Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > January 2005 > Three Mandrake Security Advisories: 1. MDKSA-2005:009 - mpg123 2. MDKSA-2005:010 - playmidi 3. MDKSA-2005:011 - xine-lib

January 2005

Three Mandrake Security Advisories: 1. MDKSA-2005:009 - mpg123 2. MDKSA-2005:010 - playmidi 3. MDKSA-2005:011 - xine-lib

ID: 00056
Ref: 52/2005
Date: 24 January 2005:14:24:45
Version: 1
Title: Three Mandrake Security Advisories: 1. MDKSA-2005:009 - mpg123 2. MDKSA-2005:010 - playmidi 3. MDKSA-2005:011 - xine-lib
Abstract:
Vendors affected: Mandrake
Operating systems affected: Mandrake
Applications affected: Mandrake
Title
=====

Three Mandrake Security Advisories:

1. MDKSA-2005:009 - mpg123

2. MDKSA-2005:010 - playmidi

3. MDKSA-2005:011 - xine-lib

Detail
======

1. A vulnerability in mpg123's ability to parse frame headers in input
streams could allow a malicious file to exploit a buffer overflow and
execute arbitray code with the permissions of the user running mpg123.

2. Erik Sjolund discovered a buffer overflow in playmidi that could be
exploited by a local attacker if installed setuid root. Note that by
default Mandrakelinux does not ship playmidi installed setuid root.

3. iDefense discovered that the PNA_TAG handling code in pnm_get_chunk()
does not check if the input size is larger than the buffer size
(CAN-2004-1187). As well, they discovered that in this same function,
a negative value could be given to an unsigned variable that specifies
the read length of input data (CAN-2004-1188).

Ariel Berkman discovered that xine-lib reads specific input data into
an array without checking the input size making it vulnerable to a
buffer overflow problem (CAN-2004-1300).




1.



- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandrakelinux Security Update Advisory

Package name: mpg123
Advisory ID: MDKSA-2005:009
Date: January 19th, 2005

Affected versions: 10.0, 10.1, Corporate Server 2.1,
Corporate Server 3.0

Problem Description:

A vulnerability in mpg123's ability to parse frame headers in input
streams could allow a malicious file to exploit a buffer overflow and
execute arbitray code with the permissions of the user running mpg123.

The updated packages have been patched to prevent these problems.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0991
______________________________________________________________________

Updated Packages:

Mandrakelinux 10.0:
c6853d42d98e62393a7f819a2ffe3356 10.0/RPMS/mpg123-0.59r-22.2.100mdk.i586.rpm
a23d6bfb05fa6ac27067bc31428092eb 10.0/SRPMS/mpg123-0.59r-22.2.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
4ee7ef6a8d53837780ed7f2b03839673 amd64/10.0/RPMS/mpg123-0.59r-22.2.100mdk.amd64.rpm
a23d6bfb05fa6ac27067bc31428092eb amd64/10.0/SRPMS/mpg123-0.59r-22.2.100mdk.src.rpm

Mandrakelinux 10.1:
3f9c35756148f51b279631123545b75b 10.1/RPMS/mpg123-0.59r-22.2.101mdk.i586.rpm
4cf62de0ff365cd0e74c417f84b7730e 10.1/SRPMS/mpg123-0.59r-22.2.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
ee70a13d4ccfcf5f8fbd9ed778186647 x86_64/10.1/RPMS/mpg123-0.59r-22.2.101mdk.x86_64.rpm
4cf62de0ff365cd0e74c417f84b7730e x86_64/10.1/SRPMS/mpg123-0.59r-22.2.101mdk.src.rpm

Corporate Server 2.1:
b68e025bfc40ff120c63d77bed97270b corporate/2.1/RPMS/mpg123-0.59r-21.3.C21mdk.i586.rpm
437ddd9bda9615417690f737e9722990 corporate/2.1/SRPMS/mpg123-0.59r-21.3.C21mdk.src.rpm

