|
|
>> Mandriva Security Update Fixes Xine-lib Buffer Overflow Vulnerability
|
Title : Mandriva Security Update Fixes Xine-lib Buffer Overflow Vulnerability
VUPEN ID : VUPEN/ADV-2005-2897
CVE ID : CVE-2005-4048
Rated as : Moderate Risk 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2005-12-15
|
Mandriva has released updated packages to address a vulnerability identified in Xine-lib. This flaw is due to a buffer overflow error in the "avcodec_default_get_buffer()" [utils.c] function of FFmpeg libavcodec that does not properly handle specially crafted "png" files, which could be exploited by remote attackers to execute arbitrary commands via a malicious image. For additional information, see : VUPEN/ADV-2005-2770
Affected Products
Mandriva Linux 2006.0
Corporate 3.0
Solution
Upgrade the affected packages :
Mandriva Linux 2006.0:
106bddc3b9cb60714c00c9ca0709f24f 2006.0/RPMS/libxine1-1.1.0-9.2.20060mdk.i586.rpm
080965d48571a7c6a21f5509b9edc6bb 2006.0/RPMS/libxine1-devel-1.1.0-9.2.20060mdk.i586.rpm
1b5cab0dea7da6a896f076f40057b04f 2006.0/RPMS/xine-aa-1.1.0-9.2.20060mdk.i586.rpm
749413958bae867d0e401cf3fb7ad2d4 2006.0/RPMS/xine-arts-1.1.0-9.2.20060mdk.i586.rpm
6dacf41d2ebea975675eeec3daaa5ed2 2006.0/RPMS/xine-dxr3-1.1.0-9.2.20060mdk.i586.rpm
1c0a5a698ffd77dac839cdd70e3a568b 2006.0/RPMS/xine-esd-1.1.0-9.2.20060mdk.i586.rpm
ce3a5ecb960a91faafd6376eb1d79bfb 2006.0/RPMS/xine-flac-1.1.0-9.2.20060mdk.i586.rpm
cff6a28e36785bb64f5cde6911d03a49 2006.0/RPMS/xine-gnomevfs-1.1.0-9.2.20060mdk.i586.rpm
8cffb6762d014113bdcb78f3b7c682f9 2006.0/RPMS/xine-image-1.1.0-9.2.20060mdk.i586.rpm
22a248a5660f5098dcbd0731a92ba7e0 2006.0/RPMS/xine-plugins-1.1.0-9.2.20060mdk.i586.rpm
4a3ce0b28a549de15f9668f0236bf50c 2006.0/RPMS/xine-polyp-1.1.0-9.2.20060mdk.i586.rpm
f5f118f2bbfb1bdd4f9a940450050e53 2006.0/RPMS/xine-smb-1.1.0-9.2.20060mdk.i586.rpm
424b1913ecb7aa0f96b19c71500f65a3 2006.0/SRPMS/xine-lib-1.1.0-9.2.20060mdk.src.rpm
Mandriva Linux 2006.0/X86_64:
913f831f85eb7cce65d79c46febb1973 x86_64/2006.0/RPMS/lib64xine1-1.1.0-9.2.20060mdk.x86_64.rpm
cb5cbf9e7e5e3d47818ef3fc6702b04b x86_64/2006.0/RPMS/lib64xine1-devel-1.1.0-9.2.20060mdk.x86_64.rpm
1559fb1a68019ed74047b602f14c0cc9 x86_64/2006.0/RPMS/xine-aa-1.1.0-9.2.20060mdk.x86_64.rpm
931aec226e6266e10963d68e12cc3546 x86_64/2006.0/RPMS/xine-arts-1.1.0-9.2.20060mdk.x86_64.rpm
966f1ef51f097657718d45e7611c64d8 x86_64/2006.0/RPMS/xine-dxr3-1.1.0-9.2.20060mdk.x86_64.rpm
