Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.66401
Category:Mandrake Local Security Checks
Title:Mandriva Security Advisory MDVSA-2009:319 (xine-lib)
Summary:NOSUMMARY
Description:Description:
The remote host is missing an update to xine-lib
announced via advisory MDVSA-2009:319.

Vulnerabilities have been discovered and corrected in xine-lib:

Failure on Ogg files manipulation can lead remote attackers to cause
a denial of service by using crafted files (CVE-2008-3231).

Failure on manipulation of either MNG or Real or MOD files can lead
remote attackers to cause a denial of service by using crafted files
(CVE: CVE-2008-5233).

Heap-based overflow allows remote attackers to execute arbitrary
code by using Quicktime media files holding crafted metadata
(CVE-2008-5234).

Heap-based overflow allows remote attackers to execute arbitrary code
by using either crafted Matroska or Real media files (CVE-2008-5236).

Failure on manipulation of either MNG or Quicktime files can lead
remote attackers to cause a denial of service by using crafted files
(CVE-2008-5237).

Multiple heap-based overflow on input plugins (http, net, smb, dvd,
dvb, rtsp, rtp, pvr, pnm, file, gnome_vfs, mms) allow attackers to
execute arbitrary code by handling that input channels. Further
this problem can even lead attackers to cause denial of service
(CVE-2008-5239).

Heap-based overflow allows attackers to execute arbitrary code by using
crafted Matroska media files (MATROSKA_ID_TR_CODECPRIVATE track entry
element). Further a failure on handling of Real media files (CONT_TAG
header) can lead to a denial of service attack (CVE-2008-5240).

Integer underflow allows remote attackers to cause denial of service
by using Quicktime media files (CVE-2008-5241).

Failure on manipulation of Real media files can lead remote attackers
to cause a denial of service by indexing an allocated buffer with a
certain input value in a crafted file (CVE-2008-5243).

Vulnerabilities of unknown impact - possibly buffer overflow - caused
by a condition of video frame preallocation before ascertaining the
required length in V4L video input plugin (CVE-2008-5245).

Heap-based overflow allows remote attackers to execute arbitrary
code by using crafted media files. This vulnerability is in the
manipulation of ID3 audio file data tagging mainly used in MP3 file
formats (CVE-2008-5246).

Integer overflow in the qt_error parse_trak_atom function in
demuxers/demux_qt.c in xine-lib 1.1.16.2 and earlier allows remote
attackers to execute arbitrary code via a Quicktime movie file with a
large count value in an STTS atom, which triggers a heap-based buffer
overflow (CVE-2009-1274)

Integer overflow in the 4xm demuxer (demuxers/demux_4xm.c) in xine-lib
1.1.16.1 allows remote attackers to cause a denial of service (crash)
and possibly execute arbitrary code via a 4X movie file with a large
current_track value, a similar issue to CVE-2009-0385 (CVE-2009-0698)

Packages for 2008.0 are being provided due to extended support for
Corporate products.

This update fixes these issues.

