Test Kennung:	1.3.6.1.4.1.25623.1.0.63999
Kategorie:	FreeBSD Local Security Checks
Titel:	FreeBSD Ports: libxine
Zusammenfassung:	The remote host is missing an update to the system; as announced in the referenced advisory.
Beschreibung:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following package is affected: libxine CVE-2009-0385 Integer signedness error in the fourxm_read_header function in libavformat/4xm.c in FFmpeg before revision 16846 allows remote attackers to execute arbitrary code via a malformed 4X movie file with a large current_track value, which triggers a NULL pointer dereference. CVE-2009-1274 Integer overflow in the qt_error parse_trak_atom function in demuxers/demux_qt.c in xine-lib 1.1.16.2 and earlier allows remote attackers to execute arbitrary code via a Quicktime movie file with a large count value in an STTS atom, which triggers a heap-based buffer overflow. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2009-0385 BugTraq ID: 33502 http://www.securityfocus.com/bid/33502 Bugtraq: 20090128 [TKADV2009-004] FFmpeg Type Conversion Vulnerability (Google Search) http://www.securityfocus.com/archive/1/500514/100/0/threaded Debian Security Information: DSA-1781 (Google Search) http://www.debian.org/security/2009/dsa-1781 Debian Security Information: DSA-1782 (Google Search) http://www.debian.org/security/2009/dsa-1782 https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00210.html https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00215.html http://security.gentoo.org/glsa/glsa-200903-33.xml http://www.mandriva.com/security/advisories?name=MDVSA-2009:297 http://www.trapkit.de/advisories/TKADV2009-004.txt http://osvdb.org/51643 http://secunia.com/advisories/33711 http://secunia.com/advisories/34296 http://secunia.com/advisories/34385 http://secunia.com/advisories/34712 http://secunia.com/advisories/34845 http://secunia.com/advisories/34905 http://www.ubuntu.com/usn/USN-734-1 http://www.vupen.com/english/advisories/2009/0277 XForce ISS Database: ffmpeg-fourxmreadheader-code-execution(48330) https://exchange.xforce.ibmcloud.com/vulnerabilities/48330 Common Vulnerability Exposure (CVE) ID: CVE-2009-1274 BugTraq ID: 34384 http://www.securityfocus.com/bid/34384 Bugtraq: 20090404 [TKADV2009-005] xine-lib Quicktime STTS Atom Integer Overflow (Google Search) http://www.securityfocus.com/archive/1/502481/100/0/threaded http://www.mandriva.com/security/advisories?name=MDVSA-2009:298 http://www.mandriva.com/security/advisories?name=MDVSA-2009:299 http://www.trapkit.de/advisories/TKADV2009-005.txt http://osvdb.org/53288 http://www.securitytracker.com/id?1021989 http://secunia.com/advisories/34593 http://secunia.com/advisories/35416 SuSE Security Announcement: SUSE-SR:2009:011 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html http://www.vupen.com/english/advisories/2009/0937 XForce ISS Database: xinelib-demuxqt-bo(49714) https://exchange.xforce.ibmcloud.com/vulnerabilities/49714
Copyright	Copyright (C) 2009 E-Soft Inc.

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.