Test ID:	1.3.6.1.4.1.25623.1.0.56997
Category:	Mandrake Local Security Checks
Title:	Mandrake Security Advisory MDKSA-2006:108 (xine-lib)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to xine-lib announced via advisory MDKSA-2006:108. A buffer overflow in the HTTP Plugin (xineplug_inp_http.so) for xine-lib 1.1.1 allows remote attackers to cause a denial of service (application crash) via a long reply from an HTTP server, as demonstrated using gxine 0.5.6. (CVE-2006-2802) In addition, a possible buffer overflow exists in the AVI demuxer, similar in nature to CVE-2006-1502 for MPlayer. The Corporate 3 release of xine-lib does not have this issue. The updated packages have been patched to correct these issues. Affected: 10.2, 2006.0, Corporate 3.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2006:108 Risk factor : High CVSS Score: 5.1
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2006-2802 BugTraq ID: 18187 http://www.securityfocus.com/bid/18187 Debian Security Information: DSA-1105 (Google Search) http://www.debian.org/security/2006/dsa-1105 https://www.exploit-db.com/exploits/1852 http://security.gentoo.org/glsa/glsa-200609-08.xml http://www.mandriva.com/security/advisories?name=MDKSA-2006:108 http://www.osvdb.org/25936 http://secunia.com/advisories/20369 http://secunia.com/advisories/20549 http://secunia.com/advisories/20766 http://secunia.com/advisories/20828 http://secunia.com/advisories/20942 http://secunia.com/advisories/21919 SuSE Security Announcement: SUSE-SR:2006:014 (Google Search) http://lists.suse.com/archive/suse-security-announce/2006-Jun/0008.html https://usn.ubuntu.com/295-1/ XForce ISS Database: xinelib-xinepluginphttp-bo(26972) https://exchange.xforce.ibmcloud.com/vulnerabilities/26972 Common Vulnerability Exposure (CVE) ID: CVE-2006-1502 BugTraq ID: 17295 http://www.securityfocus.com/bid/17295 Bugtraq: 20060329 [xfocus-SD-060329]MPlayer: Multiple integer overflows (Google Search) http://www.securityfocus.com/archive/1/429251/100/0/threaded http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/044615.html http://www.gentoo.org/security/en/glsa/glsa-200605-01.xml http://www.mandriva.com/security/advisories?name=MDKSA-2006:068 http://www.xfocus.org/advisories/200603/11.html http://www.osvdb.org/24246 http://www.osvdb.org/24247 http://securitytracker.com/id?1015842 http://secunia.com/advisories/19418 http://secunia.com/advisories/19565 http://secunia.com/advisories/19919 http://securityreason.com/securityalert/532 http://securityreason.com/securityalert/647 http://www.vupen.com/english/advisories/2006/1156 XForce ISS Database: mplayer-asfheader-integer-overflow(25513) https://exchange.xforce.ibmcloud.com/vulnerabilities/25513 XForce ISS Database: mplayer-aviheader-integer-overflow(25514) https://exchange.xforce.ibmcloud.com/vulnerabilities/25514
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.