Nom du paquet
xine-lib
Date
2006-06-20
Advisory ID
MDKSA-2006:108
Affected versions
2006.0 i586 , 10.2 i586 , CS3.0 x86_64 , CS3.0 i586 , 10.2 x86_64 , 2006.0 x86_64

Problem description

A buffer overflow in the HTTP Plugin (xineplug_inp_http.so) for xine-lib
1.1.1 allows remote attackers to cause a denial of service (application
crash) via a long reply from an HTTP server, as demonstrated using gxine
0.5.6. (CVE-2006-2802)

In addition, a possible buffer overflow exists in the AVI demuxer,
similar in nature to CVE-2006-1502 for MPlayer. The Corporate 3 release
of xine-lib does not have this issue.

The updated packages have been patched to correct these issues.

Updated packages

2006.0 i586

 904b1e86d75ee4bfa8281502b8d8dd60  2006.0/RPMS/libxine1-1.1.0-9.3.20060mdk.i586.rpm
 ddae938ae14b61dc19311e3b1c43c732  2006.0/RPMS/libxine1-devel-1.1.0-9.3.20060mdk.i586.rpm
 52d14f097de9909ae7fa7cb4cc079a69  2006.0/RPMS/xine-aa-1.1.0-9.3.20060mdk.i586.rpm
 723156ddabd5ee3f88693e578d96e56d  2006.0/RPMS/xine-arts-1.1.0-9.3.20060mdk.i586.rpm
 5f28c1bc6bf0688c6ecb260e00531846  2006.0/RPMS/xine-dxr3-1.1.0-9.3.20060mdk.i586.rpm
 84dd3acde96126f2b6f0146a0a24dade  2006.0/RPMS/xine-esd-1.1.0-9.3.20060mdk.i586.rpm
 3d216fdcc4bd0c0e768b6d779a0e1d49  2006.0/RPMS/xine-flac-1.1.0-9.3.20060mdk.i586.rpm
 3a62513a70e360c38f3c82ea2d3e7310  2006.0/RPMS/xine-gnomevfs-1.1.0-9.3.20060mdk.i586.rpm
 7e044bd1b04ee2531f5f5cd4fe7daad3  2006.0/RPMS/xine-image-1.1.0-9.3.20060mdk.i586.rpm
 d75c1fcc21a53f88c5abe88497968421  2006.0/RPMS/xine-plugins-1.1.0-9.3.20060mdk.i586.rpm
 dabedf3272f152fb60bb5a413050c7e0  2006.0/RPMS/xine-polyp-1.1.0-9.3.20060mdk.i586.rpm
 e1885c8818bafdd885f96eaf8c12ef7f  2006.0/RPMS/xine-smb-1.1.0-9.3.20060mdk.i586.rpm
 ff8503a1b8087bc9181f07678438553d  2006.0/SRPMS/xine-lib-1.1.0-9.3.20060mdk.src.rpm

10.2 i586

 d681a8b19b18a2dc5452e7df07e83e3f  10.2/RPMS/libxine1-1.0-8.3.102mdk.i586.rpm
 fff9e7c0837d2231a6e3b2654f383e9d  10.2/RPMS/libxine1-devel-1.0-8.3.102mdk.i586.rpm
 7e92134803618e43514f24b3709b4c55  10.2/RPMS/xine-aa-1.0-8.3.102mdk.i586.rpm
 0ced315ae520ab8530e577d80b618bf3  10.2/RPMS/xine-arts-1.0-8.3.102mdk.i586.rpm
 7e5c2fe58c56877e0b58e77c61f7a600  10.2/RPMS/xine-dxr3-1.0-8.3.102mdk.i586.rpm
 2c16e0b8e7bb0d481f834fcf90749c66  10.2/RPMS/xine-esd-1.0-8.3.102mdk.i586.rpm
 473b446c63ea1a698f82465925161c63  10.2/RPMS/xine-flac-1.0-8.3.102mdk.i586.rpm
 07709eec2ca1e86350f966122752c175  10.2/RPMS/xine-gnomevfs-1.0-8.3.102mdk.i586.rpm
 63a0d2f3244334e66e36b267100bd7b5  10.2/RPMS/xine-plugins-1.0-8.3.102mdk.i586.rpm
 17c00929f7ae10ba2c7ebe8460396c6b  10.2/RPMS/xine-polyp-1.0-8.3.102mdk.i586.rpm
 6d8bda0b35bb615d458053a5489f4e8e  10.2/RPMS/xine-smb-1.0-8.3.102mdk.i586.rpm
 5efc378a2f15f33f080d938d27100861  10.2/SRPMS/xine-lib-1.0-8.3.102mdk.src.rpm

