|Category:||Ubuntu Local Security Checks|
|Title:||Ubuntu USN-358-1 (xine-lib)|
|Summary:||Ubuntu USN-358-1 (xine-lib)|
The remote host is missing an update to xine-lib
announced via advisory USN-358-1.
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
XFOCUS Security Team discovered that the AVI decoder used in xine-lib did not
correctly validate certain headers. By tricking a user into playing an AVI
with malicious headers, an attacker could execute arbitrary code with the
target user's privileges. (CVE-2006-4799)
Multiple integer overflows were discovered in ffmpeg and tools that contain a
copy of ffmpeg (like xine-lib and kino), for several types of video formats.
By tricking a user into running a video player that uses ffmpeg on a stream
with malicious content, an attacker could execute arbitrary code with the
target user's privileges. (CVE-2006-4800)
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
In general, a standard system upgrade is sufficient to effect the
Risk factor : High
Common Vulnerability Exposure (CVE) ID: CVE-2006-4799|
Debian Security Information: DSA-1215 (Google Search)
SuSE Security Announcement: SUSE-SA:2006:073 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2006-4800
BugTraq ID: 20009
|Copyright||Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com|
|This is only one of 39212 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.