---------------------------------------------------------------------- Want to join the Secunia Security Team? Secunia offers a position as a security specialist, where your daily work involves reverse engineering of software and exploit code, auditing of source code, and analysis of vulnerability reports. http://secunia.com/secunia_security_specialist/ ---------------------------------------------------------------------- TITLE: Mandriva update for xine-lib SECUNIA ADVISORY ID: SA20828 VERIFY ADVISORY: http://secunia.com/advisories/20828/ CRITICAL: Moderately critical IMPACT: System access, DoS WHERE: >From remote OPERATING SYSTEM: Mandriva Linux 2006 http://secunia.com/product/9020/ DESCRIPTION: Mandriva has issued an update for xine-lib. This fixes a weakness, which can be exploited by malicious people to crash certain applications on a user's system For more information: SA20369 A boundary error in the AVI demuxer, which may be exploited to cause a buffer overflow, has also been reported. SOLUTION: Apply updated packages. -- Mandrivalinux 2006 -- 904b1e86d75ee4bfa8281502b8d8dd60 2006.0/RPMS/libxine1-1.1.0-9.3.20060mdk.i586.rpm ddae938ae14b61dc19311e3b1c43c732 2006.0/RPMS/libxine1-devel-1.1.0-9.3.20060mdk.i586.rpm 52d14f097de9909ae7fa7cb4cc079a69 2006.0/RPMS/xine-aa-1.1.0-9.3.20060mdk.i586.rpm 723156ddabd5ee3f88693e578d96e56d 2006.0/RPMS/xine-arts-1.1.0-9.3.20060mdk.i586.rpm 5f28c1bc6bf0688c6ecb260e00531846 2006.0/RPMS/xine-dxr3-1.1.0-9.3.20060mdk.i586.rpm 84dd3acde96126f2b6f0146a0a24dade 2006.0/RPMS/xine-esd-1.1.0-9.3.20060mdk.i586.rpm 3d216fdcc4bd0c0e768b6d779a0e1d49 2006.0/RPMS/xine-flac-1.1.0-9.3.20060mdk.i586.rpm 3a62513a70e360c38f3c82ea2d3e7310 2006.0/RPMS/xine-gnomevfs-1.1.0-9.3.20060mdk.i586.rpm 7e044bd1b04ee2531f5f5cd4fe7daad3 2006.0/RPMS/xine-image-1.1.0-9.3.20060mdk.i586.rpm d75c1fcc21a53f88c5abe88497968421 2006.0/RPMS/xine-plugins-1.1.0-9.3.20060mdk.i586.rpm dabedf3272f152fb60bb5a413050c7e0 2006.0/RPMS/xine-polyp-1.1.0-9.3.20060mdk.i586.rpm e1885c8818bafdd885f96eaf8c12ef7f 2006.0/RPMS/xine-smb-1.1.0-9.3.20060mdk.i586.rpm ff8503a1b8087bc9181f07678438553d 2006.0/SRPMS/xine-lib-1.1.0-9.3.20060mdk.src.rpm -- Mandrivalinux 2006/X86_64 -- bfe9c3b5b5df347001df5cfd0bb2f644 x86_64/2006.0/RPMS/lib64xine1-1.1.0-9.3.20060mdk.x86_64.rpm 94d8aa7a860ba4aa93f655c09ad1c366 x86_64/2006.0/RPMS/lib64xine1-devel-1.1.0-9.3.20060mdk.x86_64.rpm 0a4c15b7e94af988af673273e8258328 x86_64/2006.0/RPMS/xine-aa-1.1.0-9.3.20060mdk.x86_64.rpm 299d73e1d222b28c1c2901896e2507ed x86_64/2006.0/RPMS/xine-arts-1.1.0-9.3.20060mdk.x86_64.rpm 26add5380db72a42ef9bd67508f48dad x86_64/2006.0/RPMS/xine-dxr3-1.1.0-9.3.20060mdk.x86_64.rpm 51cb6ba50f28b1868691460376639a6c x86_64/2006.0/RPMS/xine-esd-1.1.0-9.3.20060mdk.x86_64.rpm e970668f572b7e7a62530b778b3fb493 x86_64/2006.0/RPMS/xine-flac-1.1.0-9.3.20060mdk.x86_64.rpm f5293bf40bd328e14c1291c68237b1d8 x86_64/2006.0/RPMS/xine-gnomevfs-1.1.0-9.3.20060mdk.x86_64.rpm 537a00c6c9509a99d9112440dd49e7d1 x86_64/2006.0/RPMS/xine-image-1.1.0-9.3.20060mdk.x86_64.rpm 8b752a25e5220b0a846a44f16789b7c9 x86_64/2006.0/RPMS/xine-plugins-1.1.0-9.3.20060mdk.x86_64.rpm b66deaeca87b2e72508e1ca72024f59e x86_64/2006.0/RPMS/xine-polyp-1.1.0-9.3.20060mdk.x86_64.rpm e89abe16a92fc7fa2cafc9e0ab031ac5 x86_64/2006.0/RPMS/xine-smb-1.1.0-9.3.20060mdk.x86_64.rpm ff8503a1b8087bc9181f07678438553d x86_64/2006.0/SRPMS/xine-lib-1.1.0-9.3.20060mdk.src.rpm ORIGINAL ADVISORY: http://www.mandriva.com/security/advisories?name=MDKSA-2006:108 OTHER REFERENCES: SA20369: http://secunia.com/advisories/20369/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------