drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in xine-lib
Name: |
Mehrere Probleme in xine-lib |
|
ID: |
201006-04 |
|
Distribution: |
Gentoo |
|
Plattformen: |
Keine Angabe |
|
Datum: |
Di, 1. Juni 2010, 19:42 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3231
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5233
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5234
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5235
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5236
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5237
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5238
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5239
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5240
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5241
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5242
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5243
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5244
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5245
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5246
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5247
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5248
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0698
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1274 |
|
Applikationen: |
Xine |
|
Originalnachricht |
--Sig_/XsWYypEipUhv74BhsaF_6OR Content-Type: text/plain; charset=US-ASCI Content-Transfer-Encoding: quoted-printable
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201006-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal Title: xine-lib: User-assisted execution of arbitrary code Date: June 01, 2010 Bugs: #234777, #249041, #260069, #265250 ID: 201006-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis ========
Multiple vulnerabilities in xine-lib might result in the remote execution of arbitrary code.
Background ==========
xine-lib is the core library package for the xine media player, and other players such as Amarok, Codeine/Dragon Player and Kaffeine.
Affected packages =================
------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-libs/xine-lib < 1.1.16.3 >= 1.1.16.3
Description ===========
Multiple vulnerabilites have been reported in xine-lib. Please review the CVE identifiers referenced below for details.
Impact ======
A remote attacker could entice a user to play a specially crafted video file or stream with a player using xine-lib, potentially resulting in the execution of arbitrary code with the privileges of the user running the application.
Workaround ==========
There is no known workaround at this time.
Resolution ==========
All xine-lib users should upgrade to an unaffected version:
# emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/xine-lib-1.1.16.3"
NOTE: This is a legacy GLSA. Updates for all affected architectures are available since April 10, 2009. It is likely that your system is already no longer affected by this issue.
References ==========
[ 1 ] CVE-2008-3231 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3231 [ 2 ] CVE-2008-5233 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5233 [ 3 ] CVE-2008-5234 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5234 [ 4 ] CVE-2008-5235 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5235 [ 5 ] CVE-2008-5236 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5236 [ 6 ] CVE-2008-5237 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5237 [ 7 ] CVE-2008-5238 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5238 [ 8 ] CVE-2008-5239 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5239 [ 9 ] CVE-2008-5240 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5240 [ 10 ] CVE-2008-5241 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5241 [ 11 ] CVE-2008-5242 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5242 [ 12 ] CVE-2008-5243 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5243 [ 13 ] CVE-2008-5244 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5244 [ 14 ] CVE-2008-5245 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5245 [ 15 ] CVE-2008-5246 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5246 [ 16 ] CVE-2008-5247 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5247 [ 17 ] CVE-2008-5248 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5248 [ 18 ] CVE-2009-0698 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0698 [ 19 ] CVE-2009-1274 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1274
Availability ============
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201006-04.xml
Concerns? =========
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License =======
Copyright 2010 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
--Sig_/XsWYypEipUhv74BhsaF_6OR Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.15 (GNU/Linux)
iEYEARECAAYFAkwFKboACgkQk+oqhfPAZGmoIQCghJMoKVs7hnXxT7O4WUT3eK+o RmYAnjRrikn/lunlqMjj4gqrvZRHeRPn =ZNAm -----END PGP SIGNATURE-----
--Sig_/XsWYypEipUhv74BhsaF_6OR--
|
|
|
|