Support / Security / Advisories / Mandriva Linux 2008.1 / MDVSA-2008:177

Package name: xine-lib
Date: 2008-08-20
Advisory ID: MDVSA-2008:177
Affected versions: 2008.1 x86_64 , 2008.1 i586

Problem description

Guido Landi found A stack-based buffer overflow in xine-lib
that could allow a remote attacker to cause a denial of service
(crash) and potentially execute arbitrary code via a long NSF title
(CVE-2008-1878).

The updated packages have been patched to correct this issue.

Updated packages

2008.1 x86_64

 a9ff3e2ff6df1a32a53f5c18d4f0385a  2008.1/x86_64/lib64xine1-1.1.11.1-4.2mdv2008.1.x86_64.rpm
 87c32e02d5cd1fb408e934a2dc3007ba  2008.1/x86_64/lib64xine-devel-1.1.11.1-4.2mdv2008.1.x86_64.rpm
 59375c9ce1868bb410b03851d6798718  2008.1/x86_64/xine-aa-1.1.11.1-4.2mdv2008.1.x86_64.rpm
 f45bcfce4d66d8a2b683371dd7030e37  2008.1/x86_64/xine-caca-1.1.11.1-4.2mdv2008.1.x86_64.rpm
 4775483c71308e162ef87b99ac303d90  2008.1/x86_64/xine-dxr3-1.1.11.1-4.2mdv2008.1.x86_64.rpm
 bdb716d2e1bd7477a78cba9725b93b90  2008.1/x86_64/xine-esd-1.1.11.1-4.2mdv2008.1.x86_64.rpm
 5bfe733f4a30232c91c573238fc3beb2  2008.1/x86_64/xine-flac-1.1.11.1-4.2mdv2008.1.x86_64.rpm
 7ac3d2c4b723f5e72727d8719d50b35c  2008.1/x86_64/xine-gnomevfs-1.1.11.1-4.2mdv2008.1.x86_64.rpm
 401c5dbc008597aa06774b3eeb02e57d  2008.1/x86_64/xine-image-1.1.11.1-4.2mdv2008.1.x86_64.rpm
 2957efe6941036a9f97621068587614f  2008.1/x86_64/xine-jack-1.1.11.1-4.2mdv2008.1.x86_64.rpm
 acdba1ff341e79ce14b31aeecfb5d573  2008.1/x86_64/xine-plugins-1.1.11.1-4.2mdv2008.1.x86_64.rpm
 0b5a46d078f22d304e413e7772992903  2008.1/x86_64/xine-pulse-1.1.11.1-4.2mdv2008.1.x86_64.rpm
 312ef813d09a5dfd7456e9a3a500fc06  2008.1/x86_64/xine-sdl-1.1.11.1-4.2mdv2008.1.x86_64.rpm
 ad61d3fd3e66e92f18464e5622cba4c3  2008.1/x86_64/xine-smb-1.1.11.1-4.2mdv2008.1.x86_64.rpm
 74380a1f6f47ae4ba8f88031b39304a5  2008.1/x86_64/xine-wavpack-1.1.11.1-4.2mdv2008.1.x86_64.rpm 
 b8c89ebf6906c01d471205934bcdcfd3  2008.1/SRPMS/xine-lib-1.1.11.1-4.2mdv2008.1.src.rpm

2008.1 i586

 10db71c6a43508d36ba8d93f290f72d6  2008.1/i586/libxine1-1.1.11.1-4.2mdv2008.1.i586.rpm
 106e82cbd1e2ed40f533fe6d28f2ccfb  2008.1/i586/libxine-devel-1.1.11.1-4.2mdv2008.1.i586.rpm
 80f94cbfc8be99ea04de884066a5b95e  2008.1/i586/xine-aa-1.1.11.1-4.2mdv2008.1.i586.rpm
 9d42258f0e3ae0128d054ae53805cbd8  2008.1/i586/xine-caca-1.1.11.1-4.2mdv2008.1.i586.rpm
 31d7177e7ae1b81e89fc28811ba4567e  2008.1/i586/xine-dxr3-1.1.11.1-4.2mdv2008.1.i586.rpm
 b0a98953adc702b1921135412ad603cd  2008.1/i586/xine-esd-1.1.11.1-4.2mdv2008.1.i586.rpm
 086ee1475478bd3e64a3dc4b9f677dcd  2008.1/i586/xine-flac-1.1.11.1-4.2mdv2008.1.i586.rpm
 43e7881b465be3ed1df25247af758692  2008.1/i586/xine-gnomevfs-1.1.11.1-4.2mdv2008.1.i586.rpm
 e07999dc5149e38ed39a778e46298523  2008.1/i586/xine-image-1.1.11.1-4.2mdv2008.1.i586.rpm
 fdc64b384993234582716d49beadd3e0  2008.1/i586/xine-jack-1.1.11.1-4.2mdv2008.1.i586.rpm
 6ec501e08df57145bcf1eeb4730f43dd  2008.1/i586/xine-plugins-1.1.11.1-4.2mdv2008.1.i586.rpm
 6d0a6630688d65cad364fb4b60449867  2008.1/i586/xine-pulse-1.1.11.1-4.2mdv2008.1.i586.rpm
 cb42e25b94a5c6bbf640878cedef4ab1  2008.1/i586/xine-sdl-1.1.11.1-4.2mdv2008.1.i586.rpm
 61dc627d3b187ba4cf0281b956b7fa56  2008.1/i586/xine-smb-1.1.11.1-4.2mdv2008.1.i586.rpm
 b032fa9c5083bcc6130b550983efb024  2008.1/i586/xine-wavpack-1.1.11.1-4.2mdv2008.1.i586.rpm 
 b8c89ebf6906c01d471205934bcdcfd3  2008.1/SRPMS/xine-lib-1.1.11.1-4.2mdv2008.1.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1878