French Security Incident Response Team

FrSIRT   

      

   français French  anglais English

 
Vulnerability Notification Service
 FrSIRT Private Exploit & PoC Codes Service
 FrSIRT Partner Program
 14-Day Free Trial
Contact FrSIRT Sales Dept.
 

Security Advisories
Linux Security Advisories
Virus and Threats Advisories
Latest Security News
Latest Zero Day Threats
Security Vulnerabilities and Advisories Search Engine
 

Report a security incident
Report a new vulnerability
Security Mailinglist
 

Our Company
FrSIRT in the News
Advertise on FrSIRT.COM
Security Researchers and Exploit Writers Jobs
Contact Us

Mandriva Security Update Fixes Xine-lib Buffer Overflow Vulnerabilities

Title : Mandriva Security Update Fixes Xine-lib Buffer Overflow Vulnerabilities
Advisory ID : FrSIRT/ADV-2008-0243
CVE ID : CVE-2008-0225 - CVE-2008-0238
Rated as : High Risk 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2008-01-23

Advisory Details
 
  Description
  Affected Products
  Solution
  References
Technical Description    Receive FrSIRT alerts in a Text format  Receive FrSIRT alerts in a PDF format  Receive FrSIRT alerts in an XML format  Receive FrSIRT notifications by SMS 

Multiple vulnerabilities have been identified in Mandriva, which could be exploited by attackers to cause a denial of service or execute arbitrary code [...]

Solution

Upgrade the affected packages :

Mandriva Linux 2007.1:
0425cb3f41748d28153cce1ccb12dea3 2007.1/i586/libxine1-1.1.4-6.4mdv2007.1.i586.rpm
a52282954feb98515dda02bf0d12824c 2007.1/i586/libxine1-devel-1.1.4-6.4mdv2007.1.i586.rpm
ae5cb1f5ed8edcad70c1a2959ae5b792 2007.1/i586/xine-aa-1.1.4-6.4mdv2007.1.i586.rpm
dad128f433aad362b0caef2b0e1611ab 2007.1/i586/xine-arts-1.1.4-6.4mdv2007.1.i586.rpm
a612268c4d7abe207a26e056625940e0 2007.1/i586/xine-caca-1.1.4-6.4mdv2007.1.i586.rpm
9b80f2cec010dd4a35273d809990434d 2007.1/i586/xine-dxr3-1.1.4-6.4mdv2007.1.i586.rpm
0ac7b2249890f120e74a99dc41c01ac9 2007.1/i586/xine-esd-1.1.4-6.4mdv2007.1.i586.rpm
483162a8549d0538da374d7248181c2d 2007.1/i586/xine-flac-1.1.4-6.4mdv2007.1.i586.rpm
32d1831d72330bbe9912d29187996558 2007.1/i586/xine-gnomevfs-1.1.4-6.4mdv2007.1.i586.rpm
0f72fb4106db4754f00c7bff05caed51 2007.1/i586/xine-image-1.1.4-6.4mdv2007.1.i586.rpm
2921a034e5f262c44338424e2d47d1ae 2007.1/i586/xine-jack-1.1.4-6.4mdv2007.1.i586.rpm
834c09f6c31e75e8b95b6739d9c71f1b 2007.1/i586/xine-plugins-1.1.4-6.4mdv2007.1.i586.rpm
399151a0f4fa108db7d36fb00daf9ec2 2007.1/i586/xine-pulse-1.1.4-6.4mdv2007.1.i586.rpm
c89083751fdf9c05cc47faeea581de6d 2007.1/i586/xine-sdl-1.1.4-6.4mdv2007.1.i586.rpm
0a06dfc5a64ec3bdfd8374640d87b1cf 2007.1/i586/xine-smb-1.1.4-6.4mdv2007.1.i586.rpm
80b87916c772a9b7f960a7c091561a61 2007.1/SRPMS/xine-lib-1.1.4-6.4mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64:
114aa8a5fabe21a77ad2c373882d2bcc 2007.1/x86_64/lib64xine1-1.1.4-6.4mdv2007.1.x86_64.rpm
517955bedb1bf7f7331b2c347176e51b 2007.1/x86_64/lib64xine1-devel-1.1.4-6.4mdv2007.1.x86_64.rpm
9c4eac581fec386b37dc40d91a67b97f 2007.1/x86_64/xine-aa-1.1.4-6.4mdv2007.1.x86_64.rpm
4badbf05f0479a7ad7c8bf6b418a4a3e 2007.1/x86_64/xine-arts-1.1.4-6.4mdv2007.1.x86_64.rpm
38c0674c9177ce623c94ad186b678833 2007.1/x86_64/xine-caca-1.1.4-6.4mdv2007.1.x86_64.rpm
510cff5d0631a5f3786309b8d8b67f94 2007.1/x86_64/xine-dxr3-1.1.4-6.4mdv2007.1.x86_64.rpm
679c966a211a82ee2c37316e415822ad 2007.1/x86_64/xine-esd-1.1.4-6.4mdv2007.1.x86_64.rpm
2be3f89b1b785f80f8c52c9a3cd37870 2007.1/x86_64/xine-flac-1.1.4-6.4mdv2007.1.x86_64.rpm
a31ca7b52d73f4eff789da480aa34468 2007.1/x86_64/xine-gnomevfs-1.1.4-6.4mdv2007.1.x86_64.rpm
6fd513da3d06beaeb92773503d5be8e9 2007.1/x86_64/xine-image-1.1.4-6.4mdv2007.1.x86_64.rpm
cd8ab4bd74ac79cf834df9a3fc47a461 2007.1/x86_64/xine-jack-1.1.4-6.4mdv2007.1.x86_64.rpm
558285bf5c75356cee16a27ec39673a4 2007.1/x86_64/xine-plugins-1.1.4-6.4mdv2007.1.x86_64.rpm
3acbd43c49616d623ac428897718ed1a 2007.1/x86_64/xine-pulse-1.1.4-6.4mdv2007.1.x86_64.rpm
41a557e9f2bca3ee704839aa09b7e258 2007.1/x86_64/xine-sdl-1.1.4-6.4mdv2007.1.x86_64.rpm
2e10a1e2e9a78c5f8e91100faea96a6c 2007.1/x86_64/xine-smb-1.1.4-6.4mdv2007.1.x86_64.rpm
80b87916c772a9b7f960a7c091561a61 2007.1/SRPMS/xine-lib-1.1.4-6.4mdv2007.1.src.rpm

Mandriva Linux 2008.0:
b8ddd27f6bccd9536a424a745807ba20 2008.0/i586/libxine-devel-1.1.8-4.2mdv2008.0.i586.rpm
37542d747bb7e2affe94a01e8126177d 2008.0/i586/libxine1-1.1.8-4.2mdv2008.0.i586.rpm
5f61e5940289928b29e12700685bacb4 2008.0/i586/xine-aa-1.1.8-4.2mdv2008.0.i586.rpm
6c909003ae673741e6182b87872818ce 2008.0/i586/xine-caca-1.1.8-4.2mdv2008.0.i586.rpm
16ca047ed41868bb42721a901d19d76c 2008.0/i586/xine-dxr3-1.1.8-4.2mdv2008.0.i586.rpm
8900b1680fb7acba255289457cc340e8 2008.0/i586/xine-esd-1.1.8-4.2mdv2008.0.i586.rpm
f3f9c4dca23d10e5f69cfaf43eb108df 2008.0/i586/xine-flac-1.1.8-4.2mdv2008.0.i586.rpm
6d5ca2b59114daec96dbb9099c54a072 2008.0/i586/xine-gnomevfs-1.1.8-4.2mdv2008.0.i586.rpm
3a6704452c5525bd439e10be58377c73 2008.0/i586/xine-image-1.1.8-4.2mdv2008.0.i586.rpm
31ec514af2f9882106a3b63d77e71fbe 2008.0/i586/xine-jack-1.1.8-4.2mdv2008.0.i586.rpm
c2e2126c0a20d412bef4cd7da32b1397 2008.0/i586/xine-plugins-1.1.8-4.2mdv2008.0.i586.rpm
210aadbad67bf76cc13713da2a1040a5 2008.0/i586/xine-pulse-1.1.8-4.2mdv2008.0.i586.rpm
263c4a276310d933291a8ed514e9d6db 2008.0/i586/xine-sdl-1.1.8-4.2mdv2008.0.i586.rpm
1a89980df7aa1a78e75ee2133ea69b0f 2008.0/i586/xine-smb-1.1.8-4.2mdv2008.0.i586.rpm
993efeefd9eb64b9e667b057e4392052 2008.0/SRPMS/xine-lib-1.1.8-4.2mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:
f1399c157c7d436c73acd08ddd9081e0 2008.0/x86_64/lib64xine-devel-1.1.8-4.2mdv2008.0.x86_64.rpm
9c60468f8fcc3b07122c5e96093e2b2c 2008.0/x86_64/lib64xine1-1.1.8-4.2mdv2008.0.x86_64.rpm
333295378a58a2fdb0ad2a2129d29155 2008.0/x86_64/xine-aa-1.1.8-4.2mdv2008.0.x86_64.rpm
df2ff1b09fbd75155bbc057fc9b4f073 2008.0/x86_64/xine-caca-1.1.8-4.2mdv2008.0.x86_64.rpm
0f55f58c1d50a87b6412d70ee0708a0e 2008.0/x86_64/xine-dxr3-1.1.8-4.2mdv2008.0.x86_64.rpm
4efc7d9ec4650984939797ba0862fa57 2008.0/x86_64/xine-esd-1.1.8-4.2mdv2008.0.x86_64.rpm
19497ba3ee828ae5faf6d7c192546434 2008.0/x86_64/xine-flac-1.1.8-4.2mdv2008.0.x86_64.rpm
704a84ca69404e89fe4a2906a8b4011b 2008.0/x86_64/xine-gnomevfs-1.1.8-4.2mdv2008.0.x86_64.rpm
33c2c9e2e33d2d040548fb0489854c03 2008.0/x86_64/xine-image-1.1.8-4.2mdv2008.0.x86_64.rpm
24bf8f274488f1cd816ae355b16db60b 2008.0/x86_64/xine-jack-1.1.8-4.2mdv2008.0.x86_64.rpm
23cc75280d9b3fd8525fee860b845140 2008.0/x86_64/xine-plugins-1.1.8-4.2mdv2008.0.x86_64.rpm
3027b28ad28e79dd29c811236e40013f 2008.0/x86_64/xine-pulse-1.1.8-4.2mdv2008.0.x86_64.rpm
158a3f1d31545d014d6b5e2ea49bf421 2008.0/x86_64/xine-sdl-1.1.8-4.2mdv2008.0.x86_64.rpm
0648b9b8c2de3e539e22025d162b4139 2008.0/x86_64/xine-smb-1.1.8-4.2mdv2008.0.x86_64.rpm
993efeefd9eb64b9e667b057e4392052 2008.0/SRPMS/xine-lib-1.1.8-4.2mdv2008.0.src.rpm

