Mandriva Linux Security Advisory : xine-lib (MDVSA-2008:124)
High Nessus Plugin ID 37421
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionA vulnerability in the Speex library was found where it did not properly validate input values read from the Speex files headers. An attacker could create a malicious Speex file that would crash an application or potentially allow the execution of arbitrary code with the privileges of the application calling the Speex library (CVE-2008-1686).
Xine-lib is similarly affected by this issue.
As well, the previous version of xine as provided in Mandriva Linux 2008.1 would crash when playing matroska files, and a regression was introduced that prevented Amarok from playing m4a files.
The updated packages have been patched to correct this issue.
SolutionUpdate the affected packages.