Nom du paquet
xine-lib
Date
2008-01-22
Advisory ID
MDVSA-2008:020
Affected versions
2007.1 i586 , CS3.0 x86_64 , 2008.0 x86_64 , CS3.0 i586 , 2008.0 i586 , 2007.1 x86_64

Problem description

Two vulnerabilities discovered in xine-lib allow remote execution of
arbitrary code:

Heap-based buffer overflow in the rmff_dump_cont function in
input/libreal/rmff.c in xine-lib 1.1.9 and earlier allows remote
attackers to execute arbitrary code via the SDP Abstract attribute,
related to the rmff_dump_header function and related to disregarding
the max field. (CVE-2008-0225)

Multiple heap-based buffer overflows in the rmff_dump_cont function
in input/libreal/rmff.c in xine-lib 1.1.9 allow remote attackers
to execute arbitrary code via the SDP (1) Title, (2) Author, or
(3) Copyright attribute, related to the rmff_dump_header function,
different vectors than CVE-2008-0225. (CVE-2008-0238)

Besides those security issues, the xine-lib provided in Mandriva
Linux 2008.0 and 2007.1 did not automatically use Real binary
codecs, when the user had them installed in /usr/lib64/real
on x86_64 architecture. Also, xine-lib of Mandriva Linux
2007.1 did not automatically use the Real codecs from
/usr/lib/RealPlayer10GOLD/codecs, which is provided by RealPlayer
package of Mandriva Powerpack editions.

The updated packages fix these issues.

Updated packages

2007.1 i586

 0425cb3f41748d28153cce1ccb12dea3  2007.1/i586/libxine1-1.1.4-6.4mdv2007.1.i586.rpm
 a52282954feb98515dda02bf0d12824c  2007.1/i586/libxine1-devel-1.1.4-6.4mdv2007.1.i586.rpm
 ae5cb1f5ed8edcad70c1a2959ae5b792  2007.1/i586/xine-aa-1.1.4-6.4mdv2007.1.i586.rpm
 dad128f433aad362b0caef2b0e1611ab  2007.1/i586/xine-arts-1.1.4-6.4mdv2007.1.i586.rpm
 a612268c4d7abe207a26e056625940e0  2007.1/i586/xine-caca-1.1.4-6.4mdv2007.1.i586.rpm
 9b80f2cec010dd4a35273d809990434d  2007.1/i586/xine-dxr3-1.1.4-6.4mdv2007.1.i586.rpm
 0ac7b2249890f120e74a99dc41c01ac9  2007.1/i586/xine-esd-1.1.4-6.4mdv2007.1.i586.rpm
 483162a8549d0538da374d7248181c2d  2007.1/i586/xine-flac-1.1.4-6.4mdv2007.1.i586.rpm
 32d1831d72330bbe9912d29187996558  2007.1/i586/xine-gnomevfs-1.1.4-6.4mdv2007.1.i586.rpm
 0f72fb4106db4754f00c7bff05caed51  2007.1/i586/xine-image-1.1.4-6.4mdv2007.1.i586.rpm
 2921a034e5f262c44338424e2d47d1ae  2007.1/i586/xine-jack-1.1.4-6.4mdv2007.1.i586.rpm
 834c09f6c31e75e8b95b6739d9c71f1b  2007.1/i586/xine-plugins-1.1.4-6.4mdv2007.1.i586.rpm
 399151a0f4fa108db7d36fb00daf9ec2  2007.1/i586/xine-pulse-1.1.4-6.4mdv2007.1.i586.rpm
 c89083751fdf9c05cc47faeea581de6d  2007.1/i586/xine-sdl-1.1.4-6.4mdv2007.1.i586.rpm
 0a06dfc5a64ec3bdfd8374640d87b1cf  2007.1/i586/xine-smb-1.1.4-6.4mdv2007.1.i586.rpm 
 80b87916c772a9b7f960a7c091561a61  2007.1/SRPMS/xine-lib-1.1.4-6.4mdv2007.1.src.rpm

CS3.0 x86_64

 a2dbfda340b2a104d4fd0b597bbf29bb  corporate/3.0/x86_64/lib64xine1-1-0.rc3.6.17.C30mdk.x86_64.rpm
 49e79c27f972696493e02b85041be88d  corporate/3.0/x86_64/lib64xine1-devel-1-0.rc3.6.17.C30mdk.x86_64.rpm
 dd4a10f43839eab85ab313f6f99799f2  corporate/3.0/x86_64/xine-aa-1-0.rc3.6.17.C30mdk.x86_64.rpm
 29a789608c6cd64ee5757bc34fe6ceb3  corporate/3.0/x86_64/xine-arts-1-0.rc3.6.17.C30mdk.x86_64.rpm
 1d24fe2cd77fd5af013127cdad877da6  corporate/3.0/x86_64/xine-esd-1-0.rc3.6.17.C30mdk.x86_64.rpm
 a5c1dbe1c1d19a31ca43ad21e5f016a4  corporate/3.0/x86_64/xine-flac-1-0.rc3.6.17.C30mdk.x86_64.rpm
 a304d6f1e0f18d0417bd8c767ebebee9  corporate/3.0/x86_64/xine-gnomevfs-1-0.rc3.6.17.C30mdk.x86_64.rpm
 4de2d9860ba8d53f5356f7f089cfb163  corporate/3.0/x86_64/xine-plugins-1-0.rc3.6.17.C30mdk.x86_64.rpm 
 d81ea6135561f0b73aea2f371b35ab77  corporate/3.0/SRPMS/xine-lib-1-0.rc3.6.17.C30mdk.src.rpm

