Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : xine-lib vulnerabilities (USN-635-1)

Ubuntu Security Notice (C) 2008-2013 Canonical, Inc. / NASL script (C) 2008-2013 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing one or more security-related patches.

Description :

Alin Rad Pop discovered an array index vulnerability in the SDP
parser. If a user or automated system were tricked into opening a
malicious RTSP stream, a remote attacker may be able to execute
arbitrary code with the privileges of the user invoking the program.
(CVE-2008-0073)

Luigi Auriemma discovered that xine-lib did not properly check buffer
sizes in the RTSP header-handling code. If xine-lib opened an RTSP
stream with crafted SDP attributes, a remote attacker may be able to
execute arbitrary code with the privileges of the user invoking the
program. (CVE-2008-0225, CVE-2008-0238)

Damian Frizza and Alfredo Ortega discovered that xine-lib did not
properly validate FLAC tags. If a user or automated system were
tricked into opening a crafted FLAC file, a remote attacker may be
able to execute arbitrary code with the privileges of the user
invoking the program. (CVE-2008-0486)

It was discovered that the ASF demuxer in xine-lib did not properly
check the length if the ASF header. If a user or automated system were
tricked into opening a crafted ASF file, a remote attacker could cause
a denial of service or possibly execute arbitrary code with the
privileges of the user invoking the program. (CVE-2008-1110)

It was discovered that the Matroska demuxer in xine-lib did not
properly verify frame sizes. If xine-lib opened a crafted ASF file, a
remote attacker could cause a denial of service or possibly execute
arbitrary code with the privileges of the user invoking the program.
(CVE-2008-1161)

Luigi Auriemma discovered multiple integer overflows in xine-lib. If a
user or automated system were tricked into opening a crafted FLV, MOV,
RM, MVE, MKV or CAK file, a remote attacker may be able to execute
arbitrary code with the privileges of the user invoking the program.
(CVE-2008-1482)

It was discovered that xine-lib did not properly validate its input
when processing Speex file headers. If a user or automated system were
tricked into opening a specially crafted Speex file, an attacker could
create a denial of service or possibly execute arbitrary code as the
user invoking the program. (CVE-2008-1686)

Guido Landi discovered a stack-based buffer overflow in xine-lib when
processing NSF files. If xine-lib opened a specially crafted NSF file
with a long NSF title, an attacker could create a denial of service or
possibly execute arbitrary code as the user invoking the program.
(CVE-2008-1878).

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

Family: Ubuntu Local Security Checks

Nessus Plugin ID: 33940 ()

Bugtraq ID:

CVE ID: CVE-2008-0073
CVE-2008-0225
CVE-2008-0238
CVE-2008-0486
CVE-2008-1110
CVE-2008-1161
CVE-2008-1482
CVE-2008-1686
CVE-2008-1878