CVE-2008-1161 |
|
发布时间 :2008-03-10 18:44:00 | ||
修订时间 :2008-09-10 21:06:55 | ||||
NMCOPS |
[原文]Buffer overflow in the Matroska demuxer (demuxers/demux_matroska.c) in xine-lib before 1.1.10.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Matroska file with invalid frame sizes.
[CNNVD]xine-lib Matroska Demuxer ‘demuxers/demux_matroska.c’ 缓冲区溢出漏洞(CNNVD-200803-105)
Xine是Linux系统下播放VCD/DVD的程序。
xine-lib 1.1.10.1-前的版本下的Matroska demuxer (demuxers/demux_matroska.c)中的缓冲区溢出漏洞,远程攻击者借助带有无效的帧尺寸的Matroska文件,引起拒绝服务攻击(崩溃)以及可能执行任意代码。
–
CVSS (基础分值)
CVSS分值: | 9.3 | [严重(HIGH)] |
机密性影响: | COMPLETE | [完全的信息泄露导致所有系统文件暴露] |
完整性影响: | COMPLETE | [系统完整性可被完全破坏] |
可用性影响: | COMPLETE | [可能导致系统完全宕机] |
攻击复杂度: | MEDIUM | [漏洞利用存在一定的访问条件] |
攻击向量: | NETWORK | [攻击者不需要获取内网访问权或本地访问权] |
身份认证: | NONE | [漏洞利用无需身份认证] |
–
CWE (弱点类目)
CWE-119 | [内存缓冲区边界内操作的限制不恰当] |
–
CPE (受影响的平台与产品)
产品及版本信息(CPE)暂不可用 |
–
OVAL (用于检测的技术细节)
oval:org.mitre.oval:def:7757 | DSA-1536 xine-lib — several vulnerabilities |
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。 |
–
官方数据库链接
–
其它链接及资源
http://xforce.iss.net/xforce/xfdb/41172 (UNKNOWN) XF xinelib-demuxer-bo(41172) |
http://www.ubuntu.com/usn/usn-635-1 (UNKNOWN) UBUNTU USN-635-1 |
http://www.mandriva.com/security/advisories?name=MDVSA-2008:178 (UNKNOWN) MANDRIVA MDVSA-2008:178 |
http://secunia.com/advisories/31393 (UNKNOWN) SECUNIA 31393 |
http://secunia.com/advisories/29323 (VENDOR_ADVISORY) SECUNIA 29323 |
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html (UNKNOWN) SUSE SUSE-SR:2008:006 |
http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=a62d6f482a69;style=gitweb (UNKNOWN) CONFIRM http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=a62d6f482a69;style=gitweb |
http://www.securityfocus.com/bid/28543 (UNKNOWN) BID 28543 |
http://www.debian.org/security/2008/dsa-1536 (UNKNOWN) DEBIAN DSA-1536 |
http://secunia.com/advisories/29601 (UNKNOWN) SECUNIA 29601 |
–
漏洞信息
xine-lib Matroska Demuxer ‘demuxers/demux_matroska.c’ 缓冲区溢出漏洞 | |
高危 | 缓冲区溢出 |
2008-03-10 00:00:00 | 2008-09-11 00:00:00 |
远程 | |
Xine是Linux系统下播放VCD/DVD的程序。 xine-lib 1.1.10.1-前的版本下的Matroska demuxer (demuxers/demux_matroska.c)中的缓冲区溢出漏洞,远程攻击者借助带有无效的帧尺寸的Matroska文件,引起拒绝服务攻击(崩溃)以及可能执行任意代码。 |
–
公告与补丁
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接: Ubuntu Ubuntu Linux 7.10 powerpc Ubuntu libxine-dev_1.1.7-1ubuntu1.3_all.deb http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.7-1ubuntu1.3_all.deb |
–
漏洞信息 (F69310)
Mandriva Linux Security Advisory 2008-178 (PacketStormID:F69310) |
2008-08-22 00:00:00 |
Mandriva mandriva.com |
advisory,remote,denial of service,overflow,arbitrary |
linux,mandriva |
CVE-2008-0073,CVE-2008-1110,CVE-2008-1161,CVE-2008-1482,CVE-2008-1878 |
[点击下载] |
Mandriva Linux Security Advisory – Alin Rad Pop found an array index vulnerability in the SDP parser of xine-lib. If a user or automated system were tricked into opening a malicious RTSP stream, a remote attacker could possibly execute arbitrary code with the privileges of the user using the program. The ASF demuxer in xine-lib did not properly check the length of ASF headers. If a user was tricked into opening a crafted ASF file, a remote attacker could possibly cause a denial of service or execute arbitrary code with the privileges of the user using the program. The Matroska demuxer in xine-lib did not properly verify frame sizes, which could possibly lead to the execution of arbitrary code if a user opened a crafted ASF file. Luigi Auriemma found multiple integer overflows in xine-lib. If a user was tricked into opening a crafted FLV, MOV, RM, MVE, MKV, or CAK file, a remote attacker could possibly execute arbitrary code with the privileges of the user using the program. Guido Landi found A stack-based buffer overflow in xine-lib that could allow a remote attacker to cause a denial of service (crash) and potentially execute arbitrary code via a long NSF title. The updated packages have been patched to correct this issue. |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2008:178 http://www.mandriva.com/security/ _______________________________________________________________________ Package : xine-lib Date : August 20, 2008 Affected: 2008.0 _______________________________________________________________________ Problem Description: Alin Rad Pop found an array index vulnerability in the SDP parser of xine-lib. If a user or automated system were tricked into opening a malicious RTSP stream, a remote attacker could possibly execute arbitrary code with the privileges of the user using the program (CVE-2008-0073). The ASF demuxer in xine-lib did not properly check the length of ASF headers. If a user was tricked into opening a crafted ASF file, a remote attacker could possibly cause a denial of service or execute arbitrary code with the privileges of the user using the program (CVE-2008-1110). The Matroska demuxer in xine-lib did not properly verify frame sizes, which could possibly lead to the execution of arbitrary code if a user opened a crafted ASF file (CVE-2008-1161). Luigi Auriemma found multiple integer overflows in xine-lib. If a user was tricked into opening a crafted FLV, MOV, RM, MVE, MKV, or