Package name
xine-lib
Date
2008-06-26
Advisory ID
MDVSA-2008:124
Affected versions
2008.1 i586 , 2008.1 x86_64 , 2008.0 i586 , 2008.0 x86_64

Problem description

A vulnerability in the Speex library was found where it did not
properly validate input values read from the Speex files headers.
An attacker could create a malicious Speex file that would crash an
application or potentially allow the execution of arbitrary code
with the privileges of the application calling the Speex library
(CVE-2008-1686).

Xine-lib is similarly affected by this issue.

As well, the previous version of xine as provided in Mandriva Linux
2008.1 would crash when playing matroska files, and a regression was
introduced that prevented Amarok from playing m4a files.

The updated packages have been patched to correct this issue.

Updated packages

2008.1 i586

 eeb22b316f3d0bdd9955b5a2ca0c2b03  2008.1/i586/libxine1-1.1.11.1-4.1mdv2008.1.i586.rpm
 69c0fbda734b369c97681226b81e2222  2008.1/i586/libxine-devel-1.1.11.1-4.1mdv2008.1.i586.rpm
 11bb713825922a33db78225abc311aac  2008.1/i586/xine-aa-1.1.11.1-4.1mdv2008.1.i586.rpm
 aaee08af70d438550e402189d0234cec  2008.1/i586/xine-caca-1.1.11.1-4.1mdv2008.1.i586.rpm
 c803ac9dc7d0cf116bc10c5f14b8ed2e  2008.1/i586/xine-dxr3-1.1.11.1-4.1mdv2008.1.i586.rpm
 e3c997f1133f1771135e547555e1ca59  2008.1/i586/xine-esd-1.1.11.1-4.1mdv2008.1.i586.rpm
 ce3a12266a4f02ce88cc722e4a1d6b37  2008.1/i586/xine-flac-1.1.11.1-4.1mdv2008.1.i586.rpm
 2e8612901990c5cd3fcb914c4acef7ec  2008.1/i586/xine-gnomevfs-1.1.11.1-4.1mdv2008.1.i586.rpm
 dc3cd131c7b7f78bc30b59fe8c16644f  2008.1/i586/xine-image-1.1.11.1-4.1mdv2008.1.i586.rpm
 22535a08aabcd7b2966d19d06c6e902f  2008.1/i586/xine-jack-1.1.11.1-4.1mdv2008.1.i586.rpm
 eb17455995a3d8c43ff5ce8f33874f5a  2008.1/i586/xine-plugins-1.1.11.1-4.1mdv2008.1.i586.rpm
 3cf5abf164c2eb4669d693bc8045e0eb  2008.1/i586/xine-pulse-1.1.11.1-4.1mdv2008.1.i586.rpm
 2a2cb49ab2e45a345ee21742f151e58f  2008.1/i586/xine-sdl-1.1.11.1-4.1mdv2008.1.i586.rpm
 14928bb6d625aa65130be890b27745e0  2008.1/i586/xine-smb-1.1.11.1-4.1mdv2008.1.i586.rpm
 943a02cdd396ac7645622dff0eeec140  2008.1/i586/xine-wavpack-1.1.11.1-4.1mdv2008.1.i586.rpm 
 c0d83761ba92778f6dbc87e581119a71  2008.1/SRPMS/xine-lib-1.1.11.1-4.1mdv2008.1.src.rpm

2008.1 x86_64

 d1ac37f198a848d49cda7880dcc23102  2008.1/x86_64/lib64xine1-1.1.11.1-4.1mdv2008.1.x86_64.rpm
 ea6903d6592b1d5922a102a93ca6ea99  2008.1/x86_64/lib64xine-devel-1.1.11.1-4.1mdv2008.1.x86_64.rpm
 9e90e2ad00a78832bd578fc15f9f8b13  2008.1/x86_64/xine-aa-1.1.11.1-4.1mdv2008.1.x86_64.rpm
 6ae941e81d86abf75b39d7006dc9734d  2008.1/x86_64/xine-caca-1.1.11.1-4.1mdv2008.1.x86_64.rpm
 a59961f56512404d607efacffa5793c4  2008.1/x86_64/xine-dxr3-1.1.11.1-4.1mdv2008.1.x86_64.rpm
 01f42963ea50d644e7351790b8a24b94  2008.1/x86_64/xine-esd-1.1.11.1-4.1mdv2008.1.x86_64.rpm
 d7c790f3019049aaf14714f38b3d81ac  2008.1/x86_64/xine-flac-1.1.11.1-4.1mdv2008.1.x86_64.rpm
 2c12d76b5848845ad4de5c1bdf7a32ad  2008.1/x86_64/xine-gnomevfs-1.1.11.1-4.1mdv2008.1.x86_64.rpm
 628ae9d2ac10eaf6d3b02dd0ba2abcae  2008.1/x86_64/xine-image-1.1.11.1-4.1mdv2008.1.x86_64.rpm
 c008ce2ab72809ab87d93c23deb4d195  2008.1/x86_64/xine-jack-1.1.11.1-4.1mdv2008.1.x86_64.rpm
 559544de22e927b9d28d244b029e0d54  2008.1/x86_64/xine-plugins-1.1.11.1-4.1mdv2008.1.x86_64.rpm
 24b4fe41ecaf1f4d91ecbce88ab61b67  2008.1/x86_64/xine-pulse-1.1.11.1-4.1mdv2008.1.x86_64.rpm
 64ba32889ddf4c0c9664d49b06efe607  2008.1/x86_64/xine-sdl-1.1.11.1-4.1mdv2008.1.x86_64.rpm
 8867bb990ec77a42ea20886d3500d94d  2008.1/x86_64/xine-smb-1.1.11.1-4.1mdv2008.1.x86_64.rpm
 b10ee4d5faa7e8379d0d9cb6d02c74f1  2008.1/x86_64/xine-wavpack-1.1.11.1-4.1mdv2008.1.x86_64.rpm 
 c0d83761ba92778f6dbc87e581119a71  2008.1/SRPMS/xine-lib-1.1.11.1-4.1mdv2008.1.src.rpm

