Jump to content
Compatible Support Forums
Sign in to follow this  
Followers 0
news

[Security Announce] [ MDVSA-2008:124 ] - Updated xine-lib packages fix vulnerability in Speex decoder

By news, in Upcoming News

Recommended Posts

news    28

news
Posted

This is a multi-part message in MIME format...

 

------------=_1214521297-11275-6720

 

 

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

 

_______________________________________________________________________

 

Mandriva Linux Security Advisory MDVSA-2008:124

http://www.mandriva.com/security/

_______________________________________________________________________

 

Package : xine-lib

Date : June 26, 2008

Affected: 2008.0, 2008.1

_______________________________________________________________________

 

Problem Description:

 

A vulnerability in the Speex library was found where it did not

properly validate input values read from the Speex files headers.

An attacker could create a malicious Speex file that would crash an

application or potentially allow the execution of arbitrary code

with the privileges of the application calling the Speex library

(CVE-2008-1686).

 

Xine-lib is similarly affected by this issue.

 

As well, the previous version of xine as provided in Mandriva Linux

2008.1 would crash when playing matroska files, and a regression was

introduced that prevented Amarok from playing m4a files.

 

The updated packages have been patched to correct this issue.

_______________________________________________________________________

 

References:

 

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1686

http://qa.mandriva.com/show_bug.cgi?id=39768

http://qa.mandriva.com/show_bug.cgi?id=40928

_______________________________________________________________________

 

Updated Packages:

 

Mandriva Linux 2008.0:

ad845d6dc3353c1ca97f5aa95d992ff1 2008.0/i586/libxine1-1.1.8-4.6mdv2008.0.i586.rpm

ae9a07c197291e8a274a276946c5b757 2008.0/i586/libxine-devel-1.1.8-4.6mdv2008.0.i586.rpm

b9b9ce8553746b0628b4183ea2ce4b6d 2008.0/i586/xine-aa-1.1.8-4.6mdv2008.0.i586.rpm

17c32afdfbde86f0f31097f984177d65 2008.0/i586/xine-caca-1.1.8-4.6mdv2008.0.i586.rpm

fbd3c46574aa4ffbe8cb406c4dc88417 2008.0/i586/xine-dxr3-1.1.8-4.6mdv2008.0.i586.rpm

f9d4d16bb9f172cf493b739bb454e9df 2008.0/i586/xine-esd-1.1.8-4.6mdv2008.0.i586.rpm

558accfe2cc33255ccad98d6a8441064 2008.0/i586/xine-flac-1.1.8-4.6mdv2008.0.i586.rpm

264cc6cdbce7b1f6c83e343c187cb509 2008.0/i586/xine-gnomevfs-1.1.8-4.6mdv2008.0.i586.rpm

2aed56b1bbd7a6c3354fe75f53b4f3e2 2008.0/i586/xine-image-1.1.8-4.6mdv2008.0.i586.rpm

e05266e2becad52ebda0cb8c02ae13b3 2008.0/i586/xine-jack-1.1.8-4.6mdv2008.0.i586.rpm

016e9b18b74eed89bf2f200e7174b3cb 2008.0/i586/xine-plugins-1.1.8-4.6mdv2008.0.i586.rpm

b3346291b6428d1add2fa62055cd492a 2008.0/i586/xine-pulse-1.1.8-4.6mdv2008.0.i586.rpm

12346f664080c9cf162f235de7f91ad4 2008.0/i586/xine-sdl-1.1.8-4.6mdv2008.0.i586.rpm

36965664cca748ae612cc6d178122ae8 2008.0/i586/xine-smb-1.1.8-4.6mdv2008.0.i586.rpm

ac597fd40a0b449cd4f1692ccb759572 2008.0/SRPMS/xine-lib-1.1.8-4.6mdv2008.0.src.rpm

 

Mandriva Linux 2008.0/X86_64:

b1cb0d0f17d17c4c82040f8688019578 2008.0/x86_64/lib64xine1-1.1.8-4.6mdv2008.0.x86_64.rpm

ea2ea3354c51cb308334b5ba29e23a18 2008.0/x86_64/lib64xine-devel-1.1.8-4.6mdv2008.0.x86_64.rpm

624b0ccb940a022fd4aeda527df52bf5 2008.0/x86_64/xine-aa-1.1.8-4.6mdv2008.0.x86_64.rpm

c50654970f441adf19bb3df7b63552a9 2008.0/x86_64/xine-caca-1.1.8-4.6mdv2008.0.x86_64.rpm