Corporate 3.0:
038d738b78fb810f3cf6cacfaaaa9d8a corporate/3.0/i586/libxine1-1-0.rc3.6.17.C30mdk.i586.rpm
48aedd6efe7650fdc8aa2dfd5f705c99 corporate/3.0/i586/libxine1-devel-1-0.rc3.6.17.C30mdk.i586.rpm
05fc9c5d9e2a82136fc8e1f258dd9983 corporate/3.0/i586/xine-aa-1-0.rc3.6.17.C30mdk.i586.rpm
2b3e1590d5f0f9e7ac8492b7882a1fdb corporate/3.0/i586/xine-arts-1-0.rc3.6.17.C30mdk.i586.rpm
40f43c041a7342eb18704551c9f5b06b corporate/3.0/i586/xine-dxr3-1-0.rc3.6.17.C30mdk.i586.rpm
a76ea3ff7d3012879f679d39956958a6 corporate/3.0/i586/xine-esd-1-0.rc3.6.17.C30mdk.i586.rpm
1ef5808de5c84338d6832bbff07fbd04 corporate/3.0/i586/xine-flac-1-0.rc3.6.17.C30mdk.i586.rpm
f066f57c4abc76e93bc53cc33ed752cc corporate/3.0/i586/xine-gnomevfs-1-0.rc3.6.17.C30mdk.i586.rpm
682b7b6c2aa9fed83b84b6148e4451a5 corporate/3.0/i586/xine-plugins-1-0.rc3.6.17.C30mdk.i586.rpm
d81ea6135561f0b73aea2f371b35ab77 corporate/3.0/SRPMS/xine-lib-1-0.rc3.6.17.C30mdk.src.rpm