Affected: 2008.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:319

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2008-3231
BugTraq ID: 30699
http://www.securityfocus.com/bid/30699
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:020
http://www.openwall.com/lists/oss-security/2008/07/13/3
http://www.securitytracker.com/id?1020703
http://secunia.com/advisories/31827
SuSE Security Announcement: SUSE-SR:2009:004 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
http://www.vupen.com/english/advisories/2008/2382
XForce ISS Database: xine-ogg-dos(44040)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44040
Common Vulnerability Exposure (CVE) ID: CVE-2008-5233
BugTraq ID: 30797
http://www.securityfocus.com/bid/30797
Bugtraq: 20080822 [oCERT-2008-008] multiple heap overflows in xine-lib (Google Search)
http://www.securityfocus.com/archive/1/495674/100/0/threaded
http://www.ocert.org/analysis/2008-008/analysis.txt
http://www.osvdb.org/47747
http://securitytracker.com/id?1020703
http://securityreason.com/securityalert/4648
XForce ISS Database: xinelib-mymngprocessheader-bo(44648)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44648
XForce ISS Database: xinelib-openmodfile-bo(44649)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44649
XForce ISS Database: xinelib-realparseaudiospecificdata-bo(44639)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44639
Common Vulnerability Exposure (CVE) ID: CVE-2008-5234
https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00555.html
http://secunia.com/advisories/31502
http://secunia.com/advisories/33544
XForce ISS Database: xinelib-id3v23interpframe-bo(44647)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44647
XForce ISS Database: xinelib-parsemoovatom-bo(44633)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44633
Common Vulnerability Exposure (CVE) ID: CVE-2008-5236
http://sourceforge.net/project/shownotes.php?release_id=619869
http://www.osvdb.org/47744
http://secunia.com/advisories/31567
http://www.vupen.com/english/advisories/2008/2427
XForce ISS Database: xinelib-openrafile-bo(44642)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44642
XForce ISS Database: xinelib-parseblockgroup-bo(44634)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44634
Common Vulnerability Exposure (CVE) ID: CVE-2008-5237
XForce ISS Database: xinelib-parsereferenceatom-dos(44652)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44652
Common Vulnerability Exposure (CVE) ID: CVE-2008-5239
XForce ISS Database: xinelib-multiple-inputplugin-bo(44651)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44651
Common Vulnerability Exposure (CVE) ID: CVE-2008-5240
http://www.osvdb.org/47742
XForce ISS Database: xinelib-demuxmatroska-dos(44653)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44653
Common Vulnerability Exposure (CVE) ID: CVE-2008-5241
XForce ISS Database: xinelib-demuxqtc-cmovatom-dos(44656)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44656
Common Vulnerability Exposure (CVE) ID: CVE-2008-5243
XForce ISS Database: xinelib-realparseheader-dos(44658)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44658
Common Vulnerability Exposure (CVE) ID: CVE-2008-5245
BugTraq ID: 30698
http://www.securityfocus.com/bid/30698
XForce ISS Database: xinelib-openvideocapturedevice-bo(44470)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44470
Common Vulnerability Exposure (CVE) ID: CVE-2008-5246
http://osvdb.org/47677
XForce ISS Database: xinelib-srcdemuxersid3-bo(44468)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44468
Common Vulnerability Exposure (CVE) ID: CVE-2009-1274
BugTraq ID: 34384
http://www.securityfocus.com/bid/34384
Bugtraq: 20090404 [TKADV2009-005] xine-lib Quicktime STTS Atom Integer Overflow (Google Search)
http://www.securityfocus.com/archive/1/502481/100/0/threaded
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00210.html
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00215.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:298
http://www.mandriva.com/security/advisories?name=MDVSA-2009:299
http://www.trapkit.de/advisories/TKADV2009-005.txt
http://osvdb.org/53288
http://www.securitytracker.com/id?1021989
http://secunia.com/advisories/34593
http://secunia.com/advisories/34712
http://secunia.com/advisories/35416
SuSE Security Announcement: SUSE-SR:2009:011 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html
http://www.vupen.com/english/advisories/2009/0937
XForce ISS Database: xinelib-demuxqt-bo(49714)
https://exchange.xforce.ibmcloud.com/vulnerabilities/49714
Common Vulnerability Exposure (CVE) ID: CVE-2009-0385
BugTraq ID: 33502
http://www.securityfocus.com/bid/33502
Bugtraq: 20090128 [TKADV2009-004] FFmpeg Type Conversion Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/500514/100/0/threaded
Debian Security Information: DSA-1781 (Google Search)
http://www.debian.org/security/2009/dsa-1781
Debian Security Information: DSA-1782 (Google Search)
http://www.debian.org/security/2009/dsa-1782
http://security.gentoo.org/glsa/glsa-200903-33.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2009:297
http://www.trapkit.de/advisories/TKADV2009-004.txt
http://osvdb.org/51643
http://secunia.com/advisories/33711
http://secunia.com/advisories/34296
http://secunia.com/advisories/34385
http://secunia.com/advisories/34845
http://secunia.com/advisories/34905
http://www.ubuntu.com/usn/USN-734-1
http://www.vupen.com/english/advisories/2009/0277
XForce ISS Database: ffmpeg-fourxmreadheader-code-execution(48330)
https://exchange.xforce.ibmcloud.com/vulnerabilities/48330
Common Vulnerability Exposure (CVE) ID: CVE-2009-0698
SuSE Security Announcement: SUSE-SR:2009:009 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html
http://www.ubuntu.com/usn/USN-746-1
XForce ISS Database: xinelib-4xmdemuxer-code-execution(48954)
https://exchange.xforce.ibmcloud.com/vulnerabilities/48954
CopyrightCopyright (c) 2009 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.