CAK file, a remote attacker could possibly execute arbitrary code with the privileges of the user using the program (CVE-2008-1482). Guido Landi found A stack-based buffer overflow in xine-lib that could allow a remote attacker to cause a denial of service (crash) and potentially execute arbitrary code via a long NSF title (CVE-2008-1878). The updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0073 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1110 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1161 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1482 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1878 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: 6aa7eae08e4878a56216c21d2895d38a 2008.0/i586/libxine1-1.1.8-4.7mdv2008.0.i586.rpm e7f1553bf63778f25d9fbf730d5b120c 2008.0/i586/libxine-devel-1.1.8-4.7mdv2008.0.i586.rpm 75e68e91207e014f287b93cdd664a073 2008.0/i586/xine-aa-1.1.8-4.7mdv2008.0.i586.rpm accb9c34f5046451b66142bdd6a21706 2008.0/i586/xine-caca-1.1.8-4.7mdv2008.0.i586.rpm 0e4198ff66564f160945bd8a73932482 2008.0/i586/xine-dxr3-1.1.8-4.7mdv2008.0.i586.rpm 44853bc05ede93786675969cdfd2b009 2008.0/i586/xine-esd-1.1.8-4.7mdv2008.0.i586.rpm 833f7be8ad722fde7dcae24633914556 2008.0/i586/xine-flac-1.1.8-4.7mdv2008.0.i586.rpm ee032b270eb9bd4a639ed9f011be8965 2008.0/i586/xine-gnomevfs-1.1.8-4.7mdv2008.0.i586.rpm cc9adb7d0af33e3b8bcc067c6c62d57d 2008.0/i586/xine-image-1.1.8-4.7mdv2008.0.i586.rpm 020e8b3d47d6e1d29fa0ec4d48d6c6fd 2008.0/i586/xine-jack-1.1.8-4.7mdv2008.0.i586.rpm e927b440649d60abc0ab86dbba263af9 2008.0/i586/xine-plugins-1.1.8-4.7mdv2008.0.i586.rpm 613c9490440b26a3734a447b73bddf67 2008.0/i586/xine-pulse-1.1.8-4.7mdv2008.0.i586.rpm ca31b8372982abf3ca3736116e91435f 2008.0/i586/xine-sdl-1.1.8-4.7mdv2008.0.i586.rpm 3d7cdb0be5abf9432dcfa6b69decec9c 2008.0/i586/xine-smb-1.1.8-4.7mdv2008.0.i586.rpm 36aea6a4873e1f868ddf08c4d7eefe02 2008.0/SRPMS/xine-lib-1.1.8-4.7mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 1f58d28dfaa98b7eccf058752e41631c 2008.0/x86_64/lib64xine1-1.1.8-4.7mdv2008.0.x86_64.rpm 150013536fe38899fcdad61c704cab5c 2008.0/x86_64/lib64xine-devel-1.1.8-4.7mdv2008.0.x86_64.rpm 67471aea2b6f46ae6850199b85f1bba0 2008.0/x86_64/xine-aa-1.1.8-4.7mdv2008.0.x86_64.rpm b2178ce163ff3351685f7b94bef06069 2008.0/x86_64/xine-caca-1.1.8-4.7mdv2008.0.x86_64.rpm fdda01f542e4ecdfd51d2fc695eae8ca 2008.0/x86_64/xine-dxr3-1.1.8-4.7mdv2008.0.x86_64.rpm 03faa97b40b0eb24c5934b1764378324 2008.0/x86_64/xine-esd-1.1.8-4.7mdv2008.0.x86_64.rpm 4af8a886dbbb412b3c3820d354f889f2 2008.0/x86_64/xine-flac-1.1.8-4.7mdv2008.0.x86_64.rpm ce33c99a46cba4ac745af5d5b4bb399d 2008.0/x86_64/xine-gnomevfs-1.1.8-4.7mdv2008.0.x86_64.rpm 512b93a5a0c602358c911f07dffcdae1 2008.0/x86_64/xine-image-1.1.8-4.7mdv2008.0.x86_64.rpm 6c8233325169f39d9d753abd604a4bcf 2008.0/x86_64/xine-jack-1.1.8-4.7mdv2008.0.x86_64.rpm 5a0afda6905461d13a21ac7fd8b27eee 2008.0/x86_64/xine-plugins-1.1.8-4.7mdv2008.0.x86_64.rpm 66cf6873a4013533e7bb2ef664ae9830 2008.0/x86_64/xine-pulse-1.1.8-4.7mdv2008.0.x86_64.rpm 8166bc1bc60957cabfc2038adf10f4df 2008.0/x86_64/xine-sdl-1.1.8-4.7mdv2008.0.x86_64.rpm 6f5708f3d355a95b307158996d28bfea 2008.0/x86_64/xine-smb-1.1.8-4.7mdv2008.0.x86_64.rpm 36aea6a4873e1f868ddf08c4d7eefe02 2008.0/SRPMS/xine-lib-1.1.8-4.7mdv2008.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFIrNO7mqjQ0CJFipgRAh9LAKDa9dFv2EbViWSeaRMGAgCLvuQgnwCdFaTZ hdkD/jCzs0mcRZEISstBXwk= =9Hc3 -----END PGP SIGNATURE-----
–
漏洞信息 (F68876)
Ubuntu Security Notice 635-1 (PacketStormID:F68876) |
2008-08-06 00:00:00 |
Ubuntu security.ubuntu.com |
advisory,arbitrary,vulnerability,code execution |
linux,ubuntu |
CVE-2008-0073,CVE-2008-0225,CVE-2008-0238,CVE-2008-0486,CVE-2008-1110,CVE-2008-1161,CVE-2008-1482,CVE-2008-1686,CVE-2008-1878 |
[点击下载] |
Ubuntu Security Notice 635-1 – Many xine-lib arbitrary code execution vulnerabilities have been addressed in Ubuntu. |
=========================================================== Ubuntu Security Notice USN-635-1 August 06, 2008 xine-lib vulnerabilities CVE-2008-0073, CVE-2008-0225, CVE-2008-0238, CVE-2008-0486, CVE-2008-1110, CVE-2008-1161, CVE-2008-1482, CVE-2008-1686, CVE-2008-1878 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libxine-main1 1.1.1+ubuntu2-7.9 Ubuntu 7.04: libxine-main1 1.1.4-2ubuntu3.1 Ubuntu 7.10: libxine1 1.1.7-1ubuntu1.3 Ubuntu 8.04 LTS: libxine1 1.1.11.1-1ubuntu3.1 After a standard system upgrade you need to restart applications linked against xine-lib to effect the necessary changes. Details follow: Alin Rad Pop discovered an array index vulnerability in the SDP parser. If a user or automated system were tricked into opening a malicious RTSP stream, a remote attacker may be able to execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-0073) Luigi Auriemma discovered that xine-lib did not properly check buffer sizes in the RTSP header-handling code. If xine-lib opened an RTSP stream with crafted SDP attributes, a remote attacker may be able to execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-0225, CVE-2008-0238) Damian Frizza and Alfredo Ortega discovered that xine-lib did not properly validate FLAC tags. If