ID de Prueba:	1.3.6.1.4.1.25623.1.0.60402
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDVSA-2008:046-1 (xine-lib)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to xine-lib announced via advisory MDVSA-2008:046-1. An array index vulnerability found in the FLAC audio demuxer might allow remote attackers to execute arbitrary code via a crafted FLAC tag, which triggers a buffer overflow. Although originally an MPlayer issue, it also affects xine-lib due to code similarity. The updated packages have been patched to prevent this issue. Update: The previous update used a bad patch which made Amarok interface very unresponsive while playing FLAC files. This new update fixes the security issue with a better patch. Affected: 2007.1, 2008.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2008:046-1 http://qa.mandriva.com/show_bug.cgi?id=37846 Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-0486 BugTraq ID: 27441 http://www.securityfocus.com/bid/27441 Bugtraq: 20080204 CORE-2007-1218: MPlayer 1.0rc2 buffer overflow vulnerability (Google Search) http://www.securityfocus.com/archive/1/487501/100/0/threaded Debian Security Information: DSA-1496 (Google Search) http://www.debian.org/security/2008/dsa-1496 Debian Security Information: DSA-1536 (Google Search) http://www.debian.org/security/2008/dsa-1536 https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00395.html https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00442.html http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060033.html http://security.gentoo.org/glsa/glsa-200802-12.xml http://security.gentoo.org/glsa/glsa-200803-16.xml http://www.mandriva.com/security/advisories?name=MDVSA-2008:045 http://www.mandriva.com/security/advisories?name=MDVSA-2008:046 http://www.coresecurity.com/?action=item&id=2103 http://secunia.com/advisories/28779 http://secunia.com/advisories/28801 http://secunia.com/advisories/28918 http://secunia.com/advisories/28955 http://secunia.com/advisories/28956 http://secunia.com/advisories/28989 http://secunia.com/advisories/29141 http://secunia.com/advisories/29307 http://secunia.com/advisories/29323 http://secunia.com/advisories/29601 http://secunia.com/advisories/31393 http://securityreason.com/securityalert/3608 SuSE Security Announcement: SUSE-SR:2008:006 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html http://www.ubuntu.com/usn/usn-635-1 http://www.vupen.com/english/advisories/2008/0406/references http://www.vupen.com/english/advisories/2008/0421
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.