Referenced CVEs:
CVE-2008-0073, CVE-2008-0225, CVE-2008-0238, CVE-2008-0486, CVE-2008-1110, CVE-2008-1161, CVE-2008-1482, CVE-2008-1686, CVE-2008-1878
Description:
=========================================================== Ubuntu Security Notice USN-635-1 August 06, 2008xine-lib vulnerabilitiesCVE-2008-0073, CVE-2008-0225, CVE-2008-0238, CVE-2008-0486,CVE-2008-1110, CVE-2008-1161, CVE-2008-1482, CVE-2008-1686,CVE-2008-1878===========================================================A security issue affects the following Ubuntu releases:Ubuntu 6.06 LTSUbuntu 7.04Ubuntu 7.10Ubuntu 8.04 LTSThis advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 6.06 LTS: libxine-dev 1.1.1+ubuntu2-7.9 libxine-main1 1.1.1+ubuntu2-7.9Ubuntu 7.04: libxine-main1 1.1.4-2ubuntu3.1Ubuntu 7.10: libxine1 1.1.7-1ubuntu1.3Ubuntu 8.04 LTS: libxine1 1.1.11.1-1ubuntu3.1After a standard system upgrade you need to restart applicationslinked against xine-lib to effect the necessary changes.Details follow:Alin Rad Pop discovered an array index vulnerability in the SDPparser. If a user or automated system were tricked into opening amalicious RTSP stream, a remote attacker may be able to executearbitrary code with the privileges of the user invoking the program.(CVE-2008-0073)Luigi Auriemma discovered that xine-lib did not properly checkbuffer sizes in the RTSP header-handling code. If xine-lib opened anRTSP stream with crafted SDP attributes, a remote attacker may beable to execute arbitrary code with the privileges of the userinvoking the program. (CVE-2008-0225, CVE-2008-0238)Damian Frizza and Alfredo Ortega discovered that xine-lib did notproperly validate FLAC tags. If a user or automated system weretricked into opening a crafted FLAC file, a remote attacker may beable to execute arbitrary code with the privileges of the userinvoking the program. (CVE-2008-0486)It was discovered that the ASF demuxer in xine-lib did not properlycheck the length if the ASF header. If a user or automated systemwere tricked into opening a crafted ASF file, a remote attackercould cause a denial of service or possibly execute arbitrary codewith the privileges of the user invoking the program. (CVE-2008-1110)It was discovered that the Matroska demuxer in xine-lib did notproperly verify frame sizes. If xine-lib opened a crafted ASF file,a remote attacker could cause a denial of service or possiblyexecute arbitrary code with the privileges of the user invokingthe program. (CVE-2008-1161)Luigi Auriemma discovered multiple integer overflows in xine-lib. Ifa user or automated system were tricked into opening a crafted FLV,MOV, RM, MVE, MKV or CAK file, a remote attacker may be able toexecute arbitrary code with the privileges of the user invoking theprogram. (CVE-2008-1482)It was discovered that xine-lib did not properly validate its inputwhen processing Speex file headers. If a user or automated systemwere tricked into opening a specially crafted Speex file, anattacker could create a denial of service or possibly executearbitrary code as the user invoking the program. (CVE-2008-1686)Guido Landi discovered a stack-based buffer overflow in xine-libwhen processing NSF files. If xine-lib opened a specially craftedNSF file with a long NSF title, an attacker could create a denial ofservice or possibly execute arbitrary code as the user invoking theprogram. (CVE-2008-1878)
More...