Corporate Server 2.1/x86_64:
deb362353f3912ed0154847947c45543 x86_64/corporate/2.1/RPMS/mpg123-0.59r-21.3.C21mdk.x86_64.rpm
437ddd9bda9615417690f737e9722990 x86_64/corporate/2.1/SRPMS/mpg123-0.59r-21.3.C21mdk.src.rpm

Corporate Server 3.0:
2d5fd7533161e466ba3f3b1307be77d1 corporate/3.0/RPMS/mpg123-0.59r-22.2.C30mdk.i586.rpm
7aab2dce78c90489c8da66e715b61bf5 corporate/3.0/SRPMS/mpg123-0.59r-22.2.C30mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandrakesoft for security. You can obtain
the GPG public key of the Mandrakelinux Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandrakelinux at:

http://www.mandrakesoft.com/security/advisories

If you want to report vulnerabilities, please contact

security_linux-mandrake.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFB7tmAmqjQ0CJFipgRAuEqAKDFKx1MuA+ZM0+8jl5WaT2PE05iegCgrkKA
9Yf7Vi5oqoFrUwp9Ap2LzEg=
=Uamp
- -----END PGP SIGNATURE-----



2.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandrakelinux Security Update Advisory

Package name: playmidi
Advisory ID: MDKSA-2005:010
Date: January 19th, 2005

Affected versions: 10.0, 10.1, Corporate Server 3.0
______________________________________________________________________

Problem Description:

Erik Sjolund discovered a buffer overflow in playmidi that could be
exploited by a local attacker if installed setuid root. Note that by
default Mandrakelinux does not ship playmidi installed setuid root.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0020
______________________________________________________________________

Updated Packages:

Mandrakelinux 10.0:
11b39014c3c354c549f4b510d0e59ad5 10.0/RPMS/playmidi-2.5-3.1.100mdk.i586.rpm
930ad98832bc68b4f2d97cde16fbb589 10.0/RPMS/playmidi-X11-2.5-3.1.100mdk.i586.rpm
ac2bef9ddcba160bf52f9a883c759fdf 10.0/SRPMS/playmidi-2.5-3.1.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
629089b1281e17784bd3fc4d69d8424a amd64/10.0/RPMS/playmidi-2.5-3.1.100mdk.amd64.rpm
d8cf76271cfab47e597090400c32ca4a amd64/10.0/RPMS/playmidi-X11-2.5-3.1.100mdk.amd64.rpm
ac2bef9ddcba160bf52f9a883c759fdf amd64/10.0/SRPMS/playmidi-2.5-3.1.100mdk.src.rpm

Mandrakelinux 10.1:
1be61eeb85b0c916771fc5a834691835 10.1/RPMS/playmidi-2.5-3.1.101mdk.i586.rpm
e43429abba5378ab18d5d8cb1b61c345 10.1/RPMS/playmidi-X11-2.5-3.1.101mdk.i586.rpm
c1958aeb4fe6a620b43c90581c5cbef8 10.1/SRPMS/playmidi-2.5-3.1.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
acbe49ee3b86227a0757cd8ebf7b1d08 x86_64/10.1/RPMS/playmidi-2.5-3.1.101mdk.x86_64.rpm
3f1bd829359d1d5b26d879ca3ed20c8b x86_64/10.1/RPMS/playmidi-X11-2.5-3.1.101mdk.x86_64.rpm
c1958aeb4fe6a620b43c90581c5cbef8 x86_64/10.1/SRPMS/playmidi-2.5-3.1.101mdk.src.rpm

Corporate Server 3.0:
ee62926bf969895976b99bafb79d12a6 corporate/3.0/RPMS/playmidi-2.5-3.1.C30mdk.i586.rpm
983da3f98fd776bdeb484ce6228e8a8d corporate/3.0/RPMS/playmidi-X11-2.5-3.1.C30mdk.i586.rpm
70a3be81e9afce9341faf9ce61e7e60a corporate/3.0/SRPMS/playmidi-2.5-3.1.C30mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandrakesoft for security. You can obtain
the GPG public key of the Mandrakelinux Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandrakelinux at:

http://www.mandrakesoft.com/security/advisories

If you want to report vulnerabilities, please contact

security_linux-mandrake.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFB7tommqjQ0CJFipgRAoB5AKDsUDE/2fU6ZBO1B3cRNmFixIj5agCgiJEu
7hQjmvJKEWuufOC/JE6Z4uA=
=07V0
- -----END PGP SIGNATURE-----



3.



- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandrakelinux Security Update Advisory

Package name: xine-lib
Advisory ID: MDKSA-2005:011
Date: January 19th, 2005

Affected versions: 10.0, 10.1
______________________________________________________________________

Problem Description:

iDefense discovered that the PNA_TAG handling code in pnm_get_chunk()
does not check if the input size is larger than the buffer size
(CAN-2004-1187). As well, they discovered that in this same function,
a negative value could be given to an unsigned variable that specifies
the read length of input data (CAN-2004-1188).

Ariel Berkman discovered that xine-lib reads specific input data into
an array without checking the input size making it vulnerable to a
buffer overflow problem (CAN-2004-1300).

The updated packages have been patched to prevent these problems.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1188
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1300
http://xinehq.de/index.php/security/XSA-2004-6
http://xinehq.de/index.php/security/XSA-2004-7
______________________________________________________________________

Updated Packages:

Mandrakelinux 10.0:
04cf16b28902e4591e11ae72fd87d662 10.0/RPMS/libxine1-1-0.rc3.6.3.100mdk.i586.rpm
b4229121fb5e1c2e8e3150fb770d20b1 10.0/RPMS/libxine1-devel-1-0.rc3.6.3.100mdk.i586.rpm
dedf902f1106a5d2962169e0d384484b 10.0/RPMS/xine-aa-1-0.rc3.6.3.100mdk.i586.rpm
0e794be9dcbe0d7df7ac7023f90b9ce7 10.0/RPMS/xine-arts-1-0.rc3.6.3.100mdk.i586.rpm
e2129af73ff087513cf3e206b6243a22 10.0/RPMS/xine-dxr3-1-0.rc3.6.3.100mdk.i586.rpm
465023e0d347cc68e50cd18e7e035d7f 10.0/RPMS/xine-esd-1-0.rc3.6.3.100mdk.i586.rpm
3aba7156985636b52cf388ee65efa61a 10.0/RPMS/xine-flac-1-0.rc3.6.3.100mdk.i586.rpm
442d828c5c5c477fb4056eec27ac99ac 10.0/RPMS/xine-gnomevfs-1-0.rc3.6.3.100mdk.i586.rpm
73e2c9d0af08f7af594897963ad2acee 10.0/RPMS/xine-plugins-1-0.rc3.6.3.100mdk.i586.rpm
987634217ee50058b309ce153c0d71cd 10.0/SRPMS/xine-lib-1-0.rc3.6.3.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
66d763149801966fb38c9a07666eced3 amd64/10.0/RPMS/lib64xine1-1-0.rc3.6.3.100mdk.amd64.rpm
486eaa41ea24dc895ab68a7221efa641 amd64/10.0/RPMS/lib64xine1-devel-1-0.rc3.6.3.100mdk.amd64.rpm
5b454fdc3cc84ce2bd9aa8d4495971af amd64/10.0/RPMS/xine-aa-1-0.rc3.6.3.100mdk.amd64.rpm
f8a5ce8ccdb495f23c879a58dc4a005b amd64/10.0/RPMS/xine-arts-1-0.rc3.6.3.100mdk.amd64.rpm
aa3a3a29c478a444bbcb4fe7f48d217c amd64/10.0/RPMS/xine-esd-1-0.rc3.6.3.100mdk.amd64.rpm
051f953d91864f0609d55d9f5d13c545 amd64/10.0/RPMS/xine-flac-1-0.rc3.6.3.100mdk.amd64.rpm
7288d9764ff125053834cc3cbc56618b amd64/10.0/RPMS/xine-gnomevfs-1-0.rc3.6.3.100mdk.amd64.rpm
8c11dd4c0453b8236494df5e177985b0 amd64/10.0/RPMS/xine-plugins-1-0.rc3.6.3.100mdk.amd64.rpm
987634217ee50058b309ce153c0d71cd amd64/10.0/SRPMS/xine-lib-1-0.rc3.6.3.100mdk.src.rpm

