Mandrake Local Security Checks : Mandriva Security Advisory MDVSA-2009:298 (xine-lib)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.66245

Categoría: Mandrake Local Security Checks

Título: Mandriva Security Advisory MDVSA-2009:298 (xine-lib)

Resumen: The remote host is missing an update to xine-lib;announced via advisory MDVSA-2009:298.

Descripción: Summary:
The remote host is missing an update to xine-lib
announced via advisory MDVSA-2009:298.

Vulnerability Insight:
Vulnerabilities have been discovered and corrected in xine-lib:

- xine-lib before 1.1.15 allows remote attackers to cause a denial
of service (crash) via mp3 files with metadata consisting only of
separators (CVE-2008-5248)

- Integer overflow in the qt_error parse_trak_atom function in
demuxers/demux_qt.c in xine-lib 1.1.16.2 and earlier allows remote
attackers to execute arbitrary code via a Quicktime movie file with a
large count value in an STTS atom, which triggers a heap-based buffer
overflow (CVE-2009-1274)

- Integer overflow in the 4xm demuxer (demuxers/demux_4xm.c)
in xine-lib 1.1.16.1 allows remote attackers to cause a denial of
service (crash) and possibly execute arbitrary code via a 4X movie
file with a large current_track value, a similar issue to CVE-2009-0385
(CVE-2009-0698)

This update fixes these issues.

Affected: Corporate 3.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2008-5248
BugTraq ID: 32505
http://www.securityfocus.com/bid/32505
http://www.mandriva.com/security/advisories?name=MDVSA-2009:298
SuSE Security Announcement: SUSE-SR:2009:004 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
Common Vulnerability Exposure (CVE) ID: CVE-2009-1274
BugTraq ID: 34384
http://www.securityfocus.com/bid/34384
Bugtraq: 20090404 [TKADV2009-005] xine-lib Quicktime STTS Atom Integer Overflow (Google Search)
http://www.securityfocus.com/archive/1/502481/100/0/threaded
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00210.html
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00215.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:299
http://www.trapkit.de/advisories/TKADV2009-005.txt
http://osvdb.org/53288
http://www.securitytracker.com/id?1021989
http://secunia.com/advisories/34593
http://secunia.com/advisories/34712
http://secunia.com/advisories/35416
SuSE Security Announcement: SUSE-SR:2009:011 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html
http://www.vupen.com/english/advisories/2009/0937
XForce ISS Database: xinelib-demuxqt-bo(49714)
https://exchange.xforce.ibmcloud.com/vulnerabilities/49714
Common Vulnerability Exposure (CVE) ID: CVE-2009-0385
BugTraq ID: 33502
http://www.securityfocus.com/bid/33502
Bugtraq: 20090128 [TKADV2009-004] FFmpeg Type Conversion Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/500514/100/0/threaded
Debian Security Information: DSA-1781 (Google Search)
http://www.debian.org/security/2009/dsa-1781
Debian Security Information: DSA-1782 (Google Search)
http://www.debian.org/security/2009/dsa-1782
http://security.gentoo.org/glsa/glsa-200903-33.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2009:297
http://www.trapkit.de/advisories/TKADV2009-004.txt
http://osvdb.org/51643
http://secunia.com/advisories/33711
http://secunia.com/advisories/34296
http://secunia.com/advisories/34385
http://secunia.com/advisories/34845
http://secunia.com/advisories/34905
http://www.ubuntu.com/usn/USN-734-1
http://www.vupen.com/english/advisories/2009/0277
XForce ISS Database: ffmpeg-fourxmreadheader-code-execution(48330)
https://exchange.xforce.ibmcloud.com/vulnerabilities/48330
Common Vulnerability Exposure (CVE) ID: CVE-2009-0698
SuSE Security Announcement: SUSE-SR:2009:009 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html
http://www.ubuntu.com/usn/USN-746-1
XForce ISS Database: xinelib-4xmdemuxer-code-execution(48954)
https://exchange.xforce.ibmcloud.com/vulnerabilities/48954