a user or automated system were tricked into opening a crafted FLAC file, a remote attacker may be able to execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-0486) It was discovered that the ASF demuxer in xine-lib did not properly check the length if the ASF header. If a user or automated system were tricked into opening a crafted ASF file, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-1110) It was discovered that the Matroska demuxer in xine-lib did not properly verify frame sizes. If xine-lib opened a crafted ASF file, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-1161) Luigi Auriemma discovered multiple integer overflows in xine-lib. If a user or automated system were tricked into opening a crafted FLV, MOV, RM, MVE, MKV or CAK file, a remote attacker may be able to execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-1482) It was discovered that xine-lib did not properly validate its input when processing Speex file headers. If a user or automated system were tricked into opening a specially crafted Speex file, an attacker could create a denial of service or possibly execute arbitrary code as the user invoking the program. (CVE-2008-1686) Guido Landi discovered a stack-based buffer overflow in xine-lib when processing NSF files. If xine-lib opened a specially crafted NSF file with a long NSF title, an attacker could create a denial of service or possibly execute arbitrary code as the user invoking the program. (CVE-2008-1878) Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.1.1+ubuntu2-7.9.diff.gz Size/MD5: 25244 c709cf6894d6425dd46e8f132615573c http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.1.1+ubuntu2-7.9.dsc Size/MD5: 1113 f70db346860ad8541f3681154e9bf3bc http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.1.1+ubuntu2.orig.tar.gz Size/MD5: 6099365 5d0f3988e4d95f6af6f3caf2130ee992 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.1+ubuntu2-7.9_amd64.deb Size/MD5: 116324 84bb0ee2f6090e64162ff2f2a0f020f1 http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-main1_1.1.1+ubuntu2-7.9_amd64.deb Size/MD5: 2616066 1a99049356180801943cf96c0263fe28 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.1+ubuntu2-7.9_i386.deb Size/MD5: 116320 6dc097583c9ad936b94ced44a8616c27 http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-main1_1.1.1+ubuntu2-7.9_i386.deb Size/MD5: 2935352 acfa8daaf8ea120c1beadc1926eaf08d powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.1+ubuntu2-7.9_powerpc.deb Size/MD5: 116334 c35db71e1841640f35b6eb7010baf3d3 http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-main1_1.1.1+ubuntu2-7.9_powerpc.deb Size/MD5: 2726444 0d578184c6e857aca6d0ccccbdf97f2a sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.1+ubuntu2-7.9_sparc.deb Size/MD5: 116340 c0c39eb2bfe2a4068528bd73c4892fcb http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-main1_1.1.1+ubuntu2-7.9_sparc.deb Size/MD5: 2592618 89d889a9c3c508c1f122511a9536f7c2 Updated packages for Ubuntu 7.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.1.4-2ubuntu3.1.diff.gz Size/MD5: 29541 2d48096e5edf630f163bed209cd659d7 http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.1.4-2ubuntu3.1.dsc Size/MD5: 1254 9ec066aadcf80896ac8a12dc47f65519 http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.1.4.orig.tar.gz Size/MD5: 8603909 6631bf12e1e9bfc740797e0c56f46be6 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/multiverse/x/xine-lib/libxine-extracodecs_1.1.4-2ubuntu3.1_all.deb Size/MD5: 39972 046548cee566f6aec89620f7eafa2158 http://security.ubuntu.com/ubuntu/pool/universe/x/xine-lib/libxine-main1_1.1.4-2ubuntu3.1_all.deb Size/MD5: 39954 9f170fb6984ace5fb4d8c9177339eb9f http://security.ubuntu.com/ubuntu/pool/universe/x/xine-lib/libxine1-plugins_1.1.4-2ubuntu3.1_all.deb Size/MD5: 40194 08c8015241168c9fec32ec46239557db amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.4-2ubuntu3.1_amd64.deb Size/MD5: 298136 fb5abad09abcc593744754079b14121d http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1-dbg_1.1.4-2ubuntu3.1_amd64.deb Size/MD5: 3029478 68dd8f4ae60b3b4eea78e213938e638d http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1-kde_1.1.4-2ubuntu3.1_amd64.deb Size/MD5: 44050 fb7af09d494a0cc5a9c7f261b9f9fd89 http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.1.4-2ubuntu3.1_amd64.deb Size/MD5: 2360482 a9b1699dcc18f5fb2d365606c92535f2 http://security.ubuntu.com/ubuntu/pool/universe/x/xine-lib/libxine1-console_1.1.4-2ubuntu3.1_amd64.deb Size/MD5: 63488 8540a5888532db21c323ffb1da0197e5 http://security.ubuntu.com/ubuntu/pool/universe/x/xine-lib/libxine1-ffmpeg_1.1.4-2ubuntu3.1_amd64.deb Size/MD5: 1514284 792330b42bb37a7437602bbc77b8a21d http://security.ubuntu.com/ubuntu/pool/universe/x/xine-lib/libxine1-gnome_1.1.4-2ubuntu3.1_amd64.deb Size/MD5: 52252 7b277738898bcd2bd40d2f44b169e666 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.4-2ubuntu3.1_i386.deb Size/MD5: 298150 972096a11bcd4d2e4cb3c3b42dca97ae http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1-dbg_1.1.4-2ubuntu3.1_i386.deb Size/MD5: 3152580 73fcf7ca9f7e9e33fe1fee1f12ff69cb http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1-kde_1.1.4-2ubuntu3.1_i386.deb