CVE-2005-1195

Common Vulnerabilities and Exposures

Upstream information

CVE-2005-1195 at MITRE

Description

Multiple heap-based buffer overflows in the code used to handle (1) MMS over TCP (MMST) streams or (2) RealMedia RTSP streams in xine-lib before 1.0, and other products that use xine-lib such as MPlayer 1.0pre6 and earlier, allow remote malicious servers to execute arbitrary code.

Novell/SUSE information

Novell Bugzilla entry: 78960, 80217

SUSE Security Advisories:

SUSE-SR:2005:012, published Fri, 29 Apr 2005 14:00:00 +0000
SUSE-SR:2005:013, published Wed, 18 May 2005 15:00:00 +0000

List of released packages

Product(s)	Fixed package version(s)	References
SLES SDK 9 for IPF	`xine-lib >= 0.99.rc3a-106.21` `xine-lib-x86 >= 9-200504222050`	core9.s390 core9.ppc core9.ia64 core9.s390x core9.x86 core9.x86-64 YOU Patch Nr: 10026
SLES SDK 9 for IBM iSeries and IBM pSeries	`xine-lib >= 0.99.rc3a-106.21` `xine-lib-64bit >= 9-200504222125`	core9.s390 core9.ppc core9.ia64 core9.s390x core9.x86 core9.x86-64 YOU Patch Nr: 10026
Novell Linux Desktop 9 for x86 Novell Linux Desktop 9 for x86_64 SLES SDK 9 for IBM S/390 and IBM zSeries SLES SDK 9 for x86	`xine-lib >= 0.99.rc3a-106.21`	core9.s390 core9.ppc core9.ia64 core9.s390x core9.x86 core9.x86-64 YOU Patch Nr: 10026
SLES SDK 9 for IBM zSeries	`xine-lib >= 0.99.rc3a-106.21` `xine-lib-32bit >= 9-200504222208`	core9.s390 core9.ppc core9.ia64 core9.s390x core9.x86 core9.x86-64 YOU Patch Nr: 10026
SLES SDK 9 for X86-64	`xine-lib >= 0.99.rc3a-106.21` `xine-lib-32bit >= 9-200504222104`	core9.s390 core9.ppc core9.ia64 core9.s390x core9.x86 core9.x86-64 YOU Patch Nr: 10026
SuSE Linux Desktop 1.0	`MPlayer >= 0.90rc4-266`	Builds

Products

Products By Category

Collaboration

Endpoint Management

File & Networking Services

Services & Support

Help Yourself

Let Us Help

Download

IT Consulting

Technical Training

Customer Center

Contribute

Partners

Partner With Novell

PartnerNet

Find a Partner

Developers

Communities

About Novell

How to Buy