Mandriva Linux Security Advisory - An array index vulnerability found in the FLAC audio demuxer might allow remote attackers to execute arbitrary code via a crafted FLAC tag, which triggers a buffer overflow. Although originally an MPlayer issue, it also affects xine-lib due to code similarity.
b63cc33787bed0b574331ef0a3ae065d90e67751a651282455db517ccfae2590
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2008:046
http://www.mandriva.com/security/
_______________________________________________________________________
Package : xine-lib
Date : February 15, 2008
Affected: 2007.1, 2008.0
_______________________________________________________________________
Problem Description:
An array index vulnerability found in the FLAC audio demuxer might
allow remote attackers to execute arbitrary code via a crafted FLAC
tag, which triggers a buffer overflow. Although originally an MPlayer
issue, it also affects xine-lib due to code similarity.
The updated packages have been patched to prevent this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0486
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2007.1:
92b105e8e45cc7c628cfea03b65e5ebc 2007.1/i586/libxine1-1.1.4-6.5mdv2007.1.i586.rpm
8c10ae324cb8e3b02fe142cae8d86b23 2007.1/i586/libxine1-devel-1.1.4-6.5mdv2007.1.i586.rpm
bb26522243e95621a475b886ebedacca 2007.1/i586/xine-aa-1.1.4-6.5mdv2007.1.i586.rpm
5d01cf04b75ba1ad6a4b8e85448e7b78 2007.1/i586/xine-arts-1.1.4-6.5mdv2007.1.i586.rpm
08be3876d609ee70b0966eaaa395085b 2007.1/i586/xine-caca-1.1.4-6.5mdv2007.1.i586.rpm
b0702ce5b6e2bd2bc12c8a4b42e8ee30 2007.1/i586/xine-dxr3-1.1.4-6.5mdv2007.1.i586.rpm
a1dd806006624254b89f9bc6c756bd2c 2007.1/i586/xine-esd-1.1.4-6.5mdv2007.1.i586.rpm
b0218b6ae17e7874a0949055f1271365 2007.1/i586/xine-flac-1.1.4-6.5mdv2007.1.i586.rpm
f7b59004050060fd3ebb83bbedc7d16a 2007.1/i586/xine-gnomevfs-1.1.4-6.5mdv2007.1.i586.rpm
38ab5fb451a81ffcce9357a3884eeaff 2007.1/i586/xine-image-1.1.4-6.5mdv2007.1.i586.rpm
ef5bbbf902ebf0b51a56a908ff79712c 2007.1/i586/xine-jack-1.1.4-6.5mdv2007.1.i586.rpm
0add0fbbf3e70a84739e17d66b1c851d 2007.1/i586/xine-plugins-1.1.4-6.5mdv2007.1.i586.rpm
50c7fda320ef57b995686477a5fbbfc4 2007.1/i586/xine-pulse-1.1.4-6.5mdv2007.1.i586.rpm
f942f35a3d5b637b20f4b9e08c4912b8 2007.1/i586/xine-sdl-1.1.4-6.5mdv2007.1.i586.rpm
7aa83070759e8ff44153f6422c5204dd 2007.1/i586/xine-smb-1.1.4-6.5mdv2007.1.i586.rpm
0d47a2b57fa073f8618bf57b149a9f42 2007.1/SRPMS/xine-lib-1.1.4-6.5mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64:
25893aeb0c101954c541a2f4f9c9c1da 2007.1/x86_64/lib64xine1-1.1.4-6.5mdv2007.1.x86_64.rpm
1fb04166eecb9a1ab1e011a0f1ababb4 2007.1/x86_64/lib64xine1-devel-1.1.4-6.5mdv2007.1.x86_64.rpm
3e48a4aafaa97bd47cb7c0bbb7ba1237 2007.1/x86_64/xine-aa-1.1.4-6.5mdv2007.1.x86_64.rpm
bd2347ff386d44948c88c67485fb1b5a 2007.1/x86_64/xine-arts-1.1.4-6.5mdv2007.1.x86_64.rpm
a509d9ebab2bf1941934d2cba759e770 2007.1/x86_64/xine-caca-1.1.4-6.5mdv2007.1.x86_64.rpm
ba1b934caece9ae950e565d9a097b40e 2007.1/x86_64/xine-dxr3-1.1.4-6.5mdv2007.1.x86_64.rpm
95297e819a47fdcae07625741d5eabeb 2007.1/x86_64/xine-esd-1.1.4-6.5mdv2007.1.x86_64.rpm
8e8a92caa399113211cfd95336429ead 2007.1/x86_64/xine-flac-1.1.4-6.5mdv2007.1.x86_64.rpm
90aa9c3977c15458fe0c0ac98b1dabb2 2007.1/x86_64/xine-gnomevfs-1.1.4-6.5mdv2007.1.x86_64.rpm
28070563c3b364760a6fd9a93a0a64bd 2007.1/x86_64/xine-image-1.1.4-6.5mdv2007.1.x86_64.rpm