Size/MD5: 43746 d05ffa7e690edcaf0b420335fbbf4f0b http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.1.4-2ubuntu3.1_i386.deb Size/MD5: 2473672 eb93260e20582c906a9eb6e160c4d314 http://security.ubuntu.com/ubuntu/pool/universe/x/xine-lib/libxine1-console_1.1.4-2ubuntu3.1_i386.deb Size/MD5: 64758 9bf75b87685522d576c5f3d044f12694 http://security.ubuntu.com/ubuntu/pool/universe/x/xine-lib/libxine1-ffmpeg_1.1.4-2ubuntu3.1_i386.deb Size/MD5: 1571704 2b35810bd99b9b94c2c4c132e2f72d64 http://security.ubuntu.com/ubuntu/pool/universe/x/xine-lib/libxine1-gnome_1.1.4-2ubuntu3.1_i386.deb Size/MD5: 52164 4a0304e4b51b4b7dbb7ebd374939db95 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.4-2ubuntu3.1_powerpc.deb Size/MD5: 298132 cb62b3c1089933a5a5dae8486e034351 http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1-dbg_1.1.4-2ubuntu3.1_powerpc.deb Size/MD5: 3090286 a5a28d21478b714c8a4f894014deb7e1 http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1-kde_1.1.4-2ubuntu3.1_powerpc.deb Size/MD5: 46230 d239dcb2866e7a8e7afff9560708593f http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.1.4-2ubuntu3.1_powerpc.deb Size/MD5: 2569192 2e09ee9de137d21d02bdfec9262f86da http://security.ubuntu.com/ubuntu/pool/universe/x/xine-lib/libxine1-console_1.1.4-2ubuntu3.1_powerpc.deb Size/MD5: 66296 6b94869dbbee03381677ed6a99e52435 http://security.ubuntu.com/ubuntu/pool/universe/x/xine-lib/libxine1-ffmpeg_1.1.4-2ubuntu3.1_powerpc.deb Size/MD5: 1526458 b012304ddcec0cc7826b857777cdbfb8 http://security.ubuntu.com/ubuntu/pool/universe/x/xine-lib/libxine1-gnome_1.1.4-2ubuntu3.1_powerpc.deb Size/MD5: 57316 39f635ce70bc2a05754b8f74688f7022 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.4-2ubuntu3.1_sparc.deb Size/MD5: 298136 b643d9a7330bfae7a7f4e5a6447af199 http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1-dbg_1.1.4-2ubuntu3.1_sparc.deb Size/MD5: 2801530 0d36866dfedad41744bf7b39b5c2cb30 http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1-kde_1.1.4-2ubuntu3.1_sparc.deb Size/MD5: 43772 bee313cddae10e44c9f1b11f546bf229 http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.1.4-2ubuntu3.1_sparc.deb Size/MD5: 2339948 2a5834f91e5ff089b31503d64d8fa56f http://security.ubuntu.com/ubuntu/pool/universe/x/xine-lib/libxine1-console_1.1.4-2ubuntu3.1_sparc.deb Size/MD5: 60004 272ae4956a69e49bf8d4cc42a20fd236 http://security.ubuntu.com/ubuntu/pool/universe/x/xine-lib/libxine1-ffmpeg_1.1.4-2ubuntu3.1_sparc.deb Size/MD5: 1560720 4c8dc63d4a7612f1a02b5ab15dac6864 http://security.ubuntu.com/ubuntu/pool/universe/x/xine-lib/libxine1-gnome_1.1.4-2ubuntu3.1_sparc.deb Size/MD5: 52084 e4d5b0924a01bed2b4abbfda2d1cacf4 Updated packages for Ubuntu 7.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.1.7-1ubuntu1.3.diff.gz Size/MD5: 27784 435a101ffb894716eecd071f5939dbaf http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.1.7-1ubuntu1.3.dsc Size/MD5: 1607 06af830d473dd8e4b04e6b9ee784b9e6 http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.1.7.orig.tar.gz Size/MD5: 8868650 a613a3adf44b5098e04842250dbd2251 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.7-1ubuntu1.3_all.deb Size/MD5: 320886 d114061f1b5d852c0cc87544777688be http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1-doc_1.1.7-1ubuntu1.3_all.deb Size/MD5: 125992 8c5035155b647ce7e670c10d9e6f90e3 http://security.ubuntu.com/ubuntu/pool/universe/x/xine-lib/libxine1-plugins_1.1.7-1ubuntu1.3_all.deb Size/MD5: 44762 67724629576a3e71c06b4c70abdc4905 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1-dbg_1.1.7-1ubuntu1.3_amd64.deb Size/MD5: 3139966 bf87a04d32dbe428beab47af85bd7380 http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.1.7-1ubuntu1.3_amd64.deb Size/MD5: 2382002 86b07e8bf31ec1cafe9c40e27e993084 http://security.ubuntu.com/ubuntu/pool/universe/x/xine-lib/libxine1-console_1.1.7-1ubuntu1.3_amd64.deb Size/MD5: 78426 1fd31997b0a930bf18cd98084b3bafce http://security.ubuntu.com/ubuntu/pool/universe/x/xine-lib/libxine1-ffmpeg_1.1.7-1ubuntu1.3_amd64.deb Size/MD5: 445200 7cce13fee53be6dcb3e20a7b8d144cb6 http://security.ubuntu.com/ubuntu/pool/universe/x/xine-lib/libxine1-gnome_1.1.7-1ubuntu1.3_amd64.deb Size/MD5: 59296 7cb8fe644e5919dd8a1e567d95429237 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1-dbg_1.1.7-1ubuntu1.3_i386.deb Size/MD5: 3269686 7dfe3085034a5df0b84d39d527066257 http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.1.7-1ubuntu1.3_i386.deb Size/MD5: 2490502 a02077abd97985a4a1ec76f4f1cb7232 http://security.ubuntu.com/ubuntu/pool/universe/x/xine-lib/libxine1-console_1.1.7-1ubuntu1.3_i386.deb Size/MD5: 79342 12cb1b67ff7f707bea1f221d78be2fb4 http://security.ubuntu.com/ubuntu/pool/universe/x/xine-lib/libxine1-ffmpeg_1.1.7-1ubuntu1.3_i386.deb Size/MD5: 446502 26856c3a255125cba5eb850dcbe6b70d http://security.ubuntu.com/ubuntu/pool/universe/x/xine-lib/libxine1-gnome_1.1.7-1ubuntu1.3_i386.deb Size/MD5: 58806 41b73db30c0497f4b524116b03c137e6 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/x/xine-lib/libxine1-dbg_1.1.7-1ubuntu1.3_lpia.deb Size/MD5: 3049478 4e5bfc35c67103a98132643fdcb53bca http://ports.ubuntu.com/pool/main/x/xine-lib/libxine1_1.1.7-1ubuntu1.3_lpia.deb