Mandrakelinux 10.1:
dc10ced310a94ac2b1cdaa26d5065309 10.1/RPMS/libxine1-1-0.rc5.9.1.101mdk.i586.rpm
2ff06644e8ba40de686faea2870be099 10.1/RPMS/libxine1-devel-1-0.rc5.9.1.101mdk.i586.rpm
dab77c7bb2d958fb34fd07dd525b7026 10.1/RPMS/xine-aa-1-0.rc5.9.1.101mdk.i586.rpm
c0daf0f0835a0831251e725edb491d98 10.1/RPMS/xine-arts-1-0.rc5.9.1.101mdk.i586.rpm
a9d901fa51bd439c5e6b54fb799afcde 10.1/RPMS/xine-dxr3-1-0.rc5.9.1.101mdk.i586.rpm
6e2e9ac54916eb1409347968bddc0903 10.1/RPMS/xine-esd-1-0.rc5.9.1.101mdk.i586.rpm
954f717131a3079ea5dff56ab3a20a8e 10.1/RPMS/xine-flac-1-0.rc5.9.1.101mdk.i586.rpm
72a82036a27f6bed29412b81417603eb 10.1/RPMS/xine-gnomevfs-1-0.rc5.9.1.101mdk.i586.rpm
a76f9f553c97aa55fe4849225d7921a2 10.1/RPMS/xine-plugins-1-0.rc5.9.1.101mdk.i586.rpm
dab247b679d8cb6f7bdf06b71d5e54b8 10.1/SRPMS/xine-lib-1-0.rc5.9.1.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
5cfbd8787d4c8e0207437f048d5994a4 x86_64/10.1/RPMS/lib64xine1-1-0.rc5.9.1.101mdk.x86_64.rpm
8a4b9b26b8b58fd29477a6b260bd79c6 x86_64/10.1/RPMS/lib64xine1-devel-1-0.rc5.9.1.101mdk.x86_64.rpm
c2bc72cfbfe95f18a6ae0b18b98807c8 x86_64/10.1/RPMS/xine-aa-1-0.rc5.9.1.101mdk.x86_64.rpm
7f059dfbc7e445a255510c9a5a7338b7 x86_64/10.1/RPMS/xine-arts-1-0.rc5.9.1.101mdk.x86_64.rpm
53b293f453695e7104a1ae593f79608a x86_64/10.1/RPMS/xine-dxr3-1-0.rc5.9.1.101mdk.x86_64.rpm
6efb0ca6be7650e60961e13f479b117a x86_64/10.1/RPMS/xine-esd-1-0.rc5.9.1.101mdk.x86_64.rpm
4caa5c113d95773e4ca462b69bb17e76 x86_64/10.1/RPMS/xine-flac-1-0.rc5.9.1.101mdk.x86_64.rpm
ba0f5f739785622cac85034055fa7304 x86_64/10.1/RPMS/xine-gnomevfs-1-0.rc5.9.1.101mdk.x86_64.rpm
d3c1a9cca1ae3800d72f82486b26f0e1 x86_64/10.1/RPMS/xine-plugins-1-0.rc5.9.1.101mdk.x86_64.rpm
dab247b679d8cb6f7bdf06b71d5e54b8 x86_64/10.1/SRPMS/xine-lib-1-0.rc5.9.1.101mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandrakesoft for security. You can obtain
the GPG public key of the Mandrakelinux Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandrakelinux at:

http://www.mandrakesoft.com/security/advisories

If you want to report vulnerabilities, please contact

security_linux-mandrake.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFB7tremqjQ0CJFipgRAr0HAJ97WOzp9JCz/lQhgCvOi2yyRojHcACeOw+A
7Tq28VFsghjETZ2Mu2DVTLM=
=awHr
- -----END PGP SIGNATURE-----
  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |