ID de Prueba:	1.3.6.1.4.1.25623.1.0.59669
Categoría:	Turbolinux Local Security Tests
Título:	Turbolinux TLSA-2007-33 (xine-lib)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to xine-lib announced via advisory TLSA-2007-33. The xine engine is a free media player engine. It comes in the form of a shared libarary and is typically used by media player frontends and other multimedia applications for playback of multimedia streams such as movies, radio/tv network streams, DVDs, VCDs. Remote attackers to cause a buffer overflow. The DirectShow loader and DMO_VideoDecoder_Open in MPlayer 1.0rc1 used in xine-lib, does not set the biSize before use in a memcpy, which allows user-assisted remote attackers to cause a buffer overflow and possibly execute arbitrary code. Solution: Please use the turbopkg (zabom) tool to apply the update. http://www.securityspace.com/smysecure/catid.html?in=TLSA-2007-33 Risk factor : High CVSS Score: 7.6
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2007-1246 BugTraq ID: 22771 http://www.securityfocus.com/bid/22771 Bugtraq: 20070423 FLEA-2007-0013-1: xine-lib (Google Search) http://www.securityfocus.com/archive/1/466691/30/6900/threaded Debian Security Information: DSA-1536 (Google Search) http://www.debian.org/security/2008/dsa-1536 http://lists.grok.org.uk/pipermail/full-disclosure/2007-March/052738.html http://security.gentoo.org/glsa/glsa-200704-09.xml http://security.gentoo.org/glsa/glsa-200705-21.xml http://www.mandriva.com/security/advisories?name=MDKSA-2007:055 http://www.mandriva.com/security/advisories?name=MDKSA-2007:057 http://svn.mplayerhq.hu/mplayer/trunk/loader/dmo/DMO_VideoDecoder.c?r1=22019&r2=22204 http://secunia.com/advisories/24443 http://secunia.com/advisories/24444 http://secunia.com/advisories/24446 http://secunia.com/advisories/24448 http://secunia.com/advisories/24462 http://secunia.com/advisories/24866 http://secunia.com/advisories/24897 http://secunia.com/advisories/24995 http://secunia.com/advisories/25462 http://secunia.com/advisories/29601 http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.449141 SuSE Security Announcement: SUSE-SR:2007:005 (Google Search) http://www.novell.com/linux/security/advisories/2007_5_sr.html SuSE Security Announcement: SUSE-SR:2007:007 (Google Search) http://www.novell.com/linux/security/advisories/2007_007_suse.html http://www.ubuntu.com/usn/usn-433-1 http://www.vupen.com/english/advisories/2007/0794 XForce ISS Database: mplayer-dmovideodecoder-bo(32747) https://exchange.xforce.ibmcloud.com/vulnerabilities/32747 Common Vulnerability Exposure (CVE) ID: CVE-2007-1387 BugTraq ID: 22933 http://www.securityfocus.com/bid/22933 http://www.mandriva.com/security/advisories?name=MDKSA-2007:061 http://www.mandriva.com/security/advisories?name=MDKSA-2007:062 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=414072;msg=12;filename=DS_VideoDecoder.c---SVN--22205.patch;att=1 https://usn.ubuntu.com/435-1/
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.