Size/MD5: 2363212 c99a12f536abdb2e735205b7435619b6 http://ports.ubuntu.com/pool/universe/x/xine-lib/libxine1-console_1.1.7-1ubuntu1.3_lpia.deb Size/MD5: 78420 42bb7f916d7cb1ea6e4dad65aecd79a1 http://ports.ubuntu.com/pool/universe/x/xine-lib/libxine1-ffmpeg_1.1.7-1ubuntu1.3_lpia.deb Size/MD5: 444696 4ecb5410df0c524dd288f60ae3478985 http://ports.ubuntu.com/pool/universe/x/xine-lib/libxine1-gnome_1.1.7-1ubuntu1.3_lpia.deb Size/MD5: 58674 c06871fcadba77a3bececcddc57e178b powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1-dbg_1.1.7-1ubuntu1.3_powerpc.deb Size/MD5: 3186752 f87ab41b6445057e4a6ee7c562c23a7a http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.1.7-1ubuntu1.3_powerpc.deb Size/MD5: 2583712 ca3ce19217abfbf521d706b6b7970155 http://security.ubuntu.com/ubuntu/pool/universe/x/xine-lib/libxine1-console_1.1.7-1ubuntu1.3_powerpc.deb Size/MD5: 83148 1c9bd779b40a88b2746379fa087b0142 http://security.ubuntu.com/ubuntu/pool/universe/x/xine-lib/libxine1-ffmpeg_1.1.7-1ubuntu1.3_powerpc.deb Size/MD5: 477848 2d6e95998d82fa719a378784e5eac821 http://security.ubuntu.com/ubuntu/pool/universe/x/xine-lib/libxine1-gnome_1.1.7-1ubuntu1.3_powerpc.deb Size/MD5: 65296 4fbf4cfa6bb9ad2821ca05e66f94cd30 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1-dbg_1.1.7-1ubuntu1.3_sparc.deb Size/MD5: 2858646 a9b393ba169ca85c2ab788dcee36909d http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.1.7-1ubuntu1.3_sparc.deb Size/MD5: 2351408 f3db946bc67f6847746ba50a96da39ce http://security.ubuntu.com/ubuntu/pool/universe/x/xine-lib/libxine1-console_1.1.7-1ubuntu1.3_sparc.deb Size/MD5: 74320 748da95afa87e6f9d74a2efdf6fde9a3 http://security.ubuntu.com/ubuntu/pool/universe/x/xine-lib/libxine1-ffmpeg_1.1.7-1ubuntu1.3_sparc.deb Size/MD5: 453450 0f56c6e1658b0042f0c27da93d21a583 http://security.ubuntu.com/ubuntu/pool/universe/x/xine-lib/libxine1-gnome_1.1.7-1ubuntu1.3_sparc.deb Size/MD5: 58868 18c9981211d5660402bcfef86d949b7c Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.1.11.1-1ubuntu3.1.diff.gz Size/MD5: 48299 9fcc3809569e6ba09101a9f5a936c5f0 http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.1.11.1-1ubuntu3.1.dsc Size/MD5: 1867 9e2d7ecfa9581208ca352a7ccc6ddd68 http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.1.11.1.orig.tar.gz Size/MD5: 9056527 08f6d8ed03d98ec43a5ee1386ce83a00 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1-doc_1.1.11.1-1ubuntu3.1_all.deb Size/MD5: 141726 cdf14069c770dbc97103107d85662d4c http://security.ubuntu.com/ubuntu/pool/universe/x/xine-lib/libxine1-all-plugins_1.1.11.1-1ubuntu3.1_all.deb Size/MD5: 51972 8a3744a44be18a577345bebf730dd41b http://security.ubuntu.com/ubuntu/pool/universe/x/xine-lib/libxine1-plugins_1.1.11.1-1ubuntu3.1_all.deb Size/MD5: 51958 6bd4bbf922cb1908fc42b22ea0b1a45c amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.11.1-1ubuntu3.1_amd64.deb Size/MD5: 326908 74a4c0652f892a10f0a84b973054c9e0 http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1-bin_1.1.11.1-1ubuntu3.1_amd64.deb Size/MD5: 1219992 7b51803254bf6fa801c5dfce9853b34e http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1-console_1.1.11.1-1ubuntu3.1_amd64.deb Size/MD5: 58114 d54407fbcd75fb060d0ca9f2a6df8a4d http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1-dbg_1.1.11.1-1ubuntu3.1_amd64.deb Size/MD5: 3957520 bbca1c33b0a2bdeb2ac2813c0b937f46 http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1-misc-plugins_1.1.11.1-1ubuntu3.1_amd64.deb Size/MD5: 939452 bbaf9959c4c451df8863e4e02a695fa2 http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1-x_1.1.11.1-1ubuntu3.1_amd64.deb Size/MD5: 207578 dac6c3b616fd949a49872811d999c2cb http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.1.11.1-1ubuntu3.1_amd64.deb Size/MD5: 1310 a6d72287e1c41f41cb00117d1fce97df http://security.ubuntu.com/ubuntu/pool/universe/x/xine-lib/libxine1-ffmpeg_1.1.11.1-1ubuntu3.1_amd64.deb Size/MD5: 394852 80734e87080e7e1745de43ca9f5a3972 http://security.ubuntu.com/ubuntu/pool/universe/x/xine-lib/libxine1-gnome_1.1.11.1-1ubuntu3.1_amd64.deb Size/MD5: 15336 ce53f8d14a50f855a355ce8c0cf5e8e2 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.11.1-1ubuntu3.1_i386.deb Size/MD5: 326892 54ec711c7595194026b08ab33d055c56 http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1-bin_1.1.11.1-1ubuntu3.1_i386.deb Size/MD5: 1327966 25e01a3662b5b450fb2aa93f92ff83d2 http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1-console_1.1.11.1-1ubuntu3.1_i386.deb Size/MD5: 58108 97be8610709156d1999cc6138b666507 http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1-dbg_1.1.11.1-1ubuntu3.1_i386.deb Size/MD5: 4049554 1741c377edf8eee68db15e30cf658fa4 http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1-misc-plugins_1.1.11.1-1ubuntu3.1_i386.deb Size/MD5: 927236 7c99672689c0695b0f12141a7e9dd065 http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1-x_1.1.11.1-1ubuntu3.1_i386.deb Size/MD5: 203452 f8fae04ac5a8b6f1b6d5cf5ee14fe57f http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.1.11.1-1ubuntu3.1_i386.deb Size/MD5: 1316 7561523b41ce407c7d33cfe5f5c3264d http://security.ubuntu.com/ubuntu/pool/universe/x/xine-lib/libxine1-ffmpeg_1.1.11.1-1ubuntu3.1_i386.deb