微慑信息网

CVE-2008-1161-漏洞详情

CVE-2008-1161
CVSS 9.3
发布时间 :2008-03-10 18:44:00
修订时间 :2008-09-10 21:06:55
NMCOPS    

[原文]Buffer overflow in the Matroska demuxer (demuxers/demux_matroska.c) in xine-lib before 1.1.10.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Matroska file with invalid frame sizes.


[CNNVD]xine-lib Matroska Demuxer ‘demuxers/demux_matroska.c’ 缓冲区溢出漏洞(CNNVD-200803-105)

        Xine是Linux系统下播放VCD/DVD的程序。


        xine-lib 1.1.10.1-前的版本下的Matroska demuxer (demuxers/demux_matroska.c)中的缓冲区溢出漏洞,远程攻击者借助带有无效的帧尺寸的Matroska文件,引起拒绝服务攻击(崩溃)以及可能执行任意代码。


CVSS (基础分值)

CVSS分值: 9.3 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: MEDIUM [漏洞利用存在一定的访问条件]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: NONE [漏洞利用无需身份认证]


CWE (弱点类目)

CWE-119 [内存缓冲区边界内操作的限制不恰当]


CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用


OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:7757 DSA-1536 xine-lib — several vulnerabilities
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。


官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1161

(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-1161

(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200803-105

(官方数据源) CNNVD


其它链接及资源

http://xforce.iss.net/xforce/xfdb/41172


(UNKNOWN)  XF  xinelib-demuxer-bo(41172)
http://www.ubuntu.com/usn/usn-635-1


(UNKNOWN)  UBUNTU  USN-635-1
http://www.mandriva.com/security/advisories?name=MDVSA-2008:178


(UNKNOWN)  MANDRIVA  MDVSA-2008:178
http://secunia.com/advisories/31393


(UNKNOWN)  SECUNIA  31393
http://secunia.com/advisories/29323


(VENDOR_ADVISORY)  SECUNIA  29323
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html


(UNKNOWN)  SUSE  SUSE-SR:2008:006
http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=a62d6f482a69;style=gitweb


(UNKNOWN)  CONFIRM  http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=a62d6f482a69;style=gitweb
http://www.securityfocus.com/bid/28543


(UNKNOWN)  BID  28543
http://www.debian.org/security/2008/dsa-1536


(UNKNOWN)  DEBIAN  DSA-1536
http://secunia.com/advisories/29601


(UNKNOWN)  SECUNIA  29601


漏洞信息

xine-lib Matroska Demuxer ‘demuxers/demux_matroska.c’ 缓冲区溢出漏洞
高危 缓冲区溢出
2008-03-10 00:00:00 2008-09-11 00:00:00
远程  
        Xine是Linux系统下播放VCD/DVD的程序。


        xine-lib 1.1.10.1-前的版本下的Matroska demuxer (demuxers/demux_matroska.c)中的缓冲区溢出漏洞,远程攻击者借助带有无效的帧尺寸的Matroska文件,引起拒绝服务攻击(崩溃)以及可能执行任意代码。


公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:


        Ubuntu Ubuntu Linux 7.10 powerpc


        Ubuntu libxine-dev_1.1.7-1ubuntu1.3_all.deb


        http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.7-1ubuntu1.3_all.deb


漏洞信息 (F69310)

Mandriva Linux Security Advisory 2008-178 (PacketStormID:F69310)

2008-08-22 00:00:00
Mandriva  mandriva.com

advisory,remote,denial of service,overflow,arbitrary

linux,mandriva

CVE-2008-0073,CVE-2008-1110,CVE-2008-1161,CVE-2008-1482,CVE-2008-1878

[点击下载]

Mandriva Linux Security Advisory – Alin Rad Pop found an array index vulnerability in the SDP parser of xine-lib. If a user or automated system were tricked into opening a malicious RTSP stream, a remote attacker could possibly execute arbitrary code with the privileges of the user using the program. The ASF demuxer in xine-lib did not properly check the length of ASF headers. If a user was tricked into opening a crafted ASF file, a remote attacker could possibly cause a denial of service or execute arbitrary code with the privileges of the user using the program. The Matroska demuxer in xine-lib did not properly verify frame sizes, which could possibly lead to the execution of arbitrary code if a user opened a crafted ASF file. Luigi Auriemma found multiple integer overflows in xine-lib. If a user was tricked into opening a crafted FLV, MOV, RM, MVE, MKV, or CAK file, a remote attacker could possibly execute arbitrary code with the privileges of the user using the program. Guido Landi found A stack-based buffer overflow in xine-lib that could allow a remote attacker to cause a denial of service (crash) and potentially execute arbitrary code via a long NSF title. The updated packages have been patched to correct this issue.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2008:178
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : xine-lib
 Date    : August 20, 2008
 Affected: 2008.0
 _______________________________________________________________________

 Problem Description:

 Alin Rad Pop found an array index vulnerability in the SDP parser
 of xine-lib.  If a user or automated system were tricked into opening
 a malicious RTSP stream, a remote attacker could possibly execute
 arbitrary code with the privileges of the user using the program
 (CVE-2008-0073).
 
 The ASF demuxer in xine-lib did not properly check the length of
 ASF headers.  If a user was tricked into opening a crafted ASF file,
 a remote attacker could possibly cause a denial of service or execute
 arbitrary code with the privileges of the user using the program
 (CVE-2008-1110).
 
 The Matroska demuxer in xine-lib did not properly verify frame sizes,
 which could possibly lead to the execution of arbitrary code if a
 user opened a crafted ASF file (CVE-2008-1161).
 
 Luigi Auriemma found multiple integer overflows in xine-lib.  If a
 user was tricked into opening a crafted FLV, MOV, RM, MVE, MKV, or
 CAK file, a remote attacker could possibly execute arbitrary code
 with the privileges of the user using the program (CVE-2008-1482).
 