Copyright Copyright (C) 2009 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.66245
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Security Advisory MDVSA-2009:298 (xine-lib)
Resumen:	The remote host is missing an update to xine-lib;announced via advisory MDVSA-2009:298.
Descripción:	Summary: The remote host is missing an update to xine-lib announced via advisory MDVSA-2009:298. Vulnerability Insight: Vulnerabilities have been discovered and corrected in xine-lib: - xine-lib before 1.1.15 allows remote attackers to cause a denial of service (crash) via mp3 files with metadata consisting only of separators (CVE-2008-5248) - Integer overflow in the qt_error parse_trak_atom function in demuxers/demux_qt.c in xine-lib 1.1.16.2 and earlier allows remote attackers to execute arbitrary code via a Quicktime movie file with a large count value in an STTS atom, which triggers a heap-based buffer overflow (CVE-2009-1274) - Integer overflow in the 4xm demuxer (demuxers/demux_4xm.c) in xine-lib 1.1.16.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a 4X movie file with a large current_track value, a similar issue to CVE-2009-0385 (CVE-2009-0698) This update fixes these issues. Affected: Corporate 3.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-5248 BugTraq ID: 32505 http://www.securityfocus.com/bid/32505 http://www.mandriva.com/security/advisories?name=MDVSA-2009:298 SuSE Security Announcement: SUSE-SR:2009:004 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html Common Vulnerability Exposure (CVE) ID: CVE-2009-1274 BugTraq ID: 34384 http://www.securityfocus.com/bid/34384 Bugtraq: 20090404 [TKADV2009-005] xine-lib Quicktime STTS Atom Integer Overflow (Google Search) http://www.securityfocus.com/archive/1/502481/100/0/threaded https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00210.html https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00215.html http://www.mandriva.com/security/advisories?name=MDVSA-2009:299 http://www.trapkit.de/advisories/TKADV2009-005.txt http://osvdb.org/53288 http://www.securitytracker.com/id?1021989 http://secunia.com/advisories/34593 http://secunia.com/advisories/34712 http://secunia.com/advisories/35416 SuSE Security Announcement: SUSE-SR:2009:011 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html http://www.vupen.com/english/advisories/2009/0937 XForce ISS Database: xinelib-demuxqt-bo(49714) https://exchange.xforce.ibmcloud.com/vulnerabilities/49714 Common Vulnerability Exposure (CVE) ID: CVE-2009-0385 BugTraq ID: 33502 http://www.securityfocus.com/bid/33502 Bugtraq: 20090128 [TKADV2009-004] FFmpeg Type Conversion Vulnerability (Google Search) http://www.securityfocus.com/archive/1/500514/100/0/threaded Debian Security Information: DSA-1781 (Google Search) http://www.debian.org/security/2009/dsa-1781 Debian Security Information: DSA-1782 (Google Search) http://www.debian.org/security/2009/dsa-1782 http://security.gentoo.org/glsa/glsa-200903-33.xml http://www.mandriva.com/security/advisories?name=MDVSA-2009:297 http://www.trapkit.de/advisories/TKADV2009-004.txt http://osvdb.org/51643 http://secunia.com/advisories/33711 http://secunia.com/advisories/34296 http://secunia.com/advisories/34385 http://secunia.com/advisories/34845 http://secunia.com/advisories/34905 http://www.ubuntu.com/usn/USN-734-1 http://www.vupen.com/english/advisories/2009/0277 XForce ISS Database: ffmpeg-fourxmreadheader-code-execution(48330) https://exchange.xforce.ibmcloud.com/vulnerabilities/48330 Common Vulnerability Exposure (CVE) ID: CVE-2009-0698 SuSE Security Announcement: SUSE-SR:2009:009 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html http://www.ubuntu.com/usn/USN-746-1 XForce ISS Database: xinelib-4xmdemuxer-code-execution(48954) https://exchange.xforce.ibmcloud.com/vulnerabilities/48954
Copyright	Copyright (C) 2009 E-Soft Inc.