Size/MD5: 397678 4850f098a825220d592f49624cfcbaba http://security.ubuntu.com/ubuntu/pool/universe/x/xine-lib/libxine1-gnome_1.1.11.1-1ubuntu3.1_i386.deb Size/MD5: 14710 42f2ac1949591762d9abf6a938934638 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/x/xine-lib/libxine-dev_1.1.11.1-1ubuntu3.1_lpia.deb Size/MD5: 326900 0c3aac26a82156c26ed7056012dd53f8 http://ports.ubuntu.com/pool/main/x/xine-lib/libxine1-bin_1.1.11.1-1ubuntu3.1_lpia.deb Size/MD5: 1214152 399d31857cc4b03ef4eb62cbd6d75389 http://ports.ubuntu.com/pool/main/x/xine-lib/libxine1-console_1.1.11.1-1ubuntu3.1_lpia.deb Size/MD5: 58348 4395271b7fc56bd7e197cc5d650ad133 http://ports.ubuntu.com/pool/main/x/xine-lib/libxine1-dbg_1.1.11.1-1ubuntu3.1_lpia.deb Size/MD5: 3792624 fd75eb026979e8410c55fdc9741be0cd http://ports.ubuntu.com/pool/main/x/xine-lib/libxine1-misc-plugins_1.1.11.1-1ubuntu3.1_lpia.deb Size/MD5: 927018 e5ed0c69767e7ef6f111648ef2f9f6f2 http://ports.ubuntu.com/pool/main/x/xine-lib/libxine1-x_1.1.11.1-1ubuntu3.1_lpia.deb Size/MD5: 203668 b3c3c6ede672556d1f7507c26b71cbff http://ports.ubuntu.com/pool/main/x/xine-lib/libxine1_1.1.11.1-1ubuntu3.1_lpia.deb Size/MD5: 1314 d8cb2c5cd9a584aa54970c4cbd754a0b http://ports.ubuntu.com/pool/universe/x/xine-lib/libxine1-ffmpeg_1.1.11.1-1ubuntu3.1_lpia.deb Size/MD5: 397504 169f96ace2ff50ea986921a38f4a3cc5 http://ports.ubuntu.com/pool/universe/x/xine-lib/libxine1-gnome_1.1.11.1-1ubuntu3.1_lpia.deb Size/MD5: 14768 acbef6a6ef708a3367ec744e40885b44 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/x/xine-lib/libxine-dev_1.1.11.1-1ubuntu3.1_powerpc.deb Size/MD5: 326916 ac1f51d2b3536729e270172e112f99b9 http://ports.ubuntu.com/pool/main/x/xine-lib/libxine1-bin_1.1.11.1-1ubuntu3.1_powerpc.deb Size/MD5: 1226998 185654bca917da89a4fdd5b661b093b1 http://ports.ubuntu.com/pool/main/x/xine-lib/libxine1-console_1.1.11.1-1ubuntu3.1_powerpc.deb Size/MD5: 61302 068beafd328edab526eb3b66586b00c8 http://ports.ubuntu.com/pool/main/x/xine-lib/libxine1-dbg_1.1.11.1-1ubuntu3.1_powerpc.deb Size/MD5: 3985756 292cfac6f79d64b84f064c96f90126c9 http://ports.ubuntu.com/pool/main/x/xine-lib/libxine1-misc-plugins_1.1.11.1-1ubuntu3.1_powerpc.deb Size/MD5: 1124358 e18a293fab38001767571b0d1627a9dd http://ports.ubuntu.com/pool/main/x/xine-lib/libxine1-x_1.1.11.1-1ubuntu3.1_powerpc.deb Size/MD5: 218352 8cda68f380fe22d9ded44a7a0c4b78fa http://ports.ubuntu.com/pool/main/x/xine-lib/libxine1_1.1.11.1-1ubuntu3.1_powerpc.deb Size/MD5: 1316 733af800ad9b472ca573fa66574342c2 http://ports.ubuntu.com/pool/universe/x/xine-lib/libxine1-ffmpeg_1.1.11.1-1ubuntu3.1_powerpc.deb Size/MD5: 426932 05c4a7157c7c1fb9e9c79f098f9b0ece http://ports.ubuntu.com/pool/universe/x/xine-lib/libxine1-gnome_1.1.11.1-1ubuntu3.1_powerpc.deb Size/MD5: 21516 c1590ca1aae92c52ecdbe845fb74dedf sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/x/xine-lib/libxine-dev_1.1.11.1-1ubuntu3.1_sparc.deb Size/MD5: 326924 9c4036e955602e29a7b92ab8838f3d09 http://ports.ubuntu.com/pool/main/x/xine-lib/libxine1-bin_1.1.11.1-1ubuntu3.1_sparc.deb Size/MD5: 1210868 eda98d2aa5c57a467648dec0f8e44ebe http://ports.ubuntu.com/pool/main/x/xine-lib/libxine1-console_1.1.11.1-1ubuntu3.1_sparc.deb Size/MD5: 48608 6f98c13c2456fe85b6847fdc5af7c5ee http://ports.ubuntu.com/pool/main/x/xine-lib/libxine1-dbg_1.1.11.1-1ubuntu3.1_sparc.deb Size/MD5: 3595714 233f25bc320a3fd636144cacdbdab984 http://ports.ubuntu.com/pool/main/x/xine-lib/libxine1-misc-plugins_1.1.11.1-1ubuntu3.1_sparc.deb Size/MD5: 943186 61d8ea0aa8ced899fbfef8664f9283cb http://ports.ubuntu.com/pool/main/x/xine-lib/libxine1-x_1.1.11.1-1ubuntu3.1_sparc.deb Size/MD5: 176208 a4f8907556c48180ed3ef33dd26ef031 http://ports.ubuntu.com/pool/main/x/xine-lib/libxine1_1.1.11.1-1ubuntu3.1_sparc.deb Size/MD5: 1312 3c61a2d623df5fc0aab974bf68310f30 http://ports.ubuntu.com/pool/universe/x/xine-lib/libxine1-ffmpeg_1.1.11.1-1ubuntu3.1_sparc.deb Size/MD5: 403464 f598723e1a1f9cd5389cf315c5d5ae18 http://ports.ubuntu.com/pool/universe/x/xine-lib/libxine1-gnome_1.1.11.1-1ubuntu3.1_sparc.deb Size/MD5: 14594 d39a7503b13ccd49dd0829de0752c0a1
–
漏洞信息 (F65079)
Debian Linux Security Advisory 1536-1 (PacketStormID:F65079) |
2008-04-02 00:00:00 |
Debian debian.org |
advisory,denial of service,arbitrary,local,vulnerability,code execution |
linux,debian |
CVE-2007-1246,CVE-2007-1387,CVE-2008-0073,CVE-2008-0486,CVE-2008-1161 |
[点击下载] |