 Guido Landi found A stack-based buffer overflow in xine-lib
 that could allow a remote attacker to cause a denial of service
 (crash) and potentially execute arbitrary code via a long NSF title
 (CVE-2008-1878).
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0073
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1110
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1161
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1482
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1878
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.0:
 6aa7eae08e4878a56216c21d2895d38a  2008.0/i586/libxine1-1.1.8-4.7mdv2008.0.i586.rpm
 e7f1553bf63778f25d9fbf730d5b120c  2008.0/i586/libxine-devel-1.1.8-4.7mdv2008.0.i586.rpm
 75e68e91207e014f287b93cdd664a073  2008.0/i586/xine-aa-1.1.8-4.7mdv2008.0.i586.rpm
 accb9c34f5046451b66142bdd6a21706  2008.0/i586/xine-caca-1.1.8-4.7mdv2008.0.i586.rpm
 0e4198ff66564f160945bd8a73932482  2008.0/i586/xine-dxr3-1.1.8-4.7mdv2008.0.i586.rpm
 44853bc05ede93786675969cdfd2b009  2008.0/i586/xine-esd-1.1.8-4.7mdv2008.0.i586.rpm
 833f7be8ad722fde7dcae24633914556  2008.0/i586/xine-flac-1.1.8-4.7mdv2008.0.i586.rpm
 ee032b270eb9bd4a639ed9f011be8965  2008.0/i586/xine-gnomevfs-1.1.8-4.7mdv2008.0.i586.rpm
 cc9adb7d0af33e3b8bcc067c6c62d57d  2008.0/i586/xine-image-1.1.8-4.7mdv2008.0.i586.rpm
 020e8b3d47d6e1d29fa0ec4d48d6c6fd  2008.0/i586/xine-jack-1.1.8-4.7mdv2008.0.i586.rpm
 e927b440649d60abc0ab86dbba263af9  2008.0/i586/xine-plugins-1.1.8-4.7mdv2008.0.i586.rpm
 613c9490440b26a3734a447b73bddf67  2008.0/i586/xine-pulse-1.1.8-4.7mdv2008.0.i586.rpm
 ca31b8372982abf3ca3736116e91435f  2008.0/i586/xine-sdl-1.1.8-4.7mdv2008.0.i586.rpm
 3d7cdb0be5abf9432dcfa6b69decec9c  2008.0/i586/xine-smb-1.1.8-4.7mdv2008.0.i586.rpm 
 36aea6a4873e1f868ddf08c4d7eefe02  2008.0/SRPMS/xine-lib-1.1.8-4.7mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 1f58d28dfaa98b7eccf058752e41631c  2008.0/x86_64/lib64xine1-1.1.8-4.7mdv2008.0.x86_64.rpm
 150013536fe38899fcdad61c704cab5c  2008.0/x86_64/lib64xine-devel-1.1.8-4.7mdv2008.0.x86_64.rpm
 67471aea2b6f46ae6850199b85f1bba0  2008.0/x86_64/xine-aa-1.1.8-4.7mdv2008.0.x86_64.rpm
 b2178ce163ff3351685f7b94bef06069  2008.0/x86_64/xine-caca-1.1.8-4.7mdv2008.0.x86_64.rpm
 fdda01f542e4ecdfd51d2fc695eae8ca  2008.0/x86_64/xine-dxr3-1.1.8-4.7mdv2008.0.x86_64.rpm
 03faa97b40b0eb24c5934b1764378324  2008.0/x86_64/xine-esd-1.1.8-4.7mdv2008.0.x86_64.rpm
 4af8a886dbbb412b3c3820d354f889f2  2008.0/x86_64/xine-flac-1.1.8-4.7mdv2008.0.x86_64.rpm
 ce33c99a46cba4ac745af5d5b4bb399d  2008.0/x86_64/xine-gnomevfs-1.1.8-4.7mdv2008.0.x86_64.rpm
 512b93a5a0c602358c911f07dffcdae1  2008.0/x86_64/xine-image-1.1.8-4.7mdv2008.0.x86_64.rpm
 6c8233325169f39d9d753abd604a4bcf  2008.0/x86_64/xine-jack-1.1.8-4.7mdv2008.0.x86_64.rpm
 5a0afda6905461d13a21ac7fd8b27eee  2008.0/x86_64/xine-plugins-1.1.8-4.7mdv2008.0.x86_64.rpm
 66cf6873a4013533e7bb2ef664ae9830  2008.0/x86_64/xine-pulse-1.1.8-4.7mdv2008.0.x86_64.rpm
 8166bc1bc60957cabfc2038adf10f4df  2008.0/x86_64/xine-sdl-1.1.8-4.7mdv2008.0.x86_64.rpm
 6f5708f3d355a95b307158996d28bfea  2008.0/x86_64/xine-smb-1.1.8-4.7mdv2008.0.x86_64.rpm 
 36aea6a4873e1f868ddf08c4d7eefe02  2008.0/SRPMS/xine-lib-1.1.8-4.7mdv2008.0.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFIrNO7mqjQ0CJFipgRAh9LAKDa9dFv2EbViWSeaRMGAgCLvuQgnwCdFaTZ
hdkD/jCzs0mcRZEISstBXwk=
=9Hc3
-----END PGP SIGNATURE-----
    


漏洞信息 (F68876)

Ubuntu Security Notice 635-1 (PacketStormID:F68876)

2008-08-06 00:00:00
Ubuntu  security.ubuntu.com

advisory,arbitrary,vulnerability,code execution

linux,ubuntu

CVE-2008-0073,CVE-2008-0225,CVE-2008-0238,CVE-2008-0486,CVE-2008-1110,CVE-2008-1161,CVE-2008-1482,CVE-2008-1686,CVE-2008-1878

[点击下载]

Ubuntu Security Notice 635-1 – Many xine-lib arbitrary code execution vulnerabilities have been addressed in Ubuntu.

=========================================================== 
Ubuntu Security Notice USN-635-1            August 06, 2008
xine-lib vulnerabilities
CVE-2008-0073, CVE-2008-0225, CVE-2008-0238, CVE-2008-0486,
CVE-2008-1110, CVE-2008-1161, CVE-2008-1482, CVE-2008-1686,
CVE-2008-1878
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 7.04
Ubuntu 7.10
Ubuntu 8.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  libxine-main1                   1.1.1+ubuntu2-7.9

Ubuntu 7.04:
  libxine-main1                   1.1.4-2ubuntu3.1

Ubuntu 7.10:
  libxine1                        1.1.7-1ubuntu1.3

Ubuntu 8.04 LTS:
  libxine1                        1.1.11.1-1ubuntu3.1

After a standard system upgrade you need to restart applications
linked against xine-lib to effect the necessary changes.