62bce4ff948e301e81ff228925dc96af x86_64/2006.0/RPMS/xine-esd-1.1.0-9.2.20060mdk.x86_64.rpm
c9b162cfd51ab3877711245d14af4e1c x86_64/2006.0/RPMS/xine-flac-1.1.0-9.2.20060mdk.x86_64.rpm
ffacd2cef4e3c181b12f663b19e7bda7 x86_64/2006.0/RPMS/xine-gnomevfs-1.1.0-9.2.20060mdk.x86_64.rpm
199ca828d6e3314b67330c32d45cc4a3 x86_64/2006.0/RPMS/xine-image-1.1.0-9.2.20060mdk.x86_64.rpm
81cb882870abf57921c96a66edf5185e x86_64/2006.0/RPMS/xine-plugins-1.1.0-9.2.20060mdk.x86_64.rpm
74a37edf5d9b2cb28a2ce758904b113b x86_64/2006.0/RPMS/xine-polyp-1.1.0-9.2.20060mdk.x86_64.rpm
f930bcfa573f7c250f54c48564e943e1 x86_64/2006.0/RPMS/xine-smb-1.1.0-9.2.20060mdk.x86_64.rpm
424b1913ecb7aa0f96b19c71500f65a3 x86_64/2006.0/SRPMS/xine-lib-1.1.0-9.2.20060mdk.src.rpm
Corporate 3.0:
eb66ad363e7225f165cdbd67f6e26065 corporate/3.0/RPMS/libxine1-1-0.rc3.6.7.C30mdk.i586.rpm
6c89df1070e6b26f35d75a48cb7405ad corporate/3.0/RPMS/libxine1-devel-1-0.rc3.6.7.C30mdk.i586.rpm
6e583c278819c349670a5a305fff766c corporate/3.0/RPMS/xine-aa-1-0.rc3.6.7.C30mdk.i586.rpm
e77f19f13166e42fd3df09fd9b9eba15 corporate/3.0/RPMS/xine-arts-1-0.rc3.6.7.C30mdk.i586.rpm
89d7298da642be02345cdf98d33daf00 corporate/3.0/RPMS/xine-dxr3-1-0.rc3.6.7.C30mdk.i586.rpm
1947fd6e09255382a3c797b81ba41200 corporate/3.0/RPMS/xine-esd-1-0.rc3.6.7.C30mdk.i586.rpm
c39de7583826f7987a96f392daaad4ea corporate/3.0/RPMS/xine-flac-1-0.rc3.6.7.C30mdk.i586.rpm
9eb882a4d1925a5e75de338294d5fee3 corporate/3.0/RPMS/xine-gnomevfs-1-0.rc3.6.7.C30mdk.i586.rpm
be189966eee8bb042e3066c9d96f0b4f corporate/3.0/RPMS/xine-plugins-1-0.rc3.6.7.C30mdk.i586.rpm
cf0248a3252c55af1e15b01efae50298 corporate/3.0/SRPMS/xine-lib-1-0.rc3.6.7.C30mdk.src.rpm
Corporate 3.0/X86_64:
833c0e0f8468d4df40e300c0a72ac1cb x86_64/corporate/3.0/RPMS/lib64xine1-1-0.rc3.6.7.C30mdk.x86_64.rpm
7a802e66ab344aa9b151679d669b0620 x86_64/corporate/3.0/RPMS/lib64xine1-devel-1-0.rc3.6.7.C30mdk.x86_64.rpm
18132113599b1330359a045d11410d5d x86_64/corporate/3.0/RPMS/xine-arts-1-0.rc3.6.7.C30mdk.x86_64.rpm
94beaa6edc2fd1be6badef18d818dc0c x86_64/corporate/3.0/RPMS/xine-plugins-1-0.rc3.6.7.C30mdk.x86_64.rpm
cf0248a3252c55af1e15b01efae50298 x86_64/corporate/3.0/SRPMS/xine-lib-1-0.rc3.6.7.C30mdk.src.rpm
References
http://www.vupen.com/english/advisories/2005/2897
http://www.frsirt.com/english/reference/2533
ChangeLog
2005-12-15 : Initial release
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