Debian Security Advisory 1536-1 – Several local vulnerabilities have been discovered in Xine, a media player library, allowed for a denial of service or arbitrary code execution, which could be exploited through viewing malicious content. |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1536-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst March 31, 2008 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : xine-lib Vulnerability : several Problem type : local (remote) Debian-specific: no CVE Id(s) : CVE-2007-1246 CVE-2007-1387 CVE-2008-0073 CVE-2008-0486 CVE-2008-1161 Debian Bug : 464696 Several local vulnerabilities have been discovered in Xine, a media player library, allowed for a denial of service or arbitrary code execution, which could be exploited through viewing malicious content. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-1246 / CVE-2007-1387 The DMO_VideoDecoder_Open function does not set the biSize before use in a memcpy, which allows user-assisted remote attackers to cause a buffer overflow and possibly execute arbitrary code (applies to sarge only). CVE-2008-0073 Array index error in the sdpplin_parse function allows remote RTSP servers to execute arbitrary code via a large streamid SDP parameter. CVE-2008-0486 Array index vulnerability in libmpdemux/demux_audio.c might allow remote attackers to execute arbitrary code via a crafted FLAC tag, which triggers a buffer overflow (applies to etch only). CVE-2008-1161 Buffer overflow in the Matroska demuxer allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Matroska file with invalid frame sizes. For the stable distribution (etch), these problems have been fixed in version 1.1.2+dfsg-6. For the old stable distribution (sarge), these problems have been fixed in version 1.0.1-1sarge7. For the unstable distribution (sid), these problems have been fixed in version 1.1.11-1. We recommend that you upgrade your xine-lib package. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_1.0.1-1sarge7.diff.gz Size/MD5 checksum: 7327 f025acfa0e41de184799393ea9a54e0a http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_1.0.1.orig.tar.gz Size/MD5 checksum: 7774954 9be804b337c6c3a2e202c5a7237cb0f8 http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_1.0.1-1sarge7.dsc Size/MD5 checksum: 1400 e3390f1650e0a1744f1cf81ce2ac30b9 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge7_alpha.deb Size/MD5 checksum: 109754 7b340023aa1b1c5bfe45b4b526a4fa6c http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge7_alpha.deb Size/MD5 checksum: 4848602 31bb864f2c3dd19f0f7784ec0e2ff06d amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge7_amd64.deb Size/MD5 checksum: 108232 b63b13967d16548548b69363a3a49f51 http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge7_amd64.deb Size/MD5 checksum: 3934420 08f952ab238388604ca889207f15cacf arm architecture (ARM) http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge7_arm.deb Size/MD5 checksum: 3909916 82a6de1aa1262bcd80fb73438442b5e6 http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge7_arm.deb Size/MD5 checksum: 109454 937b3a480028d81fd21717bd330c48a4 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge7_hppa.deb Size/MD5 checksum: 3617652 0ab0c31bceb15b693eeab8a1be842d81 http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge7_hppa.deb Size/MD5 checksum: 109682 140b39b4f188c7b5d5762482a1487e91 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge7_i386.deb Size/MD5 checksum: 107842 36c35bdbcdafb36c96052c67915d3e83 http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge7_i386.deb Size/MD5 checksum: 4206034 2f670ca7711c7621e92ce6ff47f89128 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge7_ia64.deb Size/MD5 checksum: 108224 f5894b6e2a742713e305f0ae448f46b8 http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge7_ia64.deb Size/MD5 checksum: 5622238 e956948854e8333957a45679e3f1ca75 m68k architecture (Motorola Mc680x0) http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge7_m68k.deb Size/MD5 checksum: 108336 60e727a36d3f5bb0c961240ebfc7504e http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge7_m68k.deb Size/MD5 checksum: 3176142 feccde602d192b462c146f5731a13a0f mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge7_mips.deb Size/MD5 checksum: 4091032 9f999ef7a57a9b0a860e06b146c5bf1a http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge7_mips.deb Size/MD5 checksum: 110384 3fc17b89430ed3c84a3f144ed22b9fb0 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge7_mipsel.deb Size/MD5 checksum: 4126650 bbeecc6ce5709f5e7d21ee198cae076e http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge7_mipsel.deb Size/MD5 checksum: 108234 cddeda4e920f778b2549de5fdaf40c07 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge7_powerpc.deb Size/MD5 checksum: 108250 3370e7a1e7efc80ef348cc265c5c35f3 http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge7_powerpc.deb Size/MD5 checksum: 4306536 f62ca73d63fccd4b49d3ac2fb23345ca s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge7_s390.deb Size/MD5 checksum: 3881906 6fed320fac7a9d73ca2a6b8191967ec9 http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge7_s390.deb Size/MD5 checksum: 108210 eb7f718923695c69594fa768af371815 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge7_sparc.deb Size/MD5 checksum: 108244 5f8edb59c5625822e314a65e1f606b34 http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge7_sparc.deb Size/MD5 checksum: 4361586 7e4fe726b38796ac92e72dccf3de263c Debian GNU/Linux 4.0 alias etch - ------------------------------- Source archives: http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_1.1.2+dfsg-6.dsc Size/MD5 checksum: 1877 318b9a5c7e265ceecd379c1bf78cc59d http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_1.1.2+dfsg.orig.tar.gz Size/MD5 checksum: 6716994 ae6525a76280a6e1979c3f4f89fd00f3 http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_1.1.2+dfsg-6.diff.gz