Details follow:

Alin Rad Pop discovered an array index vulnerability in the SDP
parser. If a user or automated system were tricked into opening a
malicious RTSP stream, a remote attacker may be able to execute
arbitrary code with the privileges of the user invoking the program.
(CVE-2008-0073)

Luigi Auriemma discovered that xine-lib did not properly check
buffer sizes in the RTSP header-handling code. If xine-lib opened an
RTSP stream with crafted SDP attributes, a remote attacker may be
able to execute arbitrary code with the privileges of the user
invoking the program. (CVE-2008-0225, CVE-2008-0238)

Damian Frizza and Alfredo Ortega discovered that xine-lib did not
properly validate FLAC tags. If a user or automated system were
tricked into opening a crafted FLAC file, a remote attacker may be
able to execute arbitrary code with the privileges of the user
invoking the program. (CVE-2008-0486)

It was discovered that the ASF demuxer in xine-lib did not properly
check the length if the ASF header. If a user or automated system
were tricked into opening a crafted ASF file, a remote attacker
could cause a denial of service or possibly execute arbitrary code
with the privileges of the user invoking the program. (CVE-2008-1110)

It was discovered that the Matroska demuxer in xine-lib did not
properly verify frame sizes. If xine-lib opened a crafted ASF file,
a remote attacker could cause a denial of service or possibly
execute arbitrary code with the privileges of the user invoking
the program. (CVE-2008-1161)

Luigi Auriemma discovered multiple integer overflows in xine-lib. If
a user or automated system were tricked into opening a crafted FLV,
MOV, RM, MVE, MKV or CAK file, a remote attacker may be able to
execute arbitrary code with the privileges of the user invoking the
program. (CVE-2008-1482)

It was discovered that xine-lib did not properly validate its input
when processing Speex file headers. If a user or automated system
were tricked into opening a specially crafted Speex file, an
attacker could create a denial of service or possibly execute
arbitrary code as the user invoking the program. (CVE-2008-1686)

Guido Landi discovered a stack-based buffer overflow in xine-lib
when processing NSF files. If xine-lib opened a specially crafted
NSF file with a long NSF title, an attacker could create a denial of
service or possibly execute arbitrary code as the user invoking the
program. (CVE-2008-1878)


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.1.1+ubuntu2-7.9.diff.gz
      Size/MD5:    25244 c709cf6894d6425dd46e8f132615573c
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.1.1+ubuntu2-7.9.dsc
      Size/MD5:     1113 f70db346860ad8541f3681154e9bf3bc
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.1.1+ubuntu2.orig.tar.gz
      Size/MD5:  6099365 5d0f3988e4d95f6af6f3caf2130ee992

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.1+ubuntu2-7.9_amd64.deb
      Size/MD5:   116324 84bb0ee2f6090e64162ff2f2a0f020f1
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-main1_1.1.1+ubuntu2-7.9_amd64.deb
      Size/MD5:  2616066 1a99049356180801943cf96c0263fe28

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.1+ubuntu2-7.9_i386.deb
      Size/MD5:   116320 6dc097583c9ad936b94ced44a8616c27
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-main1_1.1.1+ubuntu2-7.9_i386.deb
      Size/MD5:  2935352 acfa8daaf8ea120c1beadc1926eaf08d

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.1+ubuntu2-7.9_powerpc.deb
      Size/MD5:   116334 c35db71e1841640f35b6eb7010baf3d3
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-main1_1.1.1+ubuntu2-7.9_powerpc.deb
      Size/MD5:  2726444 0d578184c6e857aca6d0ccccbdf97f2a

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.1+ubuntu2-7.9_sparc.deb
      Size/MD5:   116340 c0c39eb2bfe2a4068528bd73c4892fcb
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-main1_1.1.1+ubuntu2-7.9_sparc.deb
      Size/MD5:  2592618 89d889a9c3c508c1f122511a9536f7c2

Updated packages for Ubuntu 7.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.1.4-2ubuntu3.1.diff.gz
      Size/MD5:    29541 2d48096e5edf630f163bed209cd659d7
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.1.4-2ubuntu3.1.dsc
      Size/MD5:     1254 9ec066aadcf80896ac8a12dc47f65519
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.1.4.orig.tar.gz
      Size/MD5:  8603909 6631bf12e1e9bfc740797e0c56f46be6

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/multiverse/x/xine-lib/libxine-extracodecs_1.1.4-2ubuntu3.1_all.deb
      Size/MD5:    39972 046548cee566f6aec89620f7eafa2158
    http://security.ubuntu.com/ubuntu/pool/universe/x/xine-lib/libxine-main1_1.1.4-2ubuntu3.1_all.deb
      Size/MD5:    39954 9f170fb6984ace5fb4d8c9177339eb9f
    http://security.ubuntu.com/ubuntu/pool/universe/x/xine-lib/libxine1-plugins_1.1.4-2ubuntu3.1_all.deb
      Size/MD5:    40194 08c8015241168c9fec32ec46239557db

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.4-2ubuntu3.1_amd64.deb
      Size/MD5:   298136 fb5abad09abcc593744754079b14121d
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1-dbg_1.1.4-2ubuntu3.1_amd64.deb
      Size/MD5:  3029478 68dd8f4ae60b3b4eea78e213938e638d
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1-kde_1.1.4-2ubuntu3.1_amd64.deb
      Size/MD5:    44050 fb7af09d494a0cc5a9c7f261b9f9fd89
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.1.4-2ubuntu3.1_amd64.deb
      Size/MD5:  2360482 a9b1699dcc18f5fb2d365606c92535f2
    http://security.ubuntu.com/ubuntu/pool/universe/x/xine-lib/libxine1-console_1.1.4-2ubuntu3.1_amd64.deb
      Size/MD5:    63488 8540a5888532db21c323ffb1da0197e5
    http://security.ubuntu.com/ubuntu/pool/universe/x/xine-lib/libxine1-ffmpeg_1.1.4-2ubuntu3.1_amd64.deb
      Size/MD5:  1514284 792330b42bb37a7437602bbc77b8a21d
    http://security.ubuntu.com/ubuntu/pool/universe/x/xine-lib/libxine1-gnome_1.1.4-2ubuntu3.1_amd64.deb
      Size/MD5:    52252 7b277738898bcd2bd40d2f44b169e666

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.4-2ubuntu3.1_i386.deb
      Size/MD5:   298150 972096a11bcd4d2e4cb3c3b42dca97ae
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1-dbg_1.1.4-2ubuntu3.1_i386.deb
      Size/MD5:  3152580 73fcf7ca9f7e9e33fe1fee1f12ff69cb
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1-kde_1.1.4-2ubuntu3.1_i386.deb
      Size/MD5:    43746 d05ffa7e690edcaf0b420335fbbf4f0b
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.1.4-2ubuntu3.1_i386.deb
      Size/MD5:  2473672 eb93260e20582c906a9eb6e160c4d314
    http://security.ubuntu.com/ubuntu/pool/universe/x/xine-lib/libxine1-console_1.1.4-2ubuntu3.1_i386.deb
      Size/MD5:    64758 9bf75b87685522d576c5f3d044f12694
    http://security.ubuntu.com/ubuntu/pool/universe/x/xine-lib/libxine1-ffmpeg_1.1.4-2ubuntu3.1_i386.deb
      Size/MD5:  1571704 2b35810bd99b9b94c2c4c132e2f72d64
    http://security.ubuntu.com/ubuntu/pool/universe/x/xine-lib/libxine1-gnome_1.1.4-2ubuntu3.1_i386.deb
      Size/MD5:    52164 4a0304e4b51b4b7dbb7ebd374939db95