1dc6495f61075962070fa17686ab4672 2008.0/x86_64/xine-dxr3-1.1.8-4.6mdv2008.0.x86_64.rpm

90f792c06169cb9856a4fc5ff3755107 2008.0/x86_64/xine-esd-1.1.8-4.6mdv2008.0.x86_64.rpm

00caa1c8cfd859ced79bd4917306aa5f 2008.0/x86_64/xine-flac-1.1.8-4.6mdv2008.0.x86_64.rpm

5c03fc3b2167d7a10d6fbb63011bfb76 2008.0/x86_64/xine-gnomevfs-1.1.8-4.6mdv2008.0.x86_64.rpm

df2406c34d7d157d3eaaa644b07833c1 2008.0/x86_64/xine-image-1.1.8-4.6mdv2008.0.x86_64.rpm

76983bf74762c4bd66f849823ac2f553 2008.0/x86_64/xine-jack-1.1.8-4.6mdv2008.0.x86_64.rpm

dd31feadafd83e1f454627064ebca047 2008.0/x86_64/xine-plugins-1.1.8-4.6mdv2008.0.x86_64.rpm

458aeeac225e2c46dcda2a7f5e74701a 2008.0/x86_64/xine-pulse-1.1.8-4.6mdv2008.0.x86_64.rpm

fac50b5c5b9de0862c01344e7a6c0be6 2008.0/x86_64/xine-sdl-1.1.8-4.6mdv2008.0.x86_64.rpm

bf1935546d1de8e7df0c05076a1605bd 2008.0/x86_64/xine-smb-1.1.8-4.6mdv2008.0.x86_64.rpm

ac597fd40a0b449cd4f1692ccb759572 2008.0/SRPMS/xine-lib-1.1.8-4.6mdv2008.0.src.rpm

 

Mandriva Linux 2008.1:

eeb22b316f3d0bdd9955b5a2ca0c2b03 2008.1/i586/libxine1-1.1.11.1-4.1mdv2008.1.i586.rpm

69c0fbda734b369c97681226b81e2222 2008.1/i586/libxine-devel-1.1.11.1-4.1mdv2008.1.i586.rpm

11bb713825922a33db78225abc311aac 2008.1/i586/xine-aa-1.1.11.1-4.1mdv2008.1.i586.rpm

aaee08af70d438550e402189d0234cec 2008.1/i586/xine-caca-1.1.11.1-4.1mdv2008.1.i586.rpm

c803ac9dc7d0cf116bc10c5f14b8ed2e 2008.1/i586/xine-dxr3-1.1.11.1-4.1mdv2008.1.i586.rpm

e3c997f1133f1771135e547555e1ca59 2008.1/i586/xine-esd-1.1.11.1-4.1mdv2008.1.i586.rpm

ce3a12266a4f02ce88cc722e4a1d6b37 2008.1/i586/xine-flac-1.1.11.1-4.1mdv2008.1.i586.rpm

2e8612901990c5cd3fcb914c4acef7ec 2008.1/i586/xine-gnomevfs-1.1.11.1-4.1mdv2008.1.i586.rpm

dc3cd131c7b7f78bc30b59fe8c16644f 2008.1/i586/xine-image-1.1.11.1-4.1mdv2008.1.i586.rpm

22535a08aabcd7b2966d19d06c6e902f 2008.1/i586/xine-jack-1.1.11.1-4.1mdv2008.1.i586.rpm

eb17455995a3d8c43ff5ce8f33874f5a 2008.1/i586/xine-plugins-1.1.11.1-4.1mdv2008.1.i586.rpm

3cf5abf164c2eb4669d693bc8045e0eb 2008.1/i586/xine-pulse-1.1.11.1-4.1mdv2008.1.i586.rpm

2a2cb49ab2e45a345ee21742f151e58f 2008.1/i586/xine-sdl-1.1.11.1-4.1mdv2008.1.i586.rpm

14928bb6d625aa65130be890b27745e0 2008.1/i586/xine-smb-1.1.11.1-4.1mdv2008.1.i586.rpm

943a02cdd396ac7645622dff0eeec140 2008.1/i586/xine-wavpack-1.1.11.1-4.1mdv2008.1.i586.rpm

c0d83761ba92778f6dbc87e581119a71 2008.1/SRPMS/xine-lib-1.1.11.1-4.1mdv2008.1.src.rpm

