Mandriva Linux Security Advisory : xine-lib (MDVSA-2008:124)

This script is Copyright (C) 2009-2015 Tenable Network Security, Inc.

Synopsis :

The remote Mandriva Linux host is missing one or more security

Description :

A vulnerability in the Speex library was found where it did not
properly validate input values read from the Speex files headers. An
attacker could create a malicious Speex file that would crash an
application or potentially allow the execution of arbitrary code with
the privileges of the application calling the Speex library

Xine-lib is similarly affected by this issue.

As well, the previous version of xine as provided in Mandriva Linux
2008.1 would crash when playing matroska files, and a regression was
introduced that prevented Amarok from playing m4a files.

The updated packages have been patched to correct this issue.

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 9.3
CVSS Temporal Score : 8.1
Public Exploit Available : false

Family: Mandriva Local Security Checks

Nessus Plugin ID: 37421 (mandriva_MDVSA-2008-124.nasl)

Bugtraq ID: 28665

CVE ID: CVE-2008-1686

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now