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.4-2ubuntu3.1_powerpc.deb
      Size/MD5:   298132 cb62b3c1089933a5a5dae8486e034351
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1-dbg_1.1.4-2ubuntu3.1_powerpc.deb
      Size/MD5:  3090286 a5a28d21478b714c8a4f894014deb7e1
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1-kde_1.1.4-2ubuntu3.1_powerpc.deb
      Size/MD5:    46230 d239dcb2866e7a8e7afff9560708593f
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.1.4-2ubuntu3.1_powerpc.deb
      Size/MD5:  2569192 2e09ee9de137d21d02bdfec9262f86da
    http://security.ubuntu.com/ubuntu/pool/universe/x/xine-lib/libxine1-console_1.1.4-2ubuntu3.1_powerpc.deb
      Size/MD5:    66296 6b94869dbbee03381677ed6a99e52435
    http://security.ubuntu.com/ubuntu/pool/universe/x/xine-lib/libxine1-ffmpeg_1.1.4-2ubuntu3.1_powerpc.deb
      Size/MD5:  1526458 b012304ddcec0cc7826b857777cdbfb8
    http://security.ubuntu.com/ubuntu/pool/universe/x/xine-lib/libxine1-gnome_1.1.4-2ubuntu3.1_powerpc.deb
      Size/MD5:    57316 39f635ce70bc2a05754b8f74688f7022

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.4-2ubuntu3.1_sparc.deb
      Size/MD5:   298136 b643d9a7330bfae7a7f4e5a6447af199
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1-dbg_1.1.4-2ubuntu3.1_sparc.deb
      Size/MD5:  2801530 0d36866dfedad41744bf7b39b5c2cb30
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1-kde_1.1.4-2ubuntu3.1_sparc.deb
      Size/MD5:    43772 bee313cddae10e44c9f1b11f546bf229
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.1.4-2ubuntu3.1_sparc.deb
      Size/MD5:  2339948 2a5834f91e5ff089b31503d64d8fa56f
    http://security.ubuntu.com/ubuntu/pool/universe/x/xine-lib/libxine1-console_1.1.4-2ubuntu3.1_sparc.deb
      Size/MD5:    60004 272ae4956a69e49bf8d4cc42a20fd236
    http://security.ubuntu.com/ubuntu/pool/universe/x/xine-lib/libxine1-ffmpeg_1.1.4-2ubuntu3.1_sparc.deb
      Size/MD5:  1560720 4c8dc63d4a7612f1a02b5ab15dac6864
    http://security.ubuntu.com/ubuntu/pool/universe/x/xine-lib/libxine1-gnome_1.1.4-2ubuntu3.1_sparc.deb
      Size/MD5:    52084 e4d5b0924a01bed2b4abbfda2d1cacf4

Updated packages for Ubuntu 7.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.1.7-1ubuntu1.3.diff.gz
      Size/MD5:    27784 435a101ffb894716eecd071f5939dbaf
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.1.7-1ubuntu1.3.dsc
      Size/MD5:     1607 06af830d473dd8e4b04e6b9ee784b9e6
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.1.7.orig.tar.gz
      Size/MD5:  8868650 a613a3adf44b5098e04842250dbd2251

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.7-1ubuntu1.3_all.deb
      Size/MD5:   320886 d114061f1b5d852c0cc87544777688be
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1-doc_1.1.7-1ubuntu1.3_all.deb
      Size/MD5:   125992 8c5035155b647ce7e670c10d9e6f90e3
    http://security.ubuntu.com/ubuntu/pool/universe/x/xine-lib/libxine1-plugins_1.1.7-1ubuntu1.3_all.deb
      Size/MD5:    44762 67724629576a3e71c06b4c70abdc4905

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1-dbg_1.1.7-1ubuntu1.3_amd64.deb
      Size/MD5:  3139966 bf87a04d32dbe428beab47af85bd7380
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.1.7-1ubuntu1.3_amd64.deb
      Size/MD5:  2382002 86b07e8bf31ec1cafe9c40e27e993084
    http://security.ubuntu.com/ubuntu/pool/universe/x/xine-lib/libxine1-console_1.1.7-1ubuntu1.3_amd64.deb
      Size/MD5:    78426 1fd31997b0a930bf18cd98084b3bafce
    http://security.ubuntu.com/ubuntu/pool/universe/x/xine-lib/libxine1-ffmpeg_1.1.7-1ubuntu1.3_amd64.deb
      Size/MD5:   445200 7cce13fee53be6dcb3e20a7b8d144cb6
    http://security.ubuntu.com/ubuntu/pool/universe/x/xine-lib/libxine1-gnome_1.1.7-1ubuntu1.3_amd64.deb
      Size/MD5:    59296 7cb8fe644e5919dd8a1e567d95429237

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1-dbg_1.1.7-1ubuntu1.3_i386.deb
      Size/MD5:  3269686 7dfe3085034a5df0b84d39d527066257
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.1.7-1ubuntu1.3_i386.deb
      Size/MD5:  2490502 a02077abd97985a4a1ec76f4f1cb7232
    http://security.ubuntu.com/ubuntu/pool/universe/x/xine-lib/libxine1-console_1.1.7-1ubuntu1.3_i386.deb
      Size/MD5:    79342 12cb1b67ff7f707bea1f221d78be2fb4
    http://security.ubuntu.com/ubuntu/pool/universe/x/xine-lib/libxine1-ffmpeg_1.1.7-1ubuntu1.3_i386.deb
      Size/MD5:   446502 26856c3a255125cba5eb850dcbe6b70d
    http://security.ubuntu.com/ubuntu/pool/universe/x/xine-lib/libxine1-gnome_1.1.7-1ubuntu1.3_i386.deb
      Size/MD5:    58806 41b73db30c0497f4b524116b03c137e6

