English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 76783 CVE descriptions
and 40246 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.64143
Category:Ubuntu Local Security Checks
Title:Ubuntu USN-763-1 (xine-lib)
Summary:Ubuntu USN-763-1 (xine-lib)
Description:The remote host is missing an update to xine-lib
announced via advisory USN-763-1.

Details follow:

It was discovered that the QT demuxer in xine-lib did not correctly handle
a large count value in an STTS atom, resulting in a heap-based buffer
overflow. If a user or automated system were tricked into opening a
specially crafted MOV file, an attacker could execute arbitrary code as the
user invoking the program. (CVE-2009-1274)

USN-746-1 provided updated xine-lib packages to fix multiple security
vulnerabilities. The security patch to fix CVE-2009-0698 was incomplete.
This update corrects the problem.

Original advisory details:
It was discovered that the 4xm demuxer in xine-lib did not correctly
handle a large current_track value in a 4xm file, resulting in an integer
overflow. If a user or automated system were tricked into opening a
specially crafted 4xm movie file, an attacker could crash xine-lib or
possibly execute arbitrary code with the privileges of the user invoking
the program. (CVE-2009-0698)

Solution:
The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
libxine-main1 1.1.1+ubuntu2-7.12

Ubuntu 8.04 LTS:
libxine1 1.1.11.1-1ubuntu3.4

Ubuntu 8.10:
libxine1 1.1.15-0ubuntu3.3

After a standard system upgrade you need to restart applications linked
against xine-lib, such as Totem-xine and Amarok, to effect the necessary
changes.