2008.0 x86_64

 f1399c157c7d436c73acd08ddd9081e0  2008.0/x86_64/lib64xine-devel-1.1.8-4.2mdv2008.0.x86_64.rpm
 9c60468f8fcc3b07122c5e96093e2b2c  2008.0/x86_64/lib64xine1-1.1.8-4.2mdv2008.0.x86_64.rpm
 333295378a58a2fdb0ad2a2129d29155  2008.0/x86_64/xine-aa-1.1.8-4.2mdv2008.0.x86_64.rpm
 df2ff1b09fbd75155bbc057fc9b4f073  2008.0/x86_64/xine-caca-1.1.8-4.2mdv2008.0.x86_64.rpm
 0f55f58c1d50a87b6412d70ee0708a0e  2008.0/x86_64/xine-dxr3-1.1.8-4.2mdv2008.0.x86_64.rpm
 4efc7d9ec4650984939797ba0862fa57  2008.0/x86_64/xine-esd-1.1.8-4.2mdv2008.0.x86_64.rpm
 19497ba3ee828ae5faf6d7c192546434  2008.0/x86_64/xine-flac-1.1.8-4.2mdv2008.0.x86_64.rpm
 704a84ca69404e89fe4a2906a8b4011b  2008.0/x86_64/xine-gnomevfs-1.1.8-4.2mdv2008.0.x86_64.rpm
 33c2c9e2e33d2d040548fb0489854c03  2008.0/x86_64/xine-image-1.1.8-4.2mdv2008.0.x86_64.rpm
 24bf8f274488f1cd816ae355b16db60b  2008.0/x86_64/xine-jack-1.1.8-4.2mdv2008.0.x86_64.rpm
 23cc75280d9b3fd8525fee860b845140  2008.0/x86_64/xine-plugins-1.1.8-4.2mdv2008.0.x86_64.rpm
 3027b28ad28e79dd29c811236e40013f  2008.0/x86_64/xine-pulse-1.1.8-4.2mdv2008.0.x86_64.rpm
 158a3f1d31545d014d6b5e2ea49bf421  2008.0/x86_64/xine-sdl-1.1.8-4.2mdv2008.0.x86_64.rpm
 0648b9b8c2de3e539e22025d162b4139  2008.0/x86_64/xine-smb-1.1.8-4.2mdv2008.0.x86_64.rpm 
 993efeefd9eb64b9e667b057e4392052  2008.0/SRPMS/xine-lib-1.1.8-4.2mdv2008.0.src.rpm

CS3.0 i586

 038d738b78fb810f3cf6cacfaaaa9d8a  corporate/3.0/i586/libxine1-1-0.rc3.6.17.C30mdk.i586.rpm
 48aedd6efe7650fdc8aa2dfd5f705c99  corporate/3.0/i586/libxine1-devel-1-0.rc3.6.17.C30mdk.i586.rpm
 05fc9c5d9e2a82136fc8e1f258dd9983  corporate/3.0/i586/xine-aa-1-0.rc3.6.17.C30mdk.i586.rpm
 2b3e1590d5f0f9e7ac8492b7882a1fdb  corporate/3.0/i586/xine-arts-1-0.rc3.6.17.C30mdk.i586.rpm
 40f43c041a7342eb18704551c9f5b06b  corporate/3.0/i586/xine-dxr3-1-0.rc3.6.17.C30mdk.i586.rpm
 a76ea3ff7d3012879f679d39956958a6  corporate/3.0/i586/xine-esd-1-0.rc3.6.17.C30mdk.i586.rpm
 1ef5808de5c84338d6832bbff07fbd04  corporate/3.0/i586/xine-flac-1-0.rc3.6.17.C30mdk.i586.rpm
 f066f57c4abc76e93bc53cc33ed752cc  corporate/3.0/i586/xine-gnomevfs-1-0.rc3.6.17.C30mdk.i586.rpm
 682b7b6c2aa9fed83b84b6148e4451a5  corporate/3.0/i586/xine-plugins-1-0.rc3.6.17.C30mdk.i586.rpm 
 d81ea6135561f0b73aea2f371b35ab77  corporate/3.0/SRPMS/xine-lib-1-0.rc3.6.17.C30mdk.src.rpm