Corporate 3.0/X86_64:
a2dbfda340b2a104d4fd0b597bbf29bb corporate/3.0/x86_64/lib64xine1-1-0.rc3.6.17.C30mdk.x86_64.rpm
49e79c27f972696493e02b85041be88d corporate/3.0/x86_64/lib64xine1-devel-1-0.rc3.6.17.C30mdk.x86_64.rpm
dd4a10f43839eab85ab313f6f99799f2 corporate/3.0/x86_64/xine-aa-1-0.rc3.6.17.C30mdk.x86_64.rpm
29a789608c6cd64ee5757bc34fe6ceb3 corporate/3.0/x86_64/xine-arts-1-0.rc3.6.17.C30mdk.x86_64.rpm
1d24fe2cd77fd5af013127cdad877da6 corporate/3.0/x86_64/xine-esd-1-0.rc3.6.17.C30mdk.x86_64.rpm
a5c1dbe1c1d19a31ca43ad21e5f016a4 corporate/3.0/x86_64/xine-flac-1-0.rc3.6.17.C30mdk.x86_64.rpm
a304d6f1e0f18d0417bd8c767ebebee9 corporate/3.0/x86_64/xine-gnomevfs-1-0.rc3.6.17.C30mdk.x86_64.rpm
4de2d9860ba8d53f5356f7f089cfb163 corporate/3.0/x86_64/xine-plugins-1-0.rc3.6.17.C30mdk.x86_64.rpm
d81ea6135561f0b73aea2f371b35ab77 corporate/3.0/SRPMS/xine-lib-1-0.rc3.6.17.C30mdk.src.rpm

ChangeLog

2008-01-23 : Initial release

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.
 
 

Search
      

Mailinglist
    
 

Apple iPhone and iPod touch Multiple Code Execution Vulnerabilities

Apple Safari Code Execution and Security Bypass Vulnerabilities

Apple iLife and Aperture Image Handling Code Execution Vulnerabilities

Apple Mac OS X Code Execution and Security Bypass Vulnerabilities

Apple TV Multiple File Processing Code Execution Vulnerabilities

Apple Mac OS X Code Execution and Security Bypass Vulnerabilities

Apple iPhone Code Execution and Security Bypass Vulnerabilities

IBM AIX Multiple Command Local Privilege Escalation Vulnerabilities

IBM AIX Sendmail Header Lines Denial of Service Vulnerability

IBM Metrica Multiple Parameter Cross Site Scripting Vulnerabilities

IBM Lotus Quickr Unspecified Cross Site Scripting Vulnerabilities

IBM Hardware Management Console Denial of Service Vulnerability

IBM Tivoli Storage Manager Client Buffer Overflow Vulnerability

IBM DB2 Denial of Service and Information Disclosure Vulnerabilities

Oracle and BEA Products Multiple Code Execution Vulnerabilities

Oracle Products Multiple Code Execution and Security Bypass Issues

Oracle Products Command Execution and SQL Injection Vulnerabilities

Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities

Oracle Database "PITRIG_DROPMETADATA" Buffer Overflow Vulnerability

Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities

Oracle JInitiator ActiveX Control Multiple Remote Buffer Overflow Vulnerabilities

Copyright 2003-2008 © FrSIRT.COM - Privacy Policy