http://www.securityspace.com/smysecure/catid.html?in=USN-763-1
Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2009-0698
Bugtraq: 20090128 [TKADV2009-004] FFmpeg Type Conversion Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/archive/1/500514/100/0/threaded
http://www.trapkit.de/advisories/TKADV2009-004.txt
http://www.mandriva.com/security/advisories?name=MDVSA-2009:298
http://www.mandriva.com/security/advisories?name=MDVSA-2009:299
SuSE Security Announcement: SUSE-SR:2009:009 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html
http://www.ubuntu.com/usn/USN-746-1
XForce ISS Database: xinelib-4xmdemuxer-code-execution(48954)
http://xforce.iss.net/xforce/xfdb/48954
Common Vulnerability Exposure (CVE) ID: CVE-2009-1274
Bugtraq: 20090404 [TKADV2009-005] xine-lib Quicktime STTS Atom Integer Overflow (Google Search)
http://www.securityfocus.com/archive/1/archive/1/502481/100/0/threaded
http://www.trapkit.de/advisories/TKADV2009-005.txt
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00210.html
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00215.html
SuSE Security Announcement: SUSE-SR:2009:011 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html
BugTraq ID: 34384
http://www.securityfocus.com/bid/34384
http://osvdb.org/53288
http://www.securitytracker.com/id?1021989
http://secunia.com/advisories/34593
http://secunia.com/advisories/34712
http://secunia.com/advisories/35416
http://www.vupen.com/english/advisories/2009/0937
XForce ISS Database: xinelib-demuxqt-bo(49714)
http://xforce.iss.net/xforce/xfdb/49714
Common Vulnerability Exposure (CVE) ID: CVE-2009-0991
Cert/CC Advisory: TA09-105A
http://www.us-cert.gov/cas/techalerts/TA09-105A.html
BugTraq ID: 34461
http://www.securityfocus.com/bid/34461
http://osvdb.org/53737
http://www.securitytracker.com/id?1022052
http://secunia.com/advisories/34693
XForce ISS Database: oracledatabase-tnslistener-dos(50026)
http://xforce.iss.net/xforce/xfdb/50026
Common Vulnerability Exposure (CVE) ID: CVE-2009-1357
Bugtraq: 20090421 CORE-2009-0114 - HTTP Response Splitting vulnerability in Sun Delegated Administrator (Google Search)
http://www.securityfocus.com/archive/1/archive/1/502863/100/0/threaded
http://www.coresecurity.com/content/sun-delegated-administrator
http://sunsolve.sun.com/search/document.do?assetkey=1-66-255928-1
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020305.1-1
BugTraq ID: 34643
http://www.securityfocus.com/bid/34643
http://osvdb.org/53920
http://securitytracker.com/id?1022108
http://secunia.com/advisories/34760
http://www.vupen.com/english/advisories/2009/1122
XForce ISS Database: sjs-delegated-login-response-splitting(50004)
http://xforce.iss.net/xforce/xfdb/50004
Common Vulnerability Exposure (CVE) ID: CVE-2009-1301
http://sourceforge.net/mailarchive/message.php?msg_name=20090405211856.41696433%40sunscreen.local
http://www.gentoo.org/security/en/glsa/glsa-200904-15.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2009:093
BugTraq ID: 34381
http://www.securityfocus.com/bid/34381
http://secunia.com/advisories/34587
http://secunia.com/advisories/34748
http://www.vupen.com/english/advisories/2009/0936
Common Vulnerability Exposure (CVE) ID: CVE-2009-0664
Debian Security Information: DSA-1778 (Google Search)
http://www.debian.org/security/2009/dsa-1778
BugTraq ID: 34677
http://www.securityfocus.com/bid/34677
http://osvdb.org/53891
http://osvdb.org/53892
http://secunia.com/advisories/34789
http://secunia.com/advisories/34871
Common Vulnerability Exposure (CVE) ID: CVE-2008-3963
http://www.openwall.com/lists/oss-security/2008/09/09/4
http://www.openwall.com/lists/oss-security/2008/09/09/7
Debian Security Information: DSA-1783 (Google Search)
http://www.debian.org/security/2009/dsa-1783
http://www.mandriva.com/security/advisories?name=MDVSA-2009:094
http://www.redhat.com/support/errata/RHSA-2009-1067.html
http://www.redhat.com/support/errata/RHSA-2009-1289.html
SuSE Security Announcement: SUSE-SR:2008:025 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html
http://www.ubuntu.com/usn/USN-671-1
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10521
http://secunia.com/advisories/34907
http://secunia.com/advisories/32769
http://secunia.com/advisories/36566
http://www.vupen.com/english/advisories/2008/2554
http://www.securitytracker.com/id?1020858
http://secunia.com/advisories/31769
http://secunia.com/advisories/32759
XForce ISS Database: mysql-bitstring-dos(45042)
http://xforce.iss.net/xforce/xfdb/45042
Common Vulnerability Exposure (CVE) ID: CVE-2008-2079
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html
Debian Security Information: DSA-1608 (Google Search)
http://www.debian.org/security/2008/dsa-1608
http://www.mandriva.com/security/advisories?name=MDVSA-2008:149
http://www.mandriva.com/security/advisories?name=MDVSA-2008:150
http://www.redhat.com/support/errata/RHSA-2008-0505.html
http://www.redhat.com/support/errata/RHSA-2008-0510.html
http://www.redhat.com/support/errata/RHSA-2008-0768.html
SuSE Security Announcement: SUSE-SR:2008:017 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html
BugTraq ID: 29106
http://www.securityfocus.com/bid/29106
BugTraq ID: 31681
http://www.securityfocus.com/bid/31681
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10133
http://secunia.com/advisories/36701
http://www.vupen.com/english/advisories/2008/1472/references
http://www.vupen.com/english/advisories/2008/2780
http://www.securitytracker.com/id?1019995
http://secunia.com/advisories/30134
http://secunia.com/advisories/31066
http://secunia.com/advisories/31226
http://secunia.com/advisories/31687
http://secunia.com/advisories/32222
XForce ISS Database: mysql-myisam-security-bypass(42267)
http://xforce.iss.net/xforce/xfdb/42267
Common Vulnerability Exposure (CVE) ID: CVE-2008-4097
http://www.openwall.com/lists/oss-security/2008/09/09/20
http://www.openwall.com/lists/oss-security/2008/09/16/3
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480292#25
XForce ISS Database: mysql-myisam-symlinks-security-bypass(45648)
http://xforce.iss.net/xforce/xfdb/45648
Common Vulnerability Exposure (CVE) ID: CVE-2008-4098
Debian Security Information: DSA-1662 (Google Search)
http://www.debian.org/security/2008/dsa-1662
http://www.redhat.com/support/errata/RHSA-2010-0110.html
http://ubuntu.com/usn/usn-897-1
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10591
http://secunia.com/advisories/38517
http://secunia.com/advisories/32578
XForce ISS Database: mysql-myisam-symlink-security-bypass(45649)
http://xforce.iss.net/xforce/xfdb/45649
Common Vulnerability Exposure (CVE) ID: CVE-2008-4456
Bugtraq: 20080930 MySQL command-line client HTML injection vulnerability (Google Search)
http://www.securityfocus.com/archive/1/archive/1/496842/100/0/threaded
Bugtraq: 20080930 RE: MySQL command-line client HTML injection vulnerability (Google Search)
http://www.securityfocus.com/archive/1/archive/1/496877/100/0/threaded
Bugtraq: 20081004 RE: RE: MySQL command-line client HTML injection vulnerability (Google Search)
http://seclists.org/bugtraq/2008/Oct/0026.html
Bugtraq: 20081029 Re: MySQL command-line client HTML injection vulnerability (Google Search)
http://www.securityfocus.com/archive/1/archive/1/497158/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/497885/100/0/threaded
http://www.henlich.de/it-security/mysql-command-line-client-html-injection-vulnerability
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
BugTraq ID: 31486
http://www.securityfocus.com/bid/31486
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11456
http://secunia.com/advisories/32072
http://securityreason.com/securityalert/4357
XForce ISS Database: mysql-commandline-xss(45590)
http://xforce.iss.net/xforce/xfdb/45590
Common Vulnerability Exposure (CVE) ID: CVE-2009-0652
http://lists.immunitysec.com/pipermail/dailydave/2009-February/005556.html
http://lists.immunitysec.com/pipermail/dailydave/2009-February/005563.html
http://www.blackhat.com/html/bh-dc-09/bh-dc-09-speakers.html#Marlinspike
https://www.blackhat.com/presentations/bh-dc-09/Marlinspike/BlackHat-DC-09-Marlinspike-Defeating-SSL.pdf
Debian Security Information: DSA-1797 (Google Search)
http://www.debian.org/security/2009/dsa-1797
Debian Security Information: DSA-1830 (Google Search)
http://www.debian.org/security/2009/dsa-1830
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00683.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:111
http://www.redhat.com/support/errata/RHSA-2009-0436.html
RedHat Security Advisories: RHSA-2009:0437
http://rhn.redhat.com/errata/RHSA-2009-0437.html
SuSE Security Announcement: SUSE-SR:2009:010 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html
http://www.ubuntulinux.org/support/documentation/usn/usn-764-1
BugTraq ID: 33837
http://www.securityfocus.com/bid/33837
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11396
http://secunia.com/advisories/34096
http://secunia.com/advisories/34894
http://secunia.com/advisories/34843
http://secunia.com/advisories/34844
http://secunia.com/advisories/35065
http://secunia.com/advisories/35042
http://www.vupen.com/english/advisories/2009/1125
XForce ISS Database: mozilla-firefox-homoglyph-spoofing(48974)
http://xforce.iss.net/xforce/xfdb/48974
Common Vulnerability Exposure (CVE) ID: CVE-2009-1302
http://www.mandriva.com/security/advisories?name=MDVSA-2009:141
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.454275
http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1
BugTraq ID: 34656
http://www.securityfocus.com/bid/34656
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10106
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5527
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6070
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6170
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:7030
http://www.securitytracker.com/id?1022090
http://secunia.com/advisories/34758
http://secunia.com/advisories/34780
http://secunia.com/advisories/35602
Common Vulnerability Exposure (CVE) ID: CVE-2009-1303
http://www.redhat.com/support/errata/RHSA-2009-1125.html
http://www.redhat.com/support/errata/RHSA-2009-1126.html
http://www.ubuntu.com/usn/usn-782-1
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5810
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5992
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6151
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6646
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9455
http://secunia.com/advisories/35536
Common Vulnerability Exposure (CVE) ID: CVE-2009-1304
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5319
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5480
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6015
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:7516
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9535
Common Vulnerability Exposure (CVE) ID: CVE-2009-1305
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10110
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6090
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6232
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6248
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6921
Common Vulnerability Exposure (CVE) ID: CVE-2009-1306
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10150
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6021
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6194
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6312
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6710
http://www.securitytracker.com/id?1022095
Common Vulnerability Exposure (CVE) ID: CVE-2009-1307
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00444.html
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00504.html
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.425408
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10972
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5933
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6154
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6266
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:7008
http://www.securitytracker.com/id?1022093
http://secunia.com/advisories/35561
http://secunia.com/advisories/35882
Common Vulnerability Exposure (CVE) ID: CVE-2009-1308
http://www.theregister.co.uk/2009/03/08/ebay_scam_wizardy/
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10428
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6173
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6185
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6296
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:7285
http://www.securitytracker.com/id?1022097
Common Vulnerability Exposure (CVE) ID: CVE-2009-1309
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5265
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5591
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6139
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6831
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9494
http://www.securitytracker.com/id?1022094
Common Vulnerability Exposure (CVE) ID: CVE-2009-1310
Debian Security Information: DSA-1886 (Google Search)
http://www.debian.org/security/2009/dsa-1886
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11520
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6242
http://secunia.com/advisories/36757
Common Vulnerability Exposure (CVE) ID: CVE-2009-1311
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10939
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6200
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6222
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:7235
Common Vulnerability Exposure (CVE) ID: CVE-2009-1312
Bugtraq: 20090702 Cross-Site Scripting vulnerabilities in Mozilla, Internet Explorer, Opera and Chrome (Google Search)
http://www.securityfocus.com/archive/1/archive/1/504718/100/0/threaded
Bugtraq: 20090703 Re: Cross-Site Scripting vulnerabilities in Mozilla, Internet Explorer, Opera and Chrome (Google Search)
http://www.securityfocus.com/archive/1/archive/1/504723/100/0/threaded
http://ha.ckers.org/blog/20070309/firefox-header-redirection-javascript-execution/
http://websecurity.com.ua/3275/
http://websecurity.com.ua/3386/
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6064
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6131
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6731
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9818
http://www.securitytracker.com/id?1022096
CopyrightCopyright (c) 2009 E-Soft Inc. http://www.securityspace.com

This is only one of 40246 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2014 E-Soft Inc. All rights reserved.