-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
--------------------------------------------------------------------------
Turbolinux Security Advisory TLSA-2007-33
http://www.turbolinux.co.jp/security/
security-team@turbolinux.co.jp
--------------------------------------------------------------------------
Original released date: 21 Jun 2007
Last revised: 21 Jun 2007
Package: xine-lib
Summary: Buffer overflows
More information:
The xine engine is a free media player engine. It comes in the form of a shared
libarary and is typically used by media player frontends and other multimedia
applications for playback of multimedia streams such as movies, radio/tv
network streams, DVDs, VCDs.
Remote attackers to cause a buffer overflow.
Impact:
The DirectShow loader and DMO_VideoDecoder_Open in MPlayer 1.0rc1 used in xine-lib,
does not set the biSize before use in a memcpy, which allows user-assisted remote
attackers to cause a buffer overflow and possibly execute arbitrary code.
Affected Products:
- Turbolinux Wizpy
- Turbolinux FUJI
- Turbolinux Home
- Turbolinux 10 F...
- Turbolinux 10 Desktop
<wizpy>
Source Packages
Size: MD5
extrafiles-OS246-3.src.rpm
31992324 08552dba95f4bf808ed1dfbb436847e5
xine-lib-1.0.3a-7.src.rpm
7355124 e23f011b27379d3cfa1ecced3da396d8
Binary Packages
Size: MD5
extrafiles-OS246-3.i386.rpm
768345 bde22dc67fcb4bc53147245828019b2a
xine-lib-1.0.3a-7.i386.rpm
3577850 3744955594230e2ce95e238e44e44d55
xine-lib-extra-mpeg-1.0.3a-7.i386.rpm
127740 1e6b8b9ff71e01d38421828d76bfc684
xine-lib-wmf-1.0.3a-7.i386.rpm
23224 e4212550c28c8ca48e514cadb4100731
<Turbolinux FUJI>
Source Packages
Size: MD5
xine-lib-1.0.3a-7.src.rpm
7355124 26a5a94d511793801b39c5d022625e9a
Binary Packages
Size: MD5
xine-lib-1.0.3a-7.i686.rpm
3727337 fc3d8ba5b940b548f34c449bf2ee42ba
xine-lib-wmf-1.0.3a-7.i686.rpm
23442 7e66d580315952c73ac50c5d02c2586f
<Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal>
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/xine-lib-1rc3c-16.src.rpm
6491357 082b5ebe5a6da4f6efe51200aae16633
Binary Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/xine-lib-1rc3c-16.i586.rpm
3413325 183948bf8405b293a4119a60c865c74d
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/xine-lib-devel-1rc3c-16.i586.rpm
381405 6b284b831470ea09358de03c88a48ea7
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/xine-lib-wmf-1rc3c-16.i586.rpm
22596 463c3765ed466484dd14dd9e93bcb10d
References:
CVE
[CVE-2007-1246]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1246
[CVE-2007-1387]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1387
--------------------------------------------------------------------------
Revision History
21 Jun 2007 Initial release
--------------------------------------------------------------------------
Copyright(C) 2007 Turbolinux, Inc. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFGeh65K0LzjOqIJMwRAlAwAJ4nGWrrIQCrKvcOKXv05lUjULBSgQCfTxua
RBJYz1aWdzykFxA3EIGQ3YQ=
=L+xU
-----END PGP SIGNATURE-----