2008.0 i586

 ad845d6dc3353c1ca97f5aa95d992ff1  2008.0/i586/libxine1-1.1.8-4.6mdv2008.0.i586.rpm
 ae9a07c197291e8a274a276946c5b757  2008.0/i586/libxine-devel-1.1.8-4.6mdv2008.0.i586.rpm
 b9b9ce8553746b0628b4183ea2ce4b6d  2008.0/i586/xine-aa-1.1.8-4.6mdv2008.0.i586.rpm
 17c32afdfbde86f0f31097f984177d65  2008.0/i586/xine-caca-1.1.8-4.6mdv2008.0.i586.rpm
 fbd3c46574aa4ffbe8cb406c4dc88417  2008.0/i586/xine-dxr3-1.1.8-4.6mdv2008.0.i586.rpm
 f9d4d16bb9f172cf493b739bb454e9df  2008.0/i586/xine-esd-1.1.8-4.6mdv2008.0.i586.rpm
 558accfe2cc33255ccad98d6a8441064  2008.0/i586/xine-flac-1.1.8-4.6mdv2008.0.i586.rpm
 264cc6cdbce7b1f6c83e343c187cb509  2008.0/i586/xine-gnomevfs-1.1.8-4.6mdv2008.0.i586.rpm
 2aed56b1bbd7a6c3354fe75f53b4f3e2  2008.0/i586/xine-image-1.1.8-4.6mdv2008.0.i586.rpm
 e05266e2becad52ebda0cb8c02ae13b3  2008.0/i586/xine-jack-1.1.8-4.6mdv2008.0.i586.rpm
 016e9b18b74eed89bf2f200e7174b3cb  2008.0/i586/xine-plugins-1.1.8-4.6mdv2008.0.i586.rpm
 b3346291b6428d1add2fa62055cd492a  2008.0/i586/xine-pulse-1.1.8-4.6mdv2008.0.i586.rpm
 12346f664080c9cf162f235de7f91ad4  2008.0/i586/xine-sdl-1.1.8-4.6mdv2008.0.i586.rpm
 36965664cca748ae612cc6d178122ae8  2008.0/i586/xine-smb-1.1.8-4.6mdv2008.0.i586.rpm 
 ac597fd40a0b449cd4f1692ccb759572  2008.0/SRPMS/xine-lib-1.1.8-4.6mdv2008.0.src.rpm

2008.0 x86_64

 b1cb0d0f17d17c4c82040f8688019578  2008.0/x86_64/lib64xine1-1.1.8-4.6mdv2008.0.x86_64.rpm
 ea2ea3354c51cb308334b5ba29e23a18  2008.0/x86_64/lib64xine-devel-1.1.8-4.6mdv2008.0.x86_64.rpm
 624b0ccb940a022fd4aeda527df52bf5  2008.0/x86_64/xine-aa-1.1.8-4.6mdv2008.0.x86_64.rpm
 c50654970f441adf19bb3df7b63552a9  2008.0/x86_64/xine-caca-1.1.8-4.6mdv2008.0.x86_64.rpm
 1dc6495f61075962070fa17686ab4672  2008.0/x86_64/xine-dxr3-1.1.8-4.6mdv2008.0.x86_64.rpm
 90f792c06169cb9856a4fc5ff3755107  2008.0/x86_64/xine-esd-1.1.8-4.6mdv2008.0.x86_64.rpm
 00caa1c8cfd859ced79bd4917306aa5f  2008.0/x86_64/xine-flac-1.1.8-4.6mdv2008.0.x86_64.rpm
 5c03fc3b2167d7a10d6fbb63011bfb76  2008.0/x86_64/xine-gnomevfs-1.1.8-4.6mdv2008.0.x86_64.rpm
 df2406c34d7d157d3eaaa644b07833c1  2008.0/x86_64/xine-image-1.1.8-4.6mdv2008.0.x86_64.rpm
 76983bf74762c4bd66f849823ac2f553  2008.0/x86_64/xine-jack-1.1.8-4.6mdv2008.0.x86_64.rpm
 dd31feadafd83e1f454627064ebca047  2008.0/x86_64/xine-plugins-1.1.8-4.6mdv2008.0.x86_64.rpm
 458aeeac225e2c46dcda2a7f5e74701a  2008.0/x86_64/xine-pulse-1.1.8-4.6mdv2008.0.x86_64.rpm
 fac50b5c5b9de0862c01344e7a6c0be6  2008.0/x86_64/xine-sdl-1.1.8-4.6mdv2008.0.x86_64.rpm
 bf1935546d1de8e7df0c05076a1605bd  2008.0/x86_64/xine-smb-1.1.8-4.6mdv2008.0.x86_64.rpm 
 ac597fd40a0b449cd4f1692ccb759572  2008.0/SRPMS/xine-lib-1.1.8-4.6mdv2008.0.src.rpm

References