Network Security Audits / Vulnerability Assessments by SecuritySpace

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

--------------------------------------------------------------------------
   Turbolinux Security Advisory TLSA-2007-33
   http://www.turbolinux.co.jp/security/
                                             security-team@turbolinux.co.jp
--------------------------------------------------------------------------

Original released date: 21 Jun 2007
Last revised: 21 Jun 2007

Package: xine-lib

Summary: Buffer overflows

More information:
    The xine engine is a free media player engine. It comes in the form of a shared
    libarary and is typically used by media player frontends and other multimedia
    applications for playback of multimedia streams such as movies, radio/tv
    network streams, DVDs, VCDs.

    Remote attackers to cause a buffer overflow.

Impact:
    The DirectShow loader and DMO_VideoDecoder_Open in MPlayer 1.0rc1 used in xine-lib,
    does not set the biSize before use in a memcpy, which allows user-assisted remote
    attackers to cause a buffer overflow and possibly execute arbitrary code.

Affected Products:
    - Turbolinux Wizpy
    - Turbolinux FUJI
    - Turbolinux Home
    - Turbolinux 10 F...
    - Turbolinux 10 Desktop

<wizpy>

   Source Packages
   Size: MD5

   extrafiles-OS246-3.src.rpm
     31992324 08552dba95f4bf808ed1dfbb436847e5
   xine-lib-1.0.3a-7.src.rpm
      7355124 e23f011b27379d3cfa1ecced3da396d8

   Binary Packages
   Size: MD5

   extrafiles-OS246-3.i386.rpm
       768345 bde22dc67fcb4bc53147245828019b2a
   xine-lib-1.0.3a-7.i386.rpm
      3577850 3744955594230e2ce95e238e44e44d55
   xine-lib-extra-mpeg-1.0.3a-7.i386.rpm
       127740 1e6b8b9ff71e01d38421828d76bfc684
   xine-lib-wmf-1.0.3a-7.i386.rpm
        23224 e4212550c28c8ca48e514cadb4100731

<Turbolinux FUJI>

   Source Packages
   Size: MD5

   xine-lib-1.0.3a-7.src.rpm
      7355124 26a5a94d511793801b39c5d022625e9a

   Binary Packages
   Size: MD5

   xine-lib-1.0.3a-7.i686.rpm
      3727337 fc3d8ba5b940b548f34c449bf2ee42ba
   xine-lib-wmf-1.0.3a-7.i686.rpm
        23442 7e66d580315952c73ac50c5d02c2586f

<Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/xine-lib-1rc3c-16.src.rpm
      6491357 082b5ebe5a6da4f6efe51200aae16633

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/xine-lib-1rc3c-16.i586.rpm
      3413325 183948bf8405b293a4119a60c865c74d
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/xine-lib-devel-1rc3c-16.i586.rpm
       381405 6b284b831470ea09358de03c88a48ea7
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/xine-lib-wmf-1rc3c-16.i586.rpm
        22596 463c3765ed466484dd14dd9e93bcb10d

References:

CVE
   [CVE-2007-1246]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1246
   [CVE-2007-1387]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1387

--------------------------------------------------------------------------
Revision History
    21 Jun 2007 Initial release
--------------------------------------------------------------------------

Copyright(C) 2007 Turbolinux, Inc. All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGeh65K0LzjOqIJMwRAlAwAJ4nGWrrIQCrKvcOKXv05lUjULBSgQCfTxua
RBJYz1aWdzykFxA3EIGQ3YQ=
=L+xU
-----END PGP SIGNATURE-----