Paketname
xine-lib
Datum
2008-08-20
Advisory ID
MDVSA-2008:178
Betroffene Versionen
2008.0 i586 , 2008.0 x86_64

Problembeschreibung

Alin Rad Pop found an array index vulnerability in the SDP parser
of xine-lib. If a user or automated system were tricked into opening
a malicious RTSP stream, a remote attacker could possibly execute
arbitrary code with the privileges of the user using the program
(CVE-2008-0073).

The ASF demuxer in xine-lib did not properly check the length of
ASF headers. If a user was tricked into opening a crafted ASF file,
a remote attacker could possibly cause a denial of service or execute
arbitrary code with the privileges of the user using the program
(CVE-2008-1110).

The Matroska demuxer in xine-lib did not properly verify frame sizes,
which could possibly lead to the execution of arbitrary code if a
user opened a crafted ASF file (CVE-2008-1161).

Luigi Auriemma found multiple integer overflows in xine-lib. If a
user was tricked into opening a crafted FLV, MOV, RM, MVE, MKV, or
CAK file, a remote attacker could possibly execute arbitrary code
with the privileges of the user using the program (CVE-2008-1482).

Guido Landi found A stack-based buffer overflow in xine-lib
that could allow a remote attacker to cause a denial of service
(crash) and potentially execute arbitrary code via a long NSF title
(CVE-2008-1878).

The updated packages have been patched to correct this issue.

Aktualisierte Pakete

2008.0 i586

 6aa7eae08e4878a56216c21d2895d38a  2008.0/i586/libxine1-1.1.8-4.7mdv2008.0.i586.rpm
 e7f1553bf63778f25d9fbf730d5b120c  2008.0/i586/libxine-devel-1.1.8-4.7mdv2008.0.i586.rpm
 75e68e91207e014f287b93cdd664a073  2008.0/i586/xine-aa-1.1.8-4.7mdv2008.0.i586.rpm
 accb9c34f5046451b66142bdd6a21706  2008.0/i586/xine-caca-1.1.8-4.7mdv2008.0.i586.rpm
 0e4198ff66564f160945bd8a73932482  2008.0/i586/xine-dxr3-1.1.8-4.7mdv2008.0.i586.rpm
 44853bc05ede93786675969cdfd2b009  2008.0/i586/xine-esd-1.1.8-4.7mdv2008.0.i586.rpm
 833f7be8ad722fde7dcae24633914556  2008.0/i586/xine-flac-1.1.8-4.7mdv2008.0.i586.rpm
 ee032b270eb9bd4a639ed9f011be8965  2008.0/i586/xine-gnomevfs-1.1.8-4.7mdv2008.0.i586.rpm
 cc9adb7d0af33e3b8bcc067c6c62d57d  2008.0/i586/xine-image-1.1.8-4.7mdv2008.0.i586.rpm
 020e8b3d47d6e1d29fa0ec4d48d6c6fd  2008.0/i586/xine-jack-1.1.8-4.7mdv2008.0.i586.rpm
 e927b440649d60abc0ab86dbba263af9  2008.0/i586/xine-plugins-1.1.8-4.7mdv2008.0.i586.rpm
 613c9490440b26a3734a447b73bddf67  2008.0/i586/xine-pulse-1.1.8-4.7mdv2008.0.i586.rpm
 ca31b8372982abf3ca3736116e91435f  2008.0/i586/xine-sdl-1.1.8-4.7mdv2008.0.i586.rpm
 3d7cdb0be5abf9432dcfa6b69decec9c  2008.0/i586/xine-smb-1.1.8-4.7mdv2008.0.i586.rpm 
 36aea6a4873e1f868ddf08c4d7eefe02  2008.0/SRPMS/xine-lib-1.1.8-4.7mdv2008.0.src.rpm

2008.0 x86_64

 1f58d28dfaa98b7eccf058752e41631c  2008.0/x86_64/lib64xine1-1.1.8-4.7mdv2008.0.x86_64.rpm
 150013536fe38899fcdad61c704cab5c  2008.0/x86_64/lib64xine-devel-1.1.8-4.7mdv2008.0.x86_64.rpm
 67471aea2b6f46ae6850199b85f1bba0  2008.0/x86_64/xine-aa-1.1.8-4.7mdv2008.0.x86_64.rpm
 b2178ce163ff3351685f7b94bef06069  2008.0/x86_64/xine-caca-1.1.8-4.7mdv2008.0.x86_64.rpm
 fdda01f542e4ecdfd51d2fc695eae8ca  2008.0/x86_64/xine-dxr3-1.1.8-4.7mdv2008.0.x86_64.rpm
 03faa97b40b0eb24c5934b1764378324  2008.0/x86_64/xine-esd-1.1.8-4.7mdv2008.0.x86_64.rpm
 4af8a886dbbb412b3c3820d354f889f2  2008.0/x86_64/xine-flac-1.1.8-4.7mdv2008.0.x86_64.rpm
 ce33c99a46cba4ac745af5d5b4bb399d  2008.0/x86_64/xine-gnomevfs-1.1.8-4.7mdv2008.0.x86_64.rpm
 512b93a5a0c602358c911f07dffcdae1  2008.0/x86_64/xine-image-1.1.8-4.7mdv2008.0.x86_64.rpm
 6c8233325169f39d9d753abd604a4bcf  2008.0/x86_64/xine-jack-1.1.8-4.7mdv2008.0.x86_64.rpm
 5a0afda6905461d13a21ac7fd8b27eee  2008.0/x86_64/xine-plugins-1.1.8-4.7mdv2008.0.x86_64.rpm
 66cf6873a4013533e7bb2ef664ae9830  2008.0/x86_64/xine-pulse-1.1.8-4.7mdv2008.0.x86_64.rpm
 8166bc1bc60957cabfc2038adf10f4df  2008.0/x86_64/xine-sdl-1.1.8-4.7mdv2008.0.x86_64.rpm
 6f5708f3d355a95b307158996d28bfea  2008.0/x86_64/xine-smb-1.1.8-4.7mdv2008.0.x86_64.rpm 
 36aea6a4873e1f868ddf08c4d7eefe02  2008.0/SRPMS/xine-lib-1.1.8-4.7mdv2008.0.src.rpm

Referenzen