Ubuntu Local Security Checks : Ubuntu USN-295-1 (xine-lib)

Price/Feature Summary | Order | New Vulnerabilities | Confidentiality | Vulnerability Search

Vulnerability Search		Search 61204 CVE descriptions and 32582 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.57040

Category: Ubuntu Local Security Checks

Title: Ubuntu USN-295-1 (xine-lib)

Summary: Ubuntu USN-295-1 (xine-lib)

Description:
The remote host is missing an update to xine-lib
announced via advisory USN-295-1.

A security issue affects the following Ubuntu releases:

Ubuntu 5.04
Ubuntu 5.10
Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

Federico L. Bossi Bonin discovered a buffer overflow in the HTTP input
module. By tricking an user into opening a malicious remote media
location, a remote attacker could exploit this to crash Xine library
frontends (like totem-xine, gxine, or xine-ui) and possibly even
execute arbitrary code with the user's privileges.

Solution:
The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.04:
libxine1 1.0-1ubuntu3.7

Ubuntu 5.10:
libxine1c2 1.0.1-1ubuntu10.3

Ubuntu 6.06 LTS:
libxine-main1 1.1.1+ubuntu2-7.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.
XXX OR XXX
After a standard system upgrade you need to reboot your computer to
effect the necessary changes.

http://www.securityspace.com/smysecure/catid.html?in=USN-295-1

Risk factor : Medium

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2006-2802
http://milw0rm.com/exploits/1852
Debian Security Information: DSA-1105 (Google Search)
http://www.debian.org/security/2006/dsa-1105
http://security.gentoo.org/glsa/glsa-200609-08.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2006:108
SuSE Security Announcement: SUSE-SR:2006:014 (Google Search)
http://lists.suse.com/archive/suse-security-announce/2006-Jun/0008.html
http://www.ubuntulinux.org/support/documentation/usn/usn-295-1
BugTraq ID: 18187
http://www.securityfocus.com/bid/18187
http://www.osvdb.org/25936
http://secunia.com/advisories/20369
http://secunia.com/advisories/20549
http://secunia.com/advisories/20766
http://secunia.com/advisories/20828
http://secunia.com/advisories/20942
http://secunia.com/advisories/21919
XForce ISS Database: xinelib-xinepluginphttp-bo(26972)
http://xforce.iss.net/xforce/xfdb/26972

Copyright Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

New User Registration
Email:

UserID:

Passwd:

Please email me your monthly newsletters, informing the latest services, improvements & surveys.

Please email me a vulnerability test announcement whenever a new test is added.

Privacy

Registered User Login

UserID:

Passwd:

Forgot userid or passwd?

Email/Userid:

Test ID:	1.3.6.1.4.1.25623.1.0.57040
Category:	Ubuntu Local Security Checks
Title:	Ubuntu USN-295-1 (xine-lib)
Summary:	Ubuntu USN-295-1 (xine-lib)
Description:	The remote host is missing an update to xine-lib announced via advisory USN-295-1. A security issue affects the following Ubuntu releases: Ubuntu 5.04 Ubuntu 5.10 Ubuntu 6.06 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. Federico L. Bossi Bonin discovered a buffer overflow in the HTTP input module. By tricking an user into opening a malicious remote media location, a remote attacker could exploit this to crash Xine library frontends (like totem-xine, gxine, or xine-ui) and possibly even execute arbitrary code with the user's privileges. Solution: The problem can be corrected by upgrading your system to the following package versions: Ubuntu 5.04: libxine1 1.0-1ubuntu3.7 Ubuntu 5.10: libxine1c2 1.0.1-1ubuntu10.3 Ubuntu 6.06 LTS: libxine-main1 1.1.1+ubuntu2-7.1 In general, a standard system upgrade is sufficient to effect the necessary changes. XXX OR XXX After a standard system upgrade you need to reboot your computer to effect the necessary changes. http://www.securityspace.com/smysecure/catid.html?in=USN-295-1 Risk factor : Medium
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2006-2802 http://milw0rm.com/exploits/1852 Debian Security Information: DSA-1105 (Google Search) http://www.debian.org/security/2006/dsa-1105 http://security.gentoo.org/glsa/glsa-200609-08.xml http://www.mandriva.com/security/advisories?name=MDKSA-2006:108 SuSE Security Announcement: SUSE-SR:2006:014 (Google Search) http://lists.suse.com/archive/suse-security-announce/2006-Jun/0008.html http://www.ubuntulinux.org/support/documentation/usn/usn-295-1 BugTraq ID: 18187 http://www.securityfocus.com/bid/18187 http://www.osvdb.org/25936 http://secunia.com/advisories/20369 http://secunia.com/advisories/20549 http://secunia.com/advisories/20766 http://secunia.com/advisories/20828 http://secunia.com/advisories/20942 http://secunia.com/advisories/21919 XForce ISS Database: xinelib-xinepluginphttp-bo(26972) http://xforce.iss.net/xforce/xfdb/26972
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com