exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2008-178

Mandriva Linux Security Advisory 2008-178
Posted Aug 22, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Alin Rad Pop found an array index vulnerability in the SDP parser of xine-lib. If a user or automated system were tricked into opening a malicious RTSP stream, a remote attacker could possibly execute arbitrary code with the privileges of the user using the program. The ASF demuxer in xine-lib did not properly check the length of ASF headers. If a user was tricked into opening a crafted ASF file, a remote attacker could possibly cause a denial of service or execute arbitrary code with the privileges of the user using the program. The Matroska demuxer in xine-lib did not properly verify frame sizes, which could possibly lead to the execution of arbitrary code if a user opened a crafted ASF file. Luigi Auriemma found multiple integer overflows in xine-lib. If a user was tricked into opening a crafted FLV, MOV, RM, MVE, MKV, or CAK file, a remote attacker could possibly execute arbitrary code with the privileges of the user using the program. Guido Landi found A stack-based buffer overflow in xine-lib that could allow a remote attacker to cause a denial of service (crash) and potentially execute arbitrary code via a long NSF title. The updated packages have been patched to correct this issue.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2008-0073, CVE-2008-1110, CVE-2008-1161, CVE-2008-1482, CVE-2008-1878
SHA-256 | cc1af7aa9af190d5e08578ee557ea3356fcedf52d35bb1e99c652fdbdc04649d

Mandriva Linux Security Advisory 2008-178

Change Mirror Download

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2008:178
http://www.mandriva.com/security/
_______________________________________________________________________

Package : xine-lib
Date : August 20, 2008
Affected: 2008.0
_______________________________________________________________________

Problem Description:

Alin Rad Pop found an array index vulnerability in the SDP parser
of xine-lib. If a user or automated system were tricked into opening
a malicious RTSP stream, a remote attacker could possibly execute
arbitrary code with the privileges of the user using the program
(CVE-2008-0073).

The ASF demuxer in xine-lib did not properly check the length of
ASF headers. If a user was tricked into opening a crafted ASF file,
a remote attacker could possibly cause a denial of service or execute
arbitrary code with the privileges of the user using the program
(CVE-2008-1110).

The Matroska demuxer in xine-lib did not properly verify frame sizes,
which could possibly lead to the execution of arbitrary code if a
user opened a crafted ASF file (CVE-2008-1161).

Luigi Auriemma found multiple integer overflows in xine-lib. If a
user was tricked into opening a crafted FLV, MOV, RM, MVE, MKV, or
CAK file, a remote attacker could possibly execute arbitrary code
with the privileges of the user using the program (CVE-2008-1482).

Guido Landi found A stack-based buffer overflow in xine-lib
that could allow a remote attacker to cause a denial of service
(crash) and potentially execute arbitrary code via a long NSF title
(CVE-2008-1878).

The updated packages have been patched to correct this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0073
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1110
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1161
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1482
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1878
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2008.0:
6aa7eae08e4878a56216c21d2895d38a 2008.0/i586/libxine1-1.1.8-4.7mdv2008.0.i586.rpm
e7f1553bf63778f25d9fbf730d5b120c 2008.0/i586/libxine-devel-1.1.8-4.7mdv2008.0.i586.rpm
75e68e91207e014f287b93cdd664a073 2008.0/i586/xine-aa-1.1.8-4.7mdv2008.0.i586.rpm
accb9c34f5046451b66142bdd6a21706 2008.0/i586/xine-caca-1.1.8-4.7mdv2008.0.i586.rpm
0e4198ff66564f160945bd8a73932482 2008.0/i586/xine-dxr3-1.1.8-4.7mdv2008.0.i586.rpm
44853bc05ede93786675969cdfd2b009 2008.0/i586/xine-esd-1.1.8-4.7mdv2008.0.i586.rpm
833f7be8ad722fde7dcae24633914556 2008.0/i586/xine-flac-1.1.8-4.7mdv2008.0.i586.rpm
ee032b270eb9bd4a639ed9f011be8965 2008.0/i586/xine-gnomevfs-1.1.8-4.7mdv2008.0.i586.rpm
cc9adb7d0af33e3b8bcc067c6c62d57d 2008.0/i586/xine-image-1.1.8-4.7mdv2008.0.i586.rpm
020e8b3d47d6e1d29fa0ec4d48d6c6fd 2008.0/i586/xine-jack-1.1.8-4.7mdv2008.0.i586.rpm
e927b440649d60abc0ab86dbba263af9 2008.0/i586/xine-plugins-1.1.8-4.7mdv2008.0.i586.rpm
613c9490440b26a3734a447b73bddf67 2008.0/i586/xine-pulse-1.1.8-4.7mdv2008.0.i586.rpm
ca31b8372982abf3ca3736116e91435f 2008.0/i586/xine-sdl-1.1.8-4.7mdv2008.0.i586.rpm
3d7cdb0be5abf9432dcfa6b69decec9c 2008.0/i586/xine-smb-1.1.8-4.7mdv2008.0.i586.rpm
36aea6a4873e1f868ddf08c4d7eefe02 2008.0/SRPMS/xine-lib-1.1.8-4.7mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:
1f58d28dfaa98b7eccf058752e41631c 2008.0/x86_64/lib64xine1-1.1.8-4.7mdv2008.0.x86_64.rpm
150013536fe38899fcdad61c704cab5c 2008.0/x86_64/lib64xine-devel-1.1.8-4.7mdv2008.0.x86_64.rpm
67471aea2b6f46ae6850199b85f1bba0 2008.0/x86_64/xine-aa-1.1.8-4.7mdv2008.0.x86_64.rpm
b2178ce163ff3351685f7b94bef06069 2008.0/x86_64/xine-caca-1.1.8-4.7mdv2008.0.x86_64.rpm
fdda01f542e4ecdfd51d2fc695eae8ca 2008.0/x86_64/xine-dxr3-1.1.8-4.7mdv2008.0.x86_64.rpm
03faa97b40b0eb24c5934b1764378324 2008.0/x86_64/xine-esd-1.1.8-4.7mdv2008.0.x86_64.rpm
4af8a886dbbb412b3c3820d354f889f2 2008.0/x86_64/xine-flac-1.1.8-4.7mdv2008.0.x86_64.rpm
ce33c99a46cba4ac745af5d5b4bb399d 2008.0/x86_64/xine-gnomevfs-1.1.8-4.7mdv2008.0.x86_64.rpm
512b93a5a0c602358c911f07dffcdae1 2008.0/x86_64/xine-image-1.1.8-4.7mdv2008.0.x86_64.rpm
6c8233325169f39d9d753abd604a4bcf 2008.0/x86_64/xine-jack-1.1.8-4.7mdv2008.0.x86_64.rpm
5a0afda6905461d13a21ac7fd8b27eee 2008.0/x86_64/xine-plugins-1.1.8-4.7mdv2008.0.x86_64.rpm
66cf6873a4013533e7bb2ef664ae9830 2008.0/x86_64/xine-pulse-1.1.8-4.7mdv2008.0.x86_64.rpm
8166bc1bc60957cabfc2038adf10f4df 2008.0/x86_64/xine-sdl-1.1.8-4.7mdv2008.0.x86_64.rpm
6f5708f3d355a95b307158996d28bfea 2008.0/x86_64/xine-smb-1.1.8-4.7mdv2008.0.x86_64.rpm
36aea6a4873e1f868ddf08c4d7eefe02 2008.0/SRPMS/xine-lib-1.1.8-4.7mdv2008.0.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFIrNO7mqjQ0CJFipgRAh9LAKDa9dFv2EbViWSeaRMGAgCLvuQgnwCdFaTZ
hdkD/jCzs0mcRZEISstBXwk=
=9Hc3
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close