Mandriva Update For Xine-lib MDVSA-2008:124 (xine-lib) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

A vulnerability in the Speex library was found where it did not properly validate input values read from the Speex files headers. An attacker could create a malicious Speex file that would crash an application or potentially allow the execution of arbitrary code with the privileges of the application calling the Speex library (CVE-2008-1686). Xine-lib is similarly affected by this issue. As well, the previous version of xine as provided in Mandriva Linux 2008.1 would crash when playing matroska files, and a regression was introduced that prevented Amarok from playing m4a files. The updated packages have been patched to correct this issue.

Affected

xine-lib on Mandriva Linux 2008.0, Mandriva Linux 2008.0/X86_64, Mandriva Linux 2008.1, Mandriva Linux 2008.1/X86_64

Severity

Classification

CVE CVE-2008-1686

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:143 (netpbm)