CS3.0 x86_64

 6b61bb4adaf12bcbf3b0a499321eaad0  x86_64/corporate/3.0/RPMS/lib64xine1-1-0.rc3.6.9.C30mdk.x86_64.rpm
 de9ab25205ea761b93a80167a580f833  x86_64/corporate/3.0/RPMS/lib64xine1-devel-1-0.rc3.6.9.C30mdk.x86_64.rpm
 21cff9416555046fbb635597c21488ee  x86_64/corporate/3.0/RPMS/xine-aa-1-0.rc3.6.9.C30mdk.x86_64.rpm
 ae45767a2cec62c5bd4881cfd6128679  x86_64/corporate/3.0/RPMS/xine-arts-1-0.rc3.6.9.C30mdk.x86_64.rpm
 b936148403fc056d0c6427de93dd43e9  x86_64/corporate/3.0/RPMS/xine-esd-1-0.rc3.6.9.C30mdk.x86_64.rpm
 077ef2b064905109f8dc9f0473fb92e2  x86_64/corporate/3.0/RPMS/xine-flac-1-0.rc3.6.9.C30mdk.x86_64.rpm
 0524630808f7398834e8234ddcbef63e  x86_64/corporate/3.0/RPMS/xine-gnomevfs-1-0.rc3.6.9.C30mdk.x86_64.rpm
 438c3ca4e2050d253d6d0108db150811  x86_64/corporate/3.0/RPMS/xine-plugins-1-0.rc3.6.9.C30mdk.x86_64.rpm
 d0a1c45466bb122ec7e4fb9caefa2cad  x86_64/corporate/3.0/SRPMS/xine-lib-1-0.rc3.6.9.C30mdk.src.rpm

CS3.0 i586

 66d0662ba00565b4476925a9902d0f9a  corporate/3.0/RPMS/libxine1-1-0.rc3.6.9.C30mdk.i586.rpm
 2a084d80fe44d600fe0e609cde830539  corporate/3.0/RPMS/libxine1-devel-1-0.rc3.6.9.C30mdk.i586.rpm
 b57f175e35f525f6b6b753823fc325d2  corporate/3.0/RPMS/xine-aa-1-0.rc3.6.9.C30mdk.i586.rpm
 e0d664e3fc1a2b8d99102e24c496a272  corporate/3.0/RPMS/xine-arts-1-0.rc3.6.9.C30mdk.i586.rpm
 38c038ef6e7d075308c4a2611b3f584c  corporate/3.0/RPMS/xine-dxr3-1-0.rc3.6.9.C30mdk.i586.rpm
 6afecd5f975522201bec5646fbd2ae21  corporate/3.0/RPMS/xine-esd-1-0.rc3.6.9.C30mdk.i586.rpm
 c8895ac5be58e07ed8cd15cd81e350e6  corporate/3.0/RPMS/xine-flac-1-0.rc3.6.9.C30mdk.i586.rpm
 c255ed0880402fe216f217056c9672ea  corporate/3.0/RPMS/xine-gnomevfs-1-0.rc3.6.9.C30mdk.i586.rpm
 b61bb1c61c95522f1dd5757fa3bd4a71  corporate/3.0/RPMS/xine-plugins-1-0.rc3.6.9.C30mdk.i586.rpm
 d0a1c45466bb122ec7e4fb9caefa2cad  corporate/3.0/SRPMS/xine-lib-1-0.rc3.6.9.C30mdk.src.rpm