 

Mandriva Linux 2008.1/X86_64:

d1ac37f198a848d49cda7880dcc23102 2008.1/x86_64/lib64xine1-1.1.11.1-4.1mdv2008.1.x86_64.rpm

ea6903d6592b1d5922a102a93ca6ea99 2008.1/x86_64/lib64xine-devel-1.1.11.1-4.1mdv2008.1.x86_64.rpm

9e90e2ad00a78832bd578fc15f9f8b13 2008.1/x86_64/xine-aa-1.1.11.1-4.1mdv2008.1.x86_64.rpm

6ae941e81d86abf75b39d7006dc9734d 2008.1/x86_64/xine-caca-1.1.11.1-4.1mdv2008.1.x86_64.rpm

a59961f56512404d607efacffa5793c4 2008.1/x86_64/xine-dxr3-1.1.11.1-4.1mdv2008.1.x86_64.rpm

01f42963ea50d644e7351790b8a24b94 2008.1/x86_64/xine-esd-1.1.11.1-4.1mdv2008.1.x86_64.rpm

d7c790f3019049aaf14714f38b3d81ac 2008.1/x86_64/xine-flac-1.1.11.1-4.1mdv2008.1.x86_64.rpm

2c12d76b5848845ad4de5c1bdf7a32ad 2008.1/x86_64/xine-gnomevfs-1.1.11.1-4.1mdv2008.1.x86_64.rpm

628ae9d2ac10eaf6d3b02dd0ba2abcae 2008.1/x86_64/xine-image-1.1.11.1-4.1mdv2008.1.x86_64.rpm

c008ce2ab72809ab87d93c23deb4d195 2008.1/x86_64/xine-jack-1.1.11.1-4.1mdv2008.1.x86_64.rpm

559544de22e927b9d28d244b029e0d54 2008.1/x86_64/xine-plugins-1.1.11.1-4.1mdv2008.1.x86_64.rpm

24b4fe41ecaf1f4d91ecbce88ab61b67 2008.1/x86_64/xine-pulse-1.1.11.1-4.1mdv2008.1.x86_64.rpm

64ba32889ddf4c0c9664d49b06efe607 2008.1/x86_64/xine-sdl-1.1.11.1-4.1mdv2008.1.x86_64.rpm

8867bb990ec77a42ea20886d3500d94d 2008.1/x86_64/xine-smb-1.1.11.1-4.1mdv2008.1.x86_64.rpm

b10ee4d5faa7e8379d0d9cb6d02c74f1 2008.1/x86_64/xine-wavpack-1.1.11.1-4.1mdv2008.1.x86_64.rpm

c0d83761ba92778f6dbc87e581119a71 2008.1/SRPMS/xine-lib-1.1.11.1-4.1mdv2008.1.src.rpm

_______________________________________________________________________

 

To upgrade automatically use MandrivaUpdate or urpmi. The verification

of md5 checksums and GPG signatures is performed automatically for you.

 

All packages are signed by Mandriva for security. You can obtain the

GPG public key of the Mandriva Security Team by executing:

 

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 

You can view other update advisories for Mandriva Linux at:

 

http://www.mandriva.com/security/advisories

 

If you want to report vulnerabilities, please contact

 

security_(at)_mandriva.com

_______________________________________________________________________

 

Type Bits/KeyID Date User ID

pub 1024D/22458A98 2000-07-10 Mandriva Security Team

 

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.4.9 (GNU/Linux)

 

iD8DBQFIY/TZmqjQ0CJFipgRAjh9AJ908v/XFv77z2Mtn+TOViX70b6pFQCgxsvQ

r32dc/MX7NEK0SjVT6EvrD8=

=d+Iw

-----END PGP SIGNATURE-----

 

 

------------=_1214521297-11275-6720

Content-Type: text/plain; name="message-footer.txt"

Content-Disposition: inline; filename="message-footer.txt"

Content-Transfer-Encoding: 8bit

 

To unsubscribe, send a email to sympa ( -at -) mandrivalinux.org

with this subject : unsubscribe security-announce

_______________________________________________________

Want to buy your Pack or Services from Mandriva?

Go to http://www.mandrivastore.com

Join the Club : http://www.mandrivaclub.com

_______________________________________________________

 

------------=_1214521297-11275-6720--

 

 

Share this post

Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  
Followers 0
Go To Topic Listing Upcoming News
×