Mandrake Local Security Checks : Mandrake Security Advisory MDKSA-2005:011 (xine-lib)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.50928

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDKSA-2005:011 (xine-lib)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to xine-lib
announced via advisory MDKSA-2005:011.

iDefense discovered that the PNA_TAG handling code in pnm_get_chunk()
does not check if the input size is larger than the buffer size
(CVE-2004-1187). As well, they discovered that in this same function,
a negative value could be given to an unsigned variable that specifies
the read length of input data (CVE-2004-1188).

Ariel Berkman discovered that xine-lib reads specific input data into
an array without checking the input size making it vulnerable to a
buffer overflow problem (CVE-2004-1300).

The updated packages have been patched to prevent these problems.

Affected versions: 10.0, 10.1

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2005:011
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1188
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1300
http://xinehq.de/index.php/security/XSA-2004-6
http://xinehq.de/index.php/security/XSA-2004-7

Risk factor : Critical

CVSS Score:
10.0

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2004-1187
http://www.idefense.com/application/poi/display?id=176&type=vulnerabilities
http://www.mandriva.com/security/advisories?name=MDKSA-2005:011
XForce ISS Database: xine-pnatag-bo(18640)
https://exchange.xforce.ibmcloud.com/vulnerabilities/18640
Common Vulnerability Exposure (CVE) ID: CVE-2004-1188
http://www.idefense.com/application/poi/display?id=177&type=vulnerabilities
XForce ISS Database: xine-pnmgetchunk-bo(18638)
https://exchange.xforce.ibmcloud.com/vulnerabilities/18638
Common Vulnerability Exposure (CVE) ID: CVE-2004-1300
http://tigger.uic.edu/~jlongs2/holes/xine-lib.txt
XForce ISS Database: xine-openaifffile-bo(18611)
https://exchange.xforce.ibmcloud.com/vulnerabilities/18611

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.50928
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2005:011 (xine-lib)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to xine-lib announced via advisory MDKSA-2005:011. iDefense discovered that the PNA_TAG handling code in pnm_get_chunk() does not check if the input size is larger than the buffer size (CVE-2004-1187). As well, they discovered that in this same function, a negative value could be given to an unsigned variable that specifies the read length of input data (CVE-2004-1188). Ariel Berkman discovered that xine-lib reads specific input data into an array without checking the input size making it vulnerable to a buffer overflow problem (CVE-2004-1300). The updated packages have been patched to prevent these problems. Affected versions: 10.0, 10.1 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2005:011 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1187 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1188 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1300 http://xinehq.de/index.php/security/XSA-2004-6 http://xinehq.de/index.php/security/XSA-2004-7 Risk factor : Critical CVSS Score: 10.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-1187 http://www.idefense.com/application/poi/display?id=176&type=vulnerabilities http://www.mandriva.com/security/advisories?name=MDKSA-2005:011 XForce ISS Database: xine-pnatag-bo(18640) https://exchange.xforce.ibmcloud.com/vulnerabilities/18640 Common Vulnerability Exposure (CVE) ID: CVE-2004-1188 http://www.idefense.com/application/poi/display?id=177&type=vulnerabilities XForce ISS Database: xine-pnmgetchunk-bo(18638) https://exchange.xforce.ibmcloud.com/vulnerabilities/18638 Common Vulnerability Exposure (CVE) ID: CVE-2004-1300 http://tigger.uic.edu/~jlongs2/holes/xine-lib.txt XForce ISS Database: xine-openaifffile-bo(18611) https://exchange.xforce.ibmcloud.com/vulnerabilities/18611
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com