630688d65cad364fb4b60449867 2008.1/i586/xine-pulse-1.1.11.1-4.2mdv2008.1.i586.rpm cb42e25b94a5c6bbf640878cedef4ab1 2008.1/i586/xine-sdl-1.1.11.1-4.2mdv2008.1.i586.rpm 61dc627d3b187ba4cf0281b956b7fa56 2008.1/i586/xine-smb-1.1.11.1-4.2mdv2008.1.i586.rpm b032fa9c5083bcc6130b550983efb024 2008.1/i586/xine-wavpack-1.1.11.1-4.2mdv2008.1.i586.rpm b8c89ebf6906c01d471205934bcdcfd3 2008.1/SRPMS/xine-lib-1.1.11.1-4.2mdv2008.1.src.rpm Mandriva Linux 2008.1/X86_64: a9ff3e2ff6df1a32a53f5c18d4f0385a 2008.1/x86_64/lib64xine1-1.1.11.1-4.2mdv2008.1.x86_64.rpm 87c32e02d5cd1fb408e934a2dc3007ba 2008.1/x86_64/lib64xine-devel-1.1.11.1-4.2mdv2008.1.x86_64.rpm 59375c9ce1868bb410b03851d6798718 2008.1/x86_64/xine-aa-1.1.11.1-4.2mdv2008.1.x86_64.rpm f45bcfce4d66d8a2b683371dd7030e37 2008.1/x86_64/xine-caca-1.1.11.1-4.2mdv2008.1.x86_64.rpm 4775483c71308e162ef87b99ac303d90 2008.1/x86_64/xine-dxr3-1.1.11.1-4.2mdv2008.1.x86_64.rpm bdb716d2e1bd7477a78cba9725b93b90 2008.1/x86_64/xine-esd-1.1.11.1-4.2mdv2008.1.x86_64.rpm 5bfe733f4a30232c91c573238fc3beb2 2008.1/x86_64/xine-flac-1.1.11.1-4.2mdv2008.1.x86_64.rpm 7ac3d2c4b723f5e72727d8719d50b35c 2008.1/x86_64/xine-gnomevfs-1.1.11.1-4.2mdv2008.1.x86_64.rpm 401c5dbc008597aa06774b3eeb02e57d 2008.1/x86_64/xine-image-1.1.11.1-4.2mdv2008.1.x86_64.rpm 2957efe6941036a9f97621068587614f 2008.1/x86_64/xine-jack-1.1.11.1-4.2mdv2008.1.x86_64.rpm acdba1ff341e79ce14b31aeecfb5d573 2008.1/x86_64/xine-plugins-1.1.11.1-4.2mdv2008.1.x86_64.rpm 0b5a46d078f22d304e413e7772992903 2008.1/x86_64/xine-pulse-1.1.11.1-4.2mdv2008.1.x86_64.rpm 312ef813d09a5dfd7456e9a3a500fc06 2008.1/x86_64/xine-sdl-1.1.11.1-4.2mdv2008.1.x86_64.rpm ad61d3fd3e66e92f18464e5622cba4c3 2008.1/x86_64/xine-smb-1.1.11.1-4.2mdv2008.1.x86_64.rpm 74380a1f6f47ae4ba8f88031b39304a5 2008.1/x86_64/xine-wavpack-1.1.11.1-4.2mdv2008.1.x86_64.rpm b8c89ebf6906c01d471205934bcdcfd3 2008.1/SRPMS/xine-lib-1.1.11.1-4.2mdv2008.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFIrLcLmqjQ0CJFipgRAp23AJ49CR1uJr/8p9/aV9YmWSCeR7C0iwCg4QCI bvyTd48CZg+Yaqi3nHJHXU4= =CBFe -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/