2008.0 i586

 b8ddd27f6bccd9536a424a745807ba20  2008.0/i586/libxine-devel-1.1.8-4.2mdv2008.0.i586.rpm
 37542d747bb7e2affe94a01e8126177d  2008.0/i586/libxine1-1.1.8-4.2mdv2008.0.i586.rpm
 5f61e5940289928b29e12700685bacb4  2008.0/i586/xine-aa-1.1.8-4.2mdv2008.0.i586.rpm
 6c909003ae673741e6182b87872818ce  2008.0/i586/xine-caca-1.1.8-4.2mdv2008.0.i586.rpm
 16ca047ed41868bb42721a901d19d76c  2008.0/i586/xine-dxr3-1.1.8-4.2mdv2008.0.i586.rpm
 8900b1680fb7acba255289457cc340e8  2008.0/i586/xine-esd-1.1.8-4.2mdv2008.0.i586.rpm
 f3f9c4dca23d10e5f69cfaf43eb108df  2008.0/i586/xine-flac-1.1.8-4.2mdv2008.0.i586.rpm
 6d5ca2b59114daec96dbb9099c54a072  2008.0/i586/xine-gnomevfs-1.1.8-4.2mdv2008.0.i586.rpm
 3a6704452c5525bd439e10be58377c73  2008.0/i586/xine-image-1.1.8-4.2mdv2008.0.i586.rpm
 31ec514af2f9882106a3b63d77e71fbe  2008.0/i586/xine-jack-1.1.8-4.2mdv2008.0.i586.rpm
 c2e2126c0a20d412bef4cd7da32b1397  2008.0/i586/xine-plugins-1.1.8-4.2mdv2008.0.i586.rpm
 210aadbad67bf76cc13713da2a1040a5  2008.0/i586/xine-pulse-1.1.8-4.2mdv2008.0.i586.rpm
 263c4a276310d933291a8ed514e9d6db  2008.0/i586/xine-sdl-1.1.8-4.2mdv2008.0.i586.rpm
 1a89980df7aa1a78e75ee2133ea69b0f  2008.0/i586/xine-smb-1.1.8-4.2mdv2008.0.i586.rpm 
 993efeefd9eb64b9e667b057e4392052  2008.0/SRPMS/xine-lib-1.1.8-4.2mdv2008.0.src.rpm

2007.1 x86_64

 114aa8a5fabe21a77ad2c373882d2bcc  2007.1/x86_64/lib64xine1-1.1.4-6.4mdv2007.1.x86_64.rpm
 517955bedb1bf7f7331b2c347176e51b  2007.1/x86_64/lib64xine1-devel-1.1.4-6.4mdv2007.1.x86_64.rpm
 9c4eac581fec386b37dc40d91a67b97f  2007.1/x86_64/xine-aa-1.1.4-6.4mdv2007.1.x86_64.rpm
 4badbf05f0479a7ad7c8bf6b418a4a3e  2007.1/x86_64/xine-arts-1.1.4-6.4mdv2007.1.x86_64.rpm
 38c0674c9177ce623c94ad186b678833  2007.1/x86_64/xine-caca-1.1.4-6.4mdv2007.1.x86_64.rpm
 510cff5d0631a5f3786309b8d8b67f94  2007.1/x86_64/xine-dxr3-1.1.4-6.4mdv2007.1.x86_64.rpm
 679c966a211a82ee2c37316e415822ad  2007.1/x86_64/xine-esd-1.1.4-6.4mdv2007.1.x86_64.rpm
 2be3f89b1b785f80f8c52c9a3cd37870  2007.1/x86_64/xine-flac-1.1.4-6.4mdv2007.1.x86_64.rpm
 a31ca7b52d73f4eff789da480aa34468  2007.1/x86_64/xine-gnomevfs-1.1.4-6.4mdv2007.1.x86_64.rpm
 6fd513da3d06beaeb92773503d5be8e9  2007.1/x86_64/xine-image-1.1.4-6.4mdv2007.1.x86_64.rpm
 cd8ab4bd74ac79cf834df9a3fc47a461  2007.1/x86_64/xine-jack-1.1.4-6.4mdv2007.1.x86_64.rpm
 558285bf5c75356cee16a27ec39673a4  2007.1/x86_64/xine-plugins-1.1.4-6.4mdv2007.1.x86_64.rpm
 3acbd43c49616d623ac428897718ed1a  2007.1/x86_64/xine-pulse-1.1.4-6.4mdv2007.1.x86_64.rpm
 41a557e9f2bca3ee704839aa09b7e258  2007.1/x86_64/xine-sdl-1.1.4-6.4mdv2007.1.x86_64.rpm
 2e10a1e2e9a78c5f8e91100faea96a6c  2007.1/x86_64/xine-smb-1.1.4-6.4mdv2007.1.x86_64.rpm 
 80b87916c772a9b7f960a7c091561a61  2007.1/SRPMS/xine-lib-1.1.4-6.4mdv2007.1.src.rpm

References