Size/MD5 checksum: 23720 41569cc160815132939b2700db086b97 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-6_alpha.deb Size/MD5 checksum: 3671136 121d4c4f366ead1efe2e51f442a01925 http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-6_alpha.deb Size/MD5 checksum: 3415068 c4c828f603c98ae9c196d62ae55fc067 http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-6_alpha.deb Size/MD5 checksum: 118364 fd21e7568f52042d7b5fa90bedb86175 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-6_amd64.deb Size/MD5 checksum: 117242 ba9ab3b1f580ee330b4648a6e19189bc http://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-6_amd64.deb Size/MD5 checksum: 3659052 c4d7e60c377627b0ab13e9d6a3a104c7 http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-6_amd64.deb Size/MD5 checksum: 3048320 7f2b4fc1c76ff16a0b2ec9c568c56dd0 arm architecture (ARM) http://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-6_arm.deb Size/MD5 checksum: 2668018 7cf2fd0b431bdf32d3daed3b02144cdf http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-6_arm.deb Size/MD5 checksum: 118582 87e83a8ed3872efca0f6c3c95ba0050b http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-6_arm.deb Size/MD5 checksum: 2958562 b16adcf345bd2dbc0f8c3ac21b7d6e3b hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-6_hppa.deb Size/MD5 checksum: 2693766 0cfdb3fa5d216045eedde26f1412b3a6 http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-6_hppa.deb Size/MD5 checksum: 3219780 d38636b531e0e0396452f45a14e554c2 http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-6_hppa.deb Size/MD5 checksum: 119608 2b8a9ebea2a5037a666f8f2e086dbf17 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-6_i386.deb Size/MD5 checksum: 3966468 68d095257a9674e8a27fc6a148cc6d5d http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-6_i386.deb Size/MD5 checksum: 3349368 2381a282eb893d3e76eef69cc84479eb http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-6_i386.deb Size/MD5 checksum: 117232 66690a0765f0093dff0526b85faf0322 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-6_ia64.deb Size/MD5 checksum: 3764630 d132f9ef4697f2c1a79054ced0309a7f http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-6_ia64.deb Size/MD5 checksum: 117166 852e09242638daad38bbbc3ae239c9a8 http://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-6_ia64.deb Size/MD5 checksum: 2684364 35d53a480f2d70eb171009873fbc490e mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-6_mips.deb Size/MD5 checksum: 119198 54129191862d2b613901399fedad7ade http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-6_mips.deb Size/MD5 checksum: 3035424 2c7d9278440527980b2c8b4e07b4c961 http://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-6_mips.deb Size/MD5 checksum: 2844004 430a6d794aee0cce2f807329166f8a9a mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-6_mipsel.deb Size/MD5 checksum: 117194 af4c9978178f97bafd92b66d48ab4427 http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-6_mipsel.deb Size/MD5 checksum: 3016652 5c2d3287ca0b782d5f14fa38fe9fea6f http://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-6_mipsel.deb Size/MD5 checksum: 2788460 032171f0e18822b961d4f8b8350c82f9 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-6_powerpc.deb Size/MD5 checksum: 3209288 c144f257184eab9fb24326bd2216a87e http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-6_powerpc.deb Size/MD5 checksum: 117204 0f6c2509636f5b94f9e0859a9d588dc2 http://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-6_powerpc.deb Size/MD5 checksum: 3719086 4cec9416f1f449abfdf874bcc9e9ef57 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-6_s390.deb Size/MD5 checksum: 2718672 dcfb54adcaf89425c83c3a32799d06dd http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-6_s390.deb Size/MD5 checksum: 117170 405f873efab3ae50acd27eb3802c6fa8 http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-6_s390.deb Size/MD5 checksum: 3171836 486dfcf6a50e8562cc36163ae9a6ae7d sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-6_sparc.deb Size/MD5 checksum: 3368898 e7a09bb2b060da52f9d5a51479186748 http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-6_sparc.deb Size/MD5 checksum: 3024748 be3f7a4b8fa8da203c4b72bfb0830e22 http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-6_sparc.deb Size/MD5 checksum: 117202 fb2c1a027f3cb3eeaf76cd0a6cfb74e6 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: [email protected] Package info: `apt-cache show' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBR/FOPGz0hbPcukPfAQK/lgf+JxF7qakE5AyWuqYnuZPFh20jS9Gy6GHf x3KOpQOU/be86fkfaPqD7qvc4MFg7X4kHu3WzADW82Vc2etJZHCdva+NJbKWMr13 6kW40+Zqe16JAdXdJAqnkuWD6zWbC/8L2iBXtl6ERfMLH9B/tesD8wmuJ/L5HwZo vqb4LmMGZxDIuzsx70pgRFjlPhsGrISkF8xNeLmXGFXVjMu53cKWoG/44cf5gI8F wCHXLDOa418hNww7oLrzKcmGFh7iIbj9uAWs4t94kEcCZ+003QfziwSxfd1sqRwk SNQ9iTkNW8z94406CycLStNzRzb2pOZQoARa3yqz174ym9nn+iBeCw== =u9pL -----END PGP SIGNATURE-----
–
漏洞信息
43119 |
|
xine-lib Matroska Demuxer demuxers/demux_matroska.c Frame Size Handling Remote Overflow | |
Remote / Network Access |
Input Manipulation |
Loss of Integrity | |
Vendor Verified |
–
漏洞描述
–
时间线
2008-02-04 |
Unknow |
Unknow | Unknow |