Test ID:	1.3.6.1.4.1.25623.1.0.58230
Category:	Slackware Local Security Checks
Title:	Slackware: Security Advisory (SSA:2007-109-02)
Summary:	The remote host is missing an update for the 'xine-lib' package(s) announced via the SSA:2007-109-02 advisory.
Description:	Summary: The remote host is missing an update for the 'xine-lib' package(s) announced via the SSA:2007-109-02 advisory. Vulnerability Insight: New xine-lib packages are available for Slackware 10.0, 10.1, 10.2, 11.0, and -current to fix security issues. More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database: [link moved to references] Here are the details from the Slackware 11.0 ChangeLog: +--------------------------+ Upgraded to xine-lib-1.1.6. This fixes overflows in xine-lib in some little-used media formats in xine-lib < 1.1.5 and other bugs in xine-lib < 1.1.6. The overflows in xine-lib < 1.1.5 could definitely cause an application using xine-lib to crash, and it is theorized that a malicious media file could be made to run arbitrary code in the context of the user running the application. For more information, see: [link moved to references] (* Security fix *) +--------------------------+ Affected Software/OS: 'xine-lib' package(s) on Slackware 10.0, Slackware 10.1, Slackware 10.2, Slackware 11.0, Slackware current. Solution: Please install the updated package(s). CVSS Score: 7.6 CVSS Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-1246 BugTraq ID: 22771 http://www.securityfocus.com/bid/22771 Bugtraq: 20070423 FLEA-2007-0013-1: xine-lib (Google Search) http://www.securityfocus.com/archive/1/466691/30/6900/threaded Debian Security Information: DSA-1536 (Google Search) http://www.debian.org/security/2008/dsa-1536 http://lists.grok.org.uk/pipermail/full-disclosure/2007-March/052738.html http://security.gentoo.org/glsa/glsa-200704-09.xml http://security.gentoo.org/glsa/glsa-200705-21.xml http://www.mandriva.com/security/advisories?name=MDKSA-2007:055 http://www.mandriva.com/security/advisories?name=MDKSA-2007:057 http://svn.mplayerhq.hu/mplayer/trunk/loader/dmo/DMO_VideoDecoder.c?r1=22019&r2=22204 http://secunia.com/advisories/24443 http://secunia.com/advisories/24444 http://secunia.com/advisories/24446 http://secunia.com/advisories/24448 http://secunia.com/advisories/24462 http://secunia.com/advisories/24866 http://secunia.com/advisories/24897 http://secunia.com/advisories/24995 http://secunia.com/advisories/25462 http://secunia.com/advisories/29601 http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.449141 SuSE Security Announcement: SUSE-SR:2007:005 (Google Search) http://www.novell.com/linux/security/advisories/2007_5_sr.html SuSE Security Announcement: SUSE-SR:2007:007 (Google Search) http://www.novell.com/linux/security/advisories/2007_007_suse.html http://www.ubuntu.com/usn/usn-433-1 http://www.vupen.com/english/advisories/2007/0794 XForce ISS Database: mplayer-dmovideodecoder-bo(32747) https://exchange.xforce.ibmcloud.com/vulnerabilities/32747
Copyright	Copyright (C) 2012 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.