10.2 x86_64

 4d21ed79acf486e861842133747594ae  x86_64/10.2/RPMS/lib64xine1-1.0-8.3.102mdk.x86_64.rpm
 20132d26d3a57c55992fe580333f74fe  x86_64/10.2/RPMS/lib64xine1-devel-1.0-8.3.102mdk.x86_64.rpm
 13bf0e99dbb3e4ec88848dfd59e6961f  x86_64/10.2/RPMS/xine-aa-1.0-8.3.102mdk.x86_64.rpm
 78cf2f4087c17f330499b5448e502865  x86_64/10.2/RPMS/xine-arts-1.0-8.3.102mdk.x86_64.rpm
 c1c17f1c4373837dff5d22b3cf2391ce  x86_64/10.2/RPMS/xine-dxr3-1.0-8.3.102mdk.x86_64.rpm
 3aa27fd3bd5817d1fc75410dd0508aef  x86_64/10.2/RPMS/xine-esd-1.0-8.3.102mdk.x86_64.rpm
 6156eb751055ec1b6f2f6a578d7dff12  x86_64/10.2/RPMS/xine-flac-1.0-8.3.102mdk.x86_64.rpm
 0e8c7357b1ab03f5f117e4033b4e5d77  x86_64/10.2/RPMS/xine-gnomevfs-1.0-8.3.102mdk.x86_64.rpm
 6f9cf73474c200b3d50e48b53a3fd5f6  x86_64/10.2/RPMS/xine-plugins-1.0-8.3.102mdk.x86_64.rpm
 3a8520e98e7acdf6f30dda1b12f76664  x86_64/10.2/RPMS/xine-polyp-1.0-8.3.102mdk.x86_64.rpm
 8de73b5ea3c73607138581175e0670c1  x86_64/10.2/RPMS/xine-smb-1.0-8.3.102mdk.x86_64.rpm
 5efc378a2f15f33f080d938d27100861  x86_64/10.2/SRPMS/xine-lib-1.0-8.3.102mdk.src.rpm

2006.0 x86_64

 bfe9c3b5b5df347001df5cfd0bb2f644  x86_64/2006.0/RPMS/lib64xine1-1.1.0-9.3.20060mdk.x86_64.rpm
 94d8aa7a860ba4aa93f655c09ad1c366  x86_64/2006.0/RPMS/lib64xine1-devel-1.1.0-9.3.20060mdk.x86_64.rpm
 0a4c15b7e94af988af673273e8258328  x86_64/2006.0/RPMS/xine-aa-1.1.0-9.3.20060mdk.x86_64.rpm
 299d73e1d222b28c1c2901896e2507ed  x86_64/2006.0/RPMS/xine-arts-1.1.0-9.3.20060mdk.x86_64.rpm
 26add5380db72a42ef9bd67508f48dad  x86_64/2006.0/RPMS/xine-dxr3-1.1.0-9.3.20060mdk.x86_64.rpm
 51cb6ba50f28b1868691460376639a6c  x86_64/2006.0/RPMS/xine-esd-1.1.0-9.3.20060mdk.x86_64.rpm
 e970668f572b7e7a62530b778b3fb493  x86_64/2006.0/RPMS/xine-flac-1.1.0-9.3.20060mdk.x86_64.rpm
 f5293bf40bd328e14c1291c68237b1d8  x86_64/2006.0/RPMS/xine-gnomevfs-1.1.0-9.3.20060mdk.x86_64.rpm
 537a00c6c9509a99d9112440dd49e7d1  x86_64/2006.0/RPMS/xine-image-1.1.0-9.3.20060mdk.x86_64.rpm
 8b752a25e5220b0a846a44f16789b7c9  x86_64/2006.0/RPMS/xine-plugins-1.1.0-9.3.20060mdk.x86_64.rpm
 b66deaeca87b2e72508e1ca72024f59e  x86_64/2006.0/RPMS/xine-polyp-1.1.0-9.3.20060mdk.x86_64.rpm
 e89abe16a92fc7fa2cafc9e0ab031ac5  x86_64/2006.0/RPMS/xine-smb-1.1.0-9.3.20060mdk.x86_64.rpm
 ff8503a1b8087bc9181f07678438553d  x86_64/2006.0/SRPMS/xine-lib-1.1.0-9.3.20060mdk.src.rpm

References