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/x/xine-lib/libxine1-dbg_1.1.7-1ubuntu1.3_lpia.deb
      Size/MD5:  3049478 4e5bfc35c67103a98132643fdcb53bca
    http://ports.ubuntu.com/pool/main/x/xine-lib/libxine1_1.1.7-1ubuntu1.3_lpia.deb
      Size/MD5:  2363212 c99a12f536abdb2e735205b7435619b6
    http://ports.ubuntu.com/pool/universe/x/xine-lib/libxine1-console_1.1.7-1ubuntu1.3_lpia.deb
      Size/MD5:    78420 42bb7f916d7cb1ea6e4dad65aecd79a1
    http://ports.ubuntu.com/pool/universe/x/xine-lib/libxine1-ffmpeg_1.1.7-1ubuntu1.3_lpia.deb
      Size/MD5:   444696 4ecb5410df0c524dd288f60ae3478985
    http://ports.ubuntu.com/pool/universe/x/xine-lib/libxine1-gnome_1.1.7-1ubuntu1.3_lpia.deb
      Size/MD5:    58674 c06871fcadba77a3bececcddc57e178b

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1-dbg_1.1.7-1ubuntu1.3_powerpc.deb
      Size/MD5:  3186752 f87ab41b6445057e4a6ee7c562c23a7a
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.1.7-1ubuntu1.3_powerpc.deb
      Size/MD5:  2583712 ca3ce19217abfbf521d706b6b7970155
    http://security.ubuntu.com/ubuntu/pool/universe/x/xine-lib/libxine1-console_1.1.7-1ubuntu1.3_powerpc.deb
      Size/MD5:    83148 1c9bd779b40a88b2746379fa087b0142
    http://security.ubuntu.com/ubuntu/pool/universe/x/xine-lib/libxine1-ffmpeg_1.1.7-1ubuntu1.3_powerpc.deb
      Size/MD5:   477848 2d6e95998d82fa719a378784e5eac821
    http://security.ubuntu.com/ubuntu/pool/universe/x/xine-lib/libxine1-gnome_1.1.7-1ubuntu1.3_powerpc.deb
      Size/MD5:    65296 4fbf4cfa6bb9ad2821ca05e66f94cd30

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1-dbg_1.1.7-1ubuntu1.3_sparc.deb
      Size/MD5:  2858646 a9b393ba169ca85c2ab788dcee36909d
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.1.7-1ubuntu1.3_sparc.deb
      Size/MD5:  2351408 f3db946bc67f6847746ba50a96da39ce
    http://security.ubuntu.com/ubuntu/pool/universe/x/xine-lib/libxine1-console_1.1.7-1ubuntu1.3_sparc.deb
      Size/MD5:    74320 748da95afa87e6f9d74a2efdf6fde9a3
    http://security.ubuntu.com/ubuntu/pool/universe/x/xine-lib/libxine1-ffmpeg_1.1.7-1ubuntu1.3_sparc.deb
      Size/MD5:   453450 0f56c6e1658b0042f0c27da93d21a583
    http://security.ubuntu.com/ubuntu/pool/universe/x/xine-lib/libxine1-gnome_1.1.7-1ubuntu1.3_sparc.deb
      Size/MD5:    58868 18c9981211d5660402bcfef86d949b7c

Updated packages for Ubuntu 8.04 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.1.11.1-1ubuntu3.1.diff.gz
      Size/MD5:    48299 9fcc3809569e6ba09101a9f5a936c5f0
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.1.11.1-1ubuntu3.1.dsc
      Size/MD5:     1867 9e2d7ecfa9581208ca352a7ccc6ddd68
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.1.11.1.orig.tar.gz
      Size/MD5:  9056527 08f6d8ed03d98ec43a5ee1386ce83a00

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1-doc_1.1.11.1-1ubuntu3.1_all.deb
      Size/MD5:   141726 cdf14069c770dbc97103107d85662d4c
    http://security.ubuntu.com/ubuntu/pool/universe/x/xine-lib/libxine1-all-plugins_1.1.11.1-1ubuntu3.1_all.deb
      Size/MD5:    51972 8a3744a44be18a577345bebf730dd41b
    http://security.ubuntu.com/ubuntu/pool/universe/x/xine-lib/libxine1-plugins_1.1.11.1-1ubuntu3.1_all.deb
      Size/MD5:    51958 6bd4bbf922cb1908fc42b22ea0b1a45c

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.11.1-1ubuntu3.1_amd64.deb
      Size/MD5:   326908 74a4c0652f892a10f0a84b973054c9e0
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1-bin_1.1.11.1-1ubuntu3.1_amd64.deb
      Size/MD5:  1219992 7b51803254bf6fa801c5dfce9853b34e
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1-console_1.1.11.1-1ubuntu3.1_amd64.deb
      Size/MD5:    58114 d54407fbcd75fb060d0ca9f2a6df8a4d
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1-dbg_1.1.11.1-1ubuntu3.1_amd64.deb
      Size/MD5:  3957520 bbca1c33b0a2bdeb2ac2813c0b937f46
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1-misc-plugins_1.1.11.1-1ubuntu3.1_amd64.deb
      Size/MD5:   939452 bbaf9959c4c451df8863e4e02a695fa2
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1-x_1.1.11.1-1ubuntu3.1_amd64.deb
      Size/MD5:   207578 dac6c3b616fd949a49872811d999c2cb
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.1.11.1-1ubuntu3.1_amd64.deb
      Size/MD5:     1310 a6d72287e1c41f41cb00117d1fce97df
    http://security.ubuntu.com/ubuntu/pool/universe/x/xine-lib/libxine1-ffmpeg_1.1.11.1-1ubuntu3.1_amd64.deb
      Size/MD5:   394852 80734e87080e7e1745de43ca9f5a3972
    http://security.ubuntu.com/ubuntu/pool/universe/x/xine-lib/libxine1-gnome_1.1.11.1-1ubuntu3.1_amd64.deb
      Size/MD5:    15336 ce53f8d14a50f855a355ce8c0cf5e8e2

