FreeBSD Local Security Checks : FreeBSD Ports: libxine

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.60533

Categoría: FreeBSD Local Security Checks

Título: FreeBSD Ports: libxine

Resumen: The remote host is missing an update to the system; as announced in the referenced advisory.

Descripción: Summary:
The remote host is missing an update to the system
as announced in the referenced advisory.

Vulnerability Insight:
The following package is affected: libxine

CVE-2008-0486
Array index vulnerability in libmpdemux/demux_audio.c in MPlayer
1.0rc2 and SVN before r25917, and possibly earlier versions, as used
in Xine-lib 1.1.10, might allow remote attackers to execute arbitrary
code via a crafted FLAC tag, which triggers a buffer overflow.

Solution:
Update your system with the appropriate patches or
software upgrades.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2008-0486
BugTraq ID: 27441
http://www.securityfocus.com/bid/27441
Bugtraq: 20080204 CORE-2007-1218: MPlayer 1.0rc2 buffer overflow vulnerability (Google Search)
http://www.securityfocus.com/archive/1/487501/100/0/threaded
Debian Security Information: DSA-1496 (Google Search)
http://www.debian.org/security/2008/dsa-1496
Debian Security Information: DSA-1536 (Google Search)
http://www.debian.org/security/2008/dsa-1536
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00395.html
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00442.html
http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060033.html
http://security.gentoo.org/glsa/glsa-200802-12.xml
http://security.gentoo.org/glsa/glsa-200803-16.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2008:045
http://www.mandriva.com/security/advisories?name=MDVSA-2008:046
http://www.coresecurity.com/?action=item&id=2103
http://secunia.com/advisories/28779
http://secunia.com/advisories/28801
http://secunia.com/advisories/28918
http://secunia.com/advisories/28955
http://secunia.com/advisories/28956
http://secunia.com/advisories/28989
http://secunia.com/advisories/29141
http://secunia.com/advisories/29307
http://secunia.com/advisories/29323
http://secunia.com/advisories/29601
http://secunia.com/advisories/31393
http://securityreason.com/securityalert/3608
SuSE Security Announcement: SUSE-SR:2008:006 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html
http://www.ubuntu.com/usn/usn-635-1
http://www.vupen.com/english/advisories/2008/0406/references
http://www.vupen.com/english/advisories/2008/0421

Copyright Copyright (C) 2008 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.60533
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Ports: libxine
Resumen:	The remote host is missing an update to the system; as announced in the referenced advisory.
Descripción:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following package is affected: libxine CVE-2008-0486 Array index vulnerability in libmpdemux/demux_audio.c in MPlayer 1.0rc2 and SVN before r25917, and possibly earlier versions, as used in Xine-lib 1.1.10, might allow remote attackers to execute arbitrary code via a crafted FLAC tag, which triggers a buffer overflow. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-0486 BugTraq ID: 27441 http://www.securityfocus.com/bid/27441 Bugtraq: 20080204 CORE-2007-1218: MPlayer 1.0rc2 buffer overflow vulnerability (Google Search) http://www.securityfocus.com/archive/1/487501/100/0/threaded Debian Security Information: DSA-1496 (Google Search) http://www.debian.org/security/2008/dsa-1496 Debian Security Information: DSA-1536 (Google Search) http://www.debian.org/security/2008/dsa-1536 https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00395.html https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00442.html http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060033.html http://security.gentoo.org/glsa/glsa-200802-12.xml http://security.gentoo.org/glsa/glsa-200803-16.xml http://www.mandriva.com/security/advisories?name=MDVSA-2008:045 http://www.mandriva.com/security/advisories?name=MDVSA-2008:046 http://www.coresecurity.com/?action=item&id=2103 http://secunia.com/advisories/28779 http://secunia.com/advisories/28801 http://secunia.com/advisories/28918 http://secunia.com/advisories/28955 http://secunia.com/advisories/28956 http://secunia.com/advisories/28989 http://secunia.com/advisories/29141 http://secunia.com/advisories/29307 http://secunia.com/advisories/29323 http://secunia.com/advisories/29601 http://secunia.com/advisories/31393 http://securityreason.com/securityalert/3608 SuSE Security Announcement: SUSE-SR:2008:006 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html http://www.ubuntu.com/usn/usn-635-1 http://www.vupen.com/english/advisories/2008/0406/references http://www.vupen.com/english/advisories/2008/0421
Copyright	Copyright (C) 2008 E-Soft Inc.