1309d3ffbdaabeaf28f8476f94fb8105 2007.1/x86_64/xine-jack-1.1.4-6.5mdv2007.1.x86_64.rpm
c268f6d3a92ebee7d444470d9948bd2c 2007.1/x86_64/xine-plugins-1.1.4-6.5mdv2007.1.x86_64.rpm
46f6800167c1c8766cfa168e94a5ab89 2007.1/x86_64/xine-pulse-1.1.4-6.5mdv2007.1.x86_64.rpm
88adcbb90e87e260eb79a1f6d4c11adc 2007.1/x86_64/xine-sdl-1.1.4-6.5mdv2007.1.x86_64.rpm
fb5ef2d8db31b0c6da3db2401963d1f8 2007.1/x86_64/xine-smb-1.1.4-6.5mdv2007.1.x86_64.rpm
0d47a2b57fa073f8618bf57b149a9f42 2007.1/SRPMS/xine-lib-1.1.4-6.5mdv2007.1.src.rpm
Mandriva Linux 2008.0:
a006ee314a3487abda9f87844a418283 2008.0/i586/libxine-devel-1.1.8-4.3mdv2008.0.i586.rpm
50300dd0ede82d905faa0148864ce5c3 2008.0/i586/libxine1-1.1.8-4.3mdv2008.0.i586.rpm
f7354400019aa522a9b4c9183cdcbf01 2008.0/i586/xine-aa-1.1.8-4.3mdv2008.0.i586.rpm
d9246649fabf1ec7d5ded73fc69389de 2008.0/i586/xine-caca-1.1.8-4.3mdv2008.0.i586.rpm
17cfc011b27bbee2ded3e57840892f3e 2008.0/i586/xine-dxr3-1.1.8-4.3mdv2008.0.i586.rpm
b3bc62b1d9704e4c387b9dc05ca78c21 2008.0/i586/xine-esd-1.1.8-4.3mdv2008.0.i586.rpm
bfc01255d453d4b024a3b219077d1410 2008.0/i586/xine-flac-1.1.8-4.3mdv2008.0.i586.rpm
76c62017cdd33345889c1582caf3b827 2008.0/i586/xine-gnomevfs-1.1.8-4.3mdv2008.0.i586.rpm
512904d1519640475146f19449398d05 2008.0/i586/xine-image-1.1.8-4.3mdv2008.0.i586.rpm
b854ed87d8b85e43c766d47267e61ef1 2008.0/i586/xine-jack-1.1.8-4.3mdv2008.0.i586.rpm
b3b83be2f3b0a1e5125921b17bef5b21 2008.0/i586/xine-plugins-1.1.8-4.3mdv2008.0.i586.rpm
781983b84a24bcd23ea7ed087b42d1bf 2008.0/i586/xine-pulse-1.1.8-4.3mdv2008.0.i586.rpm
e7f7b472e8fd8bf30bc448fee29ae94d 2008.0/i586/xine-sdl-1.1.8-4.3mdv2008.0.i586.rpm
00d5184581be159ba607b277d4b3326d 2008.0/i586/xine-smb-1.1.8-4.3mdv2008.0.i586.rpm
bc6508f3f527de2c25039bc3bff359d4 2008.0/SRPMS/xine-lib-1.1.8-4.3mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
ac5c1cf34cf85bd33c60a9707aa851d4 2008.0/x86_64/lib64xine-devel-1.1.8-4.3mdv2008.0.x86_64.rpm
2b995c0f69aa471d4700e5721b67a8af 2008.0/x86_64/lib64xine1-1.1.8-4.3mdv2008.0.x86_64.rpm
cace153adb4181e62fdf6b9cbc715ab9 2008.0/x86_64/xine-aa-1.1.8-4.3mdv2008.0.x86_64.rpm
d5c963ebc4814b1642937959531de6bf 2008.0/x86_64/xine-caca-1.1.8-4.3mdv2008.0.x86_64.rpm
a20718c6f1abe8c06afb98ae52f36208 2008.0/x86_64/xine-dxr3-1.1.8-4.3mdv2008.0.x86_64.rpm
fd4f65b926b4d9d3e5f734bfce8b7cbb 2008.0/x86_64/xine-esd-1.1.8-4.3mdv2008.0.x86_64.rpm
e9f18928c5ed86e531545b98f721102b 2008.0/x86_64/xine-flac-1.1.8-4.3mdv2008.0.x86_64.rpm
0cad217d2138a6f6597db02714a5c0e8 2008.0/x86_64/xine-gnomevfs-1.1.8-4.3mdv2008.0.x86_64.rpm
3d2a618e0cc44cf47c0556ce6cc09bd9 2008.0/x86_64/xine-image-1.1.8-4.3mdv2008.0.x86_64.rpm
14baefc41749868298378b2d637c62b0 2008.0/x86_64/xine-jack-1.1.8-4.3mdv2008.0.x86_64.rpm
ef3bc2769f717ac9bc6f8a1f6c801f30 2008.0/x86_64/xine-plugins-1.1.8-4.3mdv2008.0.x86_64.rpm
8296113a6b5db2f3846dd2c28755f583 2008.0/x86_64/xine-pulse-1.1.8-4.3mdv2008.0.x86_64.rpm
37745a135e8fafd10e31731048d5b58a 2008.0/x86_64/xine-sdl-1.1.8-4.3mdv2008.0.x86_64.rpm
5493e7511c3b601ffcc0632a8beab66c 2008.0/x86_64/xine-smb-1.1.8-4.3mdv2008.0.x86_64.rpm
bc6508f3f527de2c25039bc3bff359d4 2008.0/SRPMS/xine-lib-1.1.8-4.3mdv2008.0.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
iD8DBQFHtecEmqjQ0CJFipgRAp/oAKDAs0GcPuf5v18wYBF+L2JNUCA4yQCfWnc3
ZNRY5WdeYXIevrA4KN0S9y4=
=x1LB
-----END PGP SIGNATURE-----