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.11.1-1ubuntu3.1_i386.deb
      Size/MD5:   326892 54ec711c7595194026b08ab33d055c56
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1-bin_1.1.11.1-1ubuntu3.1_i386.deb
      Size/MD5:  1327966 25e01a3662b5b450fb2aa93f92ff83d2
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1-console_1.1.11.1-1ubuntu3.1_i386.deb
      Size/MD5:    58108 97be8610709156d1999cc6138b666507
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1-dbg_1.1.11.1-1ubuntu3.1_i386.deb
      Size/MD5:  4049554 1741c377edf8eee68db15e30cf658fa4
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1-misc-plugins_1.1.11.1-1ubuntu3.1_i386.deb
      Size/MD5:   927236 7c99672689c0695b0f12141a7e9dd065
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1-x_1.1.11.1-1ubuntu3.1_i386.deb
      Size/MD5:   203452 f8fae04ac5a8b6f1b6d5cf5ee14fe57f
    http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.1.11.1-1ubuntu3.1_i386.deb
      Size/MD5:     1316 7561523b41ce407c7d33cfe5f5c3264d
    http://security.ubuntu.com/ubuntu/pool/universe/x/xine-lib/libxine1-ffmpeg_1.1.11.1-1ubuntu3.1_i386.deb
      Size/MD5:   397678 4850f098a825220d592f49624cfcbaba
    http://security.ubuntu.com/ubuntu/pool/universe/x/xine-lib/libxine1-gnome_1.1.11.1-1ubuntu3.1_i386.deb
      Size/MD5:    14710 42f2ac1949591762d9abf6a938934638

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/x/xine-lib/libxine-dev_1.1.11.1-1ubuntu3.1_lpia.deb
      Size/MD5:   326900 0c3aac26a82156c26ed7056012dd53f8
    http://ports.ubuntu.com/pool/main/x/xine-lib/libxine1-bin_1.1.11.1-1ubuntu3.1_lpia.deb
      Size/MD5:  1214152 399d31857cc4b03ef4eb62cbd6d75389
    http://ports.ubuntu.com/pool/main/x/xine-lib/libxine1-console_1.1.11.1-1ubuntu3.1_lpia.deb
      Size/MD5:    58348 4395271b7fc56bd7e197cc5d650ad133
    http://ports.ubuntu.com/pool/main/x/xine-lib/libxine1-dbg_1.1.11.1-1ubuntu3.1_lpia.deb
      Size/MD5:  3792624 fd75eb026979e8410c55fdc9741be0cd
    http://ports.ubuntu.com/pool/main/x/xine-lib/libxine1-misc-plugins_1.1.11.1-1ubuntu3.1_lpia.deb
      Size/MD5:   927018 e5ed0c69767e7ef6f111648ef2f9f6f2
    http://ports.ubuntu.com/pool/main/x/xine-lib/libxine1-x_1.1.11.1-1ubuntu3.1_lpia.deb
      Size/MD5:   203668 b3c3c6ede672556d1f7507c26b71cbff
    http://ports.ubuntu.com/pool/main/x/xine-lib/libxine1_1.1.11.1-1ubuntu3.1_lpia.deb
      Size/MD5:     1314 d8cb2c5cd9a584aa54970c4cbd754a0b
    http://ports.ubuntu.com/pool/universe/x/xine-lib/libxine1-ffmpeg_1.1.11.1-1ubuntu3.1_lpia.deb
      Size/MD5:   397504 169f96ace2ff50ea986921a38f4a3cc5
    http://ports.ubuntu.com/pool/universe/x/xine-lib/libxine1-gnome_1.1.11.1-1ubuntu3.1_lpia.deb
      Size/MD5:    14768 acbef6a6ef708a3367ec744e40885b44

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/x/xine-lib/libxine-dev_1.1.11.1-1ubuntu3.1_powerpc.deb
      Size/MD5:   326916 ac1f51d2b3536729e270172e112f99b9
    http://ports.ubuntu.com/pool/main/x/xine-lib/libxine1-bin_1.1.11.1-1ubuntu3.1_powerpc.deb
      Size/MD5:  1226998 185654bca917da89a4fdd5b661b093b1
    http://ports.ubuntu.com/pool/main/x/xine-lib/libxine1-console_1.1.11.1-1ubuntu3.1_powerpc.deb
      Size/MD5:    61302 068beafd328edab526eb3b66586b00c8
    http://ports.ubuntu.com/pool/main/x/xine-lib/libxine1-dbg_1.1.11.1-1ubuntu3.1_powerpc.deb
      Size/MD5:  3985756 292cfac6f79d64b84f064c96f90126c9
    http://ports.ubuntu.com/pool/main/x/xine-lib/libxine1-misc-plugins_1.1.11.1-1ubuntu3.1_powerpc.deb
      Size/MD5:  1124358 e18a293fab38001767571b0d1627a9dd
    http://ports.ubuntu.com/pool/main/x/xine-lib/libxine1-x_1.1.11.1-1ubuntu3.1_powerpc.deb
      Size/MD5:   218352 8cda68f380fe22d9ded44a7a0c4b78fa
    http://ports.ubuntu.com/pool/main/x/xine-lib/libxine1_1.1.11.1-1ubuntu3.1_powerpc.deb
      Size/MD5:     1316 733af800ad9b472ca573fa66574342c2
    http://ports.ubuntu.com/pool/universe/x/xine-lib/libxine1-ffmpeg_1.1.11.1-1ubuntu3.1_powerpc.deb
      Size/MD5:   426932 05c4a7157c7c1fb9e9c79f098f9b0ece
    http://ports.ubuntu.com/pool/universe/x/xine-lib/libxine1-gnome_1.1.11.1-1ubuntu3.1_powerpc.deb
      Size/MD5:    21516 c1590ca1aae92c52ecdbe845fb74dedf

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/x/xine-lib/libxine-dev_1.1.11.1-1ubuntu3.1_sparc.deb
      Size/MD5:   326924 9c4036e955602e29a7b92ab8838f3d09
    http://ports.ubuntu.com/pool/main/x/xine-lib/libxine1-bin_1.1.11.1-1ubuntu3.1_sparc.deb
      Size/MD5:  1210868 eda98d2aa5c57a467648dec0f8e44ebe
    http://ports.ubuntu.com/pool/main/x/xine-lib/libxine1-console_1.1.11.1-1ubuntu3.1_sparc.deb
      Size/MD5:    48608 6f98c13c2456fe85b6847fdc5af7c5ee
    http://ports.ubuntu.com/pool/main/x/xine-lib/libxine1-dbg_1.1.11.1-1ubuntu3.1_sparc.deb
      Size/MD5:  3595714 233f25bc320a3fd636144cacdbdab984
    http://ports.ubuntu.com/pool/main/x/xine-lib/libxine1-misc-plugins_1.1.11.1-1ubuntu3.1_sparc.deb
      Size/MD5:   943186 61d8ea0aa8ced899fbfef8664f9283cb
    http://ports.ubuntu.com/pool/main/x/xine-lib/libxine1-x_1.1.11.1-1ubuntu3.1_sparc.deb
      Size/MD5:   176208 a4f8907556c48180ed3ef33dd26ef031
    http://ports.ubuntu.com/pool/main/x/xine-lib/libxine1_1.1.11.1-1ubuntu3.1_sparc.deb
      Size/MD5:     1312 3c61a2d623df5fc0aab974bf68310f30
    http://ports.ubuntu.com/pool/universe/x/xine-lib/libxine1-ffmpeg_1.1.11.1-1ubuntu3.1_sparc.deb
      Size/MD5:   403464 f598723e1a1f9cd5389cf315c5d5ae18
    http://ports.ubuntu.com/pool/universe/x/xine-lib/libxine1-gnome_1.1.11.1-1ubuntu3.1_sparc.deb
      Size/MD5:    14594 d39a7503b13ccd49dd0829de0752c0a1


