Vulnerability Bulletins

int(1301)

Vulnerability Bulletins

Múltiples vulnerabilidades en xine-lib
Vulnerability classification
Property	Value
Confidence level	Oficial
Impact	Obtener acceso
Dificulty	Experto
Required attacker level	Acceso remoto sin cuenta a un servicio exotico
System information
Property	Value
Affected manufacturer	GNU/Linux
Affected software	xine-lib
Description
Se han descubierto múltiples vulnerabilidades en xine-lib: - CAN-2004-1187: Una vulnerabilidad en la función pnm_get_chunk() podría provocar una situación de desbordamiento de búfer. - CAN-2004-1188: Una vulnerabilidad de desbordamiento de entero en la función pnm_get_chunk(). - CAN-2004-1300: Una vulnerabilidad de desbordamiento de búfer en la implementación del soporte para ficheros AIFF. La explotación de estas vulnerabilidades podría permitir a un atacante remoto provocar la ejecución de código arbitrario mediante un archivo especialmente diseñado que la víctima debe intentar abrir con un software vulnerable.
Solution
Si lo desea, aplique los mecanismos de actualización propios de su distribución, o bien baje las fuentes del software y compílelo usted mismo. Actualización de software xine-lib Parches http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/pnm.c?r1=1.20&r2=1.21&diff_format=u http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/libreal/real.c?r1=1.19&r2=1.20&diff_format=u http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/demuxers/demux_aiff.c?r1=1.39&r2=1.40&diff_format=u Mandrake Linux Mandrakelinux 10.0 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/libxine1-1-0.rc3.6.3.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/libxine1-devel-1-0.rc3.6.3.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/xine-aa-1-0.rc3.6.3.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/xine-arts-1-0.rc3.6.3.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/xine-dxr3-1-0.rc3.6.3.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/xine-esd-1-0.rc3.6.3.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/xine-flac-1-0.rc3.6.3.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/xine-gnomevfs-1-0.rc3.6.3.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/xine-plugins-1-0.rc3.6.3.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/SRPMS/xine-lib-1-0.rc3.6.3.100mdk.src.rpm AMD64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/lib64xine1-1-0.rc3.6.3.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/lib64xine1-devel-1-0.rc3.6.3.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/xine-aa-1-0.rc3.6.3.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/xine-arts-1-0.rc3.6.3.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/xine-esd-1-0.rc3.6.3.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/xine-flac-1-0.rc3.6.3.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/xine-gnomevfs-1-0.rc3.6.3.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/xine-plugins-1-0.rc3.6.3.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/SRPMS/xine-lib-1-0.rc3.6.3.100mdk.src.rpm Mandrakelinux 10.1 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/libxine1-1-0.rc5.9.1.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/libxine1-devel-1-0.rc5.9.1.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/xine-aa-1-0.rc5.9.1.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/xine-arts-1-0.rc5.9.1.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/xine-dxr3-1-0.rc5.9.1.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/xine-esd-1-0.rc5.9.1.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/xine-flac-1-0.rc5.9.1.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/xine-gnomevfs-1-0.rc5.9.1.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/xine-plugins-1-0.rc5.9.1.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/SRPMS/xine-lib-1-0.rc5.9.1.101mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/lib64xine1-1-0.rc5.9.1.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/lib64xine1-devel-1-0.rc5.9.1.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/xine-aa-1-0.rc5.9.1.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/xine-arts-1-0.rc5.9.1.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/xine-dxr3-1-0.rc5.9.1.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/xine-esd-1-0.rc5.9.1.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/xine-flac-1-0.rc5.9.1.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/xine-gnomevfs-1-0.rc5.9.1.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/xine-plugins-1-0.rc5.9.1.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/SRPMS/xine-lib-1-0.rc5.9.1.101mdk.src.rpm SuSE Linux Distribuciones basadas en SuSE Linux - Actualizar mediante YaST Online Update
Standar resources
Property	Value
CVE	CAN-2004-1187 CAN-2004-1188 CAN-2004-1300
BID
Other resources
xine security announcement XSA-2004-6 http://xinehq.de/index.php/security/XSA-2004-6 xine security announcement XSA-2004-7 http://xinehq.de/index.php/security/XSA-2004-7 SUSE Security Summary Report SUSE-SR:2005:002 http://www.novell.com/linux/security/advisories/2005_02_sr.html

Version history
Version	Comments	Date
1.0	Aviso emitido	2005-01-24
1.1	Aviso emitido por SuSE (SUSE-SR:2005:002)	2005-01-28

Vulnerability Bulletins

Múltiples vulnerabilidades en xine-lib

Vulnerability classification

System information

Description

Solution

Standar resources

Other resources

Version history