Mandriva 1274 Published by

Updated xine packages are available for Mandrakelinux
_______________________________________________________________________

Mandrakelinux Security Update Advisory
_______________________________________________________________________

Package name: xine-lib
Advisory ID: MDKSA-2005:011
Date: January 19th, 2005

Affected versions: 10.0, 10.1
______________________________________________________________________

Problem Description:

iDefense discovered that the PNA_TAG handling code in pnm_get_chunk() does not check if the input size is larger than the buffer size (CAN-2004-1187). As well, they discovered that in this same function, a negative value could be given to an unsigned variable that specifies the read length of input data (CAN-2004-1188).

Ariel Berkman discovered that xine-lib reads specific input data into an array without checking the input size making it vulnerable to a buffer overflow problem (CAN-2004-1300).

The updated packages have been patched to prevent these problems.



_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1188
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1300
http://xinehq.de/index.php/security/XSA-2004-6
http://xinehq.de/index.php/security/XSA-2004-7
______________________________________________________________________

Updated Packages:

Mandrakelinux 10.0:
04cf16b28902e4591e11ae72fd87d662 10.0/RPMS/libxine1-1-0.rc3.6.3.100mdk.i586.rpm
b4229121fb5e1c2e8e3150fb770d20b1 10.0/RPMS/libxine1-devel-1-0.rc3.6.3.100mdk.i586.rpm
dedf902f1106a5d2962169e0d384484b 10.0/RPMS/xine-aa-1-0.rc3.6.3.100mdk.i586.rpm
0e794be9dcbe0d7df7ac7023f90b9ce7 10.0/RPMS/xine-arts-1-0.rc3.6.3.100mdk.i586.rpm
e2129af73ff087513cf3e206b6243a22 10.0/RPMS/xine-dxr3-1-0.rc3.6.3.100mdk.i586.rpm
465023e0d347cc68e50cd18e7e035d7f 10.0/RPMS/xine-esd-1-0.rc3.6.3.100mdk.i586.rpm
3aba7156985636b52cf388ee65efa61a 10.0/RPMS/xine-flac-1-0.rc3.6.3.100mdk.i586.rpm
442d828c5c5c477fb4056eec27ac99ac 10.0/RPMS/xine-gnomevfs-1-0.rc3.6.3.100mdk.i586.rpm
73e2c9d0af08f7af594897963ad2acee 10.0/RPMS/xine-plugins-1-0.rc3.6.3.100mdk.i586.rpm
987634217ee50058b309ce153c0d71cd 10.0/SRPMS/xine-lib-1-0.rc3.6.3.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
66d763149801966fb38c9a07666eced3 amd64/10.0/RPMS/lib64xine1-1-0.rc3.6.3.100mdk.amd64.rpm
486eaa41ea24dc895ab68a7221efa641 amd64/10.0/RPMS/lib64xine1-devel-1-0.rc3.6.3.100mdk.amd64.rpm
5b454fdc3cc84ce2bd9aa8d4495971af amd64/10.0/RPMS/xine-aa-1-0.rc3.6.3.100mdk.amd64.rpm
f8a5ce8ccdb495f23c879a58dc4a005b amd64/10.0/RPMS/xine-arts-1-0.rc3.6.3.100mdk.amd64.rpm
aa3a3a29c478a444bbcb4fe7f48d217c amd64/10.0/RPMS/xine-esd-1-0.rc3.6.3.100mdk.amd64.rpm
051f953d91864f0609d55d9f5d13c545 amd64/10.0/RPMS/xine-flac-1-0.rc3.6.3.100mdk.amd64.rpm
7288d9764ff125053834cc3cbc56618b amd64/10.0/RPMS/xine-gnomevfs-1-0.rc3.6.3.100mdk.amd64.rpm
8c11dd4c0453b8236494df5e177985b0 amd64/10.0/RPMS/xine-plugins-1-0.rc3.6.3.100mdk.amd64.rpm
987634217ee50058b309ce153c0d71cd amd64/10.0/SRPMS/xine-lib-1-0.rc3.6.3.100mdk.src.rpm

Mandrakelinux 10.1:
dc10ced310a94ac2b1cdaa26d5065309 10.1/RPMS/libxine1-1-0.rc5.9.1.101mdk.i586.rpm
2ff06644e8ba40de686faea2870be099 10.1/RPMS/libxine1-devel-1-0.rc5.9.1.101mdk.i586.rpm
dab77c7bb2d958fb34fd07dd525b7026 10.1/RPMS/xine-aa-1-0.rc5.9.1.101mdk.i586.rpm
c0daf0f0835a0831251e725edb491d98 10.1/RPMS/xine-arts-1-0.rc5.9.1.101mdk.i586.rpm
a9d901fa51bd439c5e6b54fb799afcde 10.1/RPMS/xine-dxr3-1-0.rc5.9.1.101mdk.i586.rpm
6e2e9ac54916eb1409347968bddc0903 10.1/RPMS/xine-esd-1-0.rc5.9.1.101mdk.i586.rpm
954f717131a3079ea5dff56ab3a20a8e 10.1/RPMS/xine-flac-1-0.rc5.9.1.101mdk.i586.rpm
72a82036a27f6bed29412b81417603eb 10.1/RPMS/xine-gnomevfs-1-0.rc5.9.1.101mdk.i586.rpm
a76f9f553c97aa55fe4849225d7921a2 10.1/RPMS/xine-plugins-1-0.rc5.9.1.101mdk.i586.rpm
dab247b679d8cb6f7bdf06b71d5e54b8 10.1/SRPMS/xine-lib-1-0.rc5.9.1.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
5cfbd8787d4c8e0207437f048d5994a4 x86_64/10.1/RPMS/lib64xine1-1-0.rc5.9.1.101mdk.x86_64.rpm
8a4b9b26b8b58fd29477a6b260bd79c6 x86_64/10.1/RPMS/lib64xine1-devel-1-0.rc5.9.1.101mdk.x86_64.rpm
c2bc72cfbfe95f18a6ae0b18b98807c8 x86_64/10.1/RPMS/xine-aa-1-0.rc5.9.1.101mdk.x86_64.rpm
7f059dfbc7e445a255510c9a5a7338b7 x86_64/10.1/RPMS/xine-arts-1-0.rc5.9.1.101mdk.x86_64.rpm
53b293f453695e7104a1ae593f79608a x86_64/10.1/RPMS/xine-dxr3-1-0.rc5.9.1.101mdk.x86_64.rpm
6efb0ca6be7650e60961e13f479b117a x86_64/10.1/RPMS/xine-esd-1-0.rc5.9.1.101mdk.x86_64.rpm
4caa5c113d95773e4ca462b69bb17e76 x86_64/10.1/RPMS/xine-flac-1-0.rc5.9.1.101mdk.x86_64.rpm
ba0f5f739785622cac85034055fa7304 x86_64/10.1/RPMS/xine-gnomevfs-1-0.rc5.9.1.101mdk.x86_64.rpm
d3c1a9cca1ae3800d72f82486b26f0e1 x86_64/10.1/RPMS/xine-plugins-1-0.rc5.9.1.101mdk.x86_64.rpm
dab247b679d8cb6f7bdf06b71d5e54b8 x86_64/10.1/SRPMS/xine-lib-1-0.rc5.9.1.101mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandrakesoft for security. You can obtain the GPG public key of the Mandrakelinux Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandrakelinux at:

http://www.mandrakesoft.com/security/advisories

If you want to report vulnerabilities, please contact

security_linux-mandrake.com