    


漏洞信息 (F65079)

Debian Linux Security Advisory 1536-1 (PacketStormID:F65079)

2008-04-02 00:00:00
Debian  debian.org

advisory,denial of service,arbitrary,local,vulnerability,code execution

linux,debian

CVE-2007-1246,CVE-2007-1387,CVE-2008-0073,CVE-2008-0486,CVE-2008-1161

[点击下载]

Debian Security Advisory 1536-1 – Several local vulnerabilities have been discovered in Xine, a media player library, allowed for a denial of service or arbitrary code execution, which could be exploited through viewing malicious content.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1536-1                  [email protected]
http://www.debian.org/security/                          Thijs Kinkhorst
March 31, 2008                        http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : xine-lib
Vulnerability  : several
Problem type   : local (remote)
Debian-specific: no
CVE Id(s)      : CVE-2007-1246 CVE-2007-1387 CVE-2008-0073 CVE-2008-0486
                 CVE-2008-1161 
Debian Bug     : 464696

Several local vulnerabilities have been discovered in Xine, a
media player library, allowed for a denial of service or arbitrary code
execution, which could be exploited through viewing malicious content.
The Common Vulnerabilities and Exposures project identifies the following
problems:

CVE-2007-1246 / CVE-2007-1387

    The DMO_VideoDecoder_Open function does not set the biSize before use in a
    memcpy, which allows user-assisted remote attackers to cause a buffer overflow
    and possibly execute arbitrary code (applies to sarge only).

CVE-2008-0073

    Array index error in the sdpplin_parse function allows remote RTSP servers
    to execute arbitrary code via a large streamid SDP parameter.

CVE-2008-0486

    Array index vulnerability in libmpdemux/demux_audio.c might allow remote
    attackers to execute arbitrary code via a crafted FLAC tag, which triggers
    a buffer overflow (applies to etch only).

CVE-2008-1161

    Buffer overflow in the Matroska demuxer allows remote attackers to cause a
    denial of service (crash) and possibly execute arbitrary code via a Matroska
    file with invalid frame sizes.


For the stable distribution (etch), these problems have been fixed in version
1.1.2+dfsg-6.

For the old stable distribution (sarge), these problems have been fixed in
version 1.0.1-1sarge7.

For the unstable distribution (sid), these problems have been fixed in
version 1.1.11-1.


We recommend that you upgrade your xine-lib package.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

Source archives:

  http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_1.0.1-1sarge7.diff.gz
    Size/MD5 checksum:     7327 f025acfa0e41de184799393ea9a54e0a
  http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_1.0.1.orig.tar.gz
    Size/MD5 checksum:  7774954 9be804b337c6c3a2e202c5a7237cb0f8
  http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_1.0.1-1sarge7.dsc
    Size/MD5 checksum:     1400 e3390f1650e0a1744f1cf81ce2ac30b9

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge7_alpha.deb
    Size/MD5 checksum:   109754 7b340023aa1b1c5bfe45b4b526a4fa6c
  http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge7_alpha.deb
    Size/MD5 checksum:  4848602 31bb864f2c3dd19f0f7784ec0e2ff06d

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge7_amd64.deb
    Size/MD5 checksum:   108232 b63b13967d16548548b69363a3a49f51
  http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge7_amd64.deb
    Size/MD5 checksum:  3934420 08f952ab238388604ca889207f15cacf

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge7_arm.deb
    Size/MD5 checksum:  3909916 82a6de1aa1262bcd80fb73438442b5e6
  http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge7_arm.deb
    Size/MD5 checksum:   109454 937b3a480028d81fd21717bd330c48a4

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge7_hppa.deb
    Size/MD5 checksum:  3617652 0ab0c31bceb15b693eeab8a1be842d81
  http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge7_hppa.deb
    Size/MD5 checksum:   109682 140b39b4f188c7b5d5762482a1487e91

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge7_i386.deb
    Size/MD5 checksum:   107842 36c35bdbcdafb36c96052c67915d3e83
  http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge7_i386.deb
    Size/MD5 checksum:  4206034 2f670ca7711c7621e92ce6ff47f89128

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge7_ia64.deb
    Size/MD5 checksum:   108224 f5894b6e2a742713e305f0ae448f46b8
  http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge7_ia64.deb
    Size/MD5 checksum:  5622238 e956948854e8333957a45679e3f1ca75

m68k architecture (Motorola Mc680x0)

  http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge7_m68k.deb
    Size/MD5 checksum:   108336 60e727a36d3f5bb0c961240ebfc7504e
  http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge7_m68k.deb
    Size/MD5 checksum:  3176142 feccde602d192b462c146f5731a13a0f

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge7_mips.deb
    Size/MD5 checksum:  4091032 9f999ef7a57a9b0a860e06b146c5bf1a
  http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge7_mips.deb
    Size/MD5 checksum:   110384 3fc17b89430ed3c84a3f144ed22b9fb0

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge7_mipsel.deb
    Size/MD5 checksum:  4126650 bbeecc6ce5709f5e7d21ee198cae076e
  http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge7_mipsel.deb
    Size/MD5 checksum:   108234 cddeda4e920f778b2549de5fdaf40c07

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge7_powerpc.deb
    Size/MD5 checksum:   108250 3370e7a1e7efc80ef348cc265c5c35f3
  http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge7_powerpc.deb
    Size/MD5 checksum:  4306536 f62ca73d63fccd4b49d3ac2fb23345ca

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge7_s390.deb
    Size/MD5 checksum:  3881906 6fed320fac7a9d73ca2a6b8191967ec9
  http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge7_s390.deb
    Size/MD5 checksum:   108210 eb7f718923695c69594fa768af371815

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge7_sparc.deb
    Size/MD5 checksum:   108244 5f8edb59c5625822e314a65e1f606b34
  http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge7_sparc.deb
    Size/MD5 checksum:  4361586 7e4fe726b38796ac92e72dccf3de263c


Debian GNU/Linux 4.0 alias etch
- -------------------------------

Source archives:

  http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_1.1.2+dfsg-6.dsc
    Size/MD5 checksum:     1877 318b9a5c7e265ceecd379c1bf78cc59d
  http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_1.1.2+dfsg.orig.tar.gz
    Size/MD5 checksum:  6716994 ae6525a76280a6e1979c3f4f89fd00f3
  http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_1.1.2+dfsg-6.diff.gz
    Size/MD5 checksum:    23720 41569cc160815132939b2700db086b97

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-6_alpha.deb
    Size/MD5 checksum:  3671136 121d4c4f366ead1efe2e51f442a01925
  http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-6_alpha.deb
    Size/MD5 checksum:  3415068 c4c828f603c98ae9c196d62ae55fc067
  http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-6_alpha.deb
    Size/MD5 checksum:   118364 fd21e7568f52042d7b5fa90bedb86175

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-6_amd64.deb
    Size/MD5 checksum:   117242 ba9ab3b1f580ee330b4648a6e19189bc
  http://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-6_amd64.deb
    Size/MD5 checksum:  3659052 c4d7e60c377627b0ab13e9d6a3a104c7
  http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-6_amd64.deb
    Size/MD5 checksum:  3048320 7f2b4fc1c76ff16a0b2ec9c568c56dd0

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-6_arm.deb
    Size/MD5 checksum:  2668018 7cf2fd0b431bdf32d3daed3b02144cdf
  http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-6_arm.deb
    Size/MD5 checksum:   118582 87e83a8ed3872efca0f6c3c95ba0050b
  http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-6_arm.deb
    Size/MD5 checksum:  2958562 b16adcf345bd2dbc0f8c3ac21b7d6e3b

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-6_hppa.deb
    Size/MD5 checksum:  2693766 0cfdb3fa5d216045eedde26f1412b3a6
  http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-6_hppa.deb
    Size/MD5 checksum:  3219780 d38636b531e0e0396452f45a14e554c2
  http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-6_hppa.deb
    Size/MD5 checksum:   119608 2b8a9ebea2a5037a666f8f2e086dbf17

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-6_i386.deb
    Size/MD5 checksum:  3966468 68d095257a9674e8a27fc6a148cc6d5d
  http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-6_i386.deb
    Size/MD5 checksum:  3349368 2381a282eb893d3e76eef69cc84479eb
  http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-6_i386.deb
    Size/MD5 checksum:   117232 66690a0765f0093dff0526b85faf0322

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-6_ia64.deb
    Size/MD5 checksum:  3764630 d132f9ef4697f2c1a79054ced0309a7f
  http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-6_ia64.deb
    Size/MD5 checksum:   117166 852e09242638daad38bbbc3ae239c9a8
  http://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-6_ia64.deb
    Size/MD5 checksum:  2684364 35d53a480f2d70eb171009873fbc490e

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-6_mips.deb
    Size/MD5 checksum:   119198 54129191862d2b613901399fedad7ade
  http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-6_mips.deb
    Size/MD5 checksum:  3035424 2c7d9278440527980b2c8b4e07b4c961
  http://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-6_mips.deb
    Size/MD5 checksum:  2844004 430a6d794aee0cce2f807329166f8a9a

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-6_mipsel.deb
    Size/MD5 checksum:   117194 af4c9978178f97bafd92b66d48ab4427
  http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-6_mipsel.deb
    Size/MD5 checksum:  3016652 5c2d3287ca0b782d5f14fa38fe9fea6f
  http://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-6_mipsel.deb
    Size/MD5 checksum:  2788460 032171f0e18822b961d4f8b8350c82f9

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-6_powerpc.deb
    Size/MD5 checksum:  3209288 c144f257184eab9fb24326bd2216a87e
  http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-6_powerpc.deb
    Size/MD5 checksum:   117204 0f6c2509636f5b94f9e0859a9d588dc2
  http://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-6_powerpc.deb
    Size/MD5 checksum:  3719086 4cec9416f1f449abfdf874bcc9e9ef57

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-6_s390.deb
    Size/MD5 checksum:  2718672 dcfb54adcaf89425c83c3a32799d06dd
  http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-6_s390.deb
    Size/MD5 checksum:   117170 405f873efab3ae50acd27eb3802c6fa8
  http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-6_s390.deb
    Size/MD5 checksum:  3171836 486dfcf6a50e8562cc36163ae9a6ae7d

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-6_sparc.deb
    Size/MD5 checksum:  3368898 e7a09bb2b060da52f9d5a51479186748
  http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-6_sparc.deb
    Size/MD5 checksum:  3024748 be3f7a4b8fa8da203c4b72bfb0830e22
  http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-6_sparc.deb
    Size/MD5 checksum:   117202 fb2c1a027f3cb3eeaf76cd0a6cfb74e6


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: [email protected]
Package info: `apt-cache show ' and http://packages.debian.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iQEVAwUBR/FOPGz0hbPcukPfAQK/lgf+JxF7qakE5AyWuqYnuZPFh20jS9Gy6GHf
x3KOpQOU/be86fkfaPqD7qvc4MFg7X4kHu3WzADW82Vc2etJZHCdva+NJbKWMr13
6kW40+Zqe16JAdXdJAqnkuWD6zWbC/8L2iBXtl6ERfMLH9B/tesD8wmuJ/L5HwZo
vqb4LmMGZxDIuzsx70pgRFjlPhsGrISkF8xNeLmXGFXVjMu53cKWoG/44cf5gI8F
wCHXLDOa418hNww7oLrzKcmGFh7iIbj9uAWs4t94kEcCZ+003QfziwSxfd1sqRwk
SNQ9iTkNW8z94406CycLStNzRzb2pOZQoARa3yqz174ym9nn+iBeCw==
=u9pL
-----END PGP SIGNATURE-----
    


漏洞信息


43119
xine-lib Matroska Demuxer demuxers/demux_matroska.c Frame Size Handling Remote Overflow

Remote / Network Access

Input Manipulation
Loss of Integrity
Vendor Verified


漏洞描述


时间线


2008-02-04

Unknow
Unknow Unknow


解决方案

本文标题:CVE-2008-1161-漏洞详情
本文链接:
(转载请附上本文链接)
http://vulsee.com/archives/vulsee_2019/0713_2925.html
转载请附本站链接,未经允许不得转载,,谢谢:微慑信息网-VulSee.com » CVE-2008-1161-漏洞详情
分享到: 更多 (0)

评论 抢沙发

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址

微慑信息网 专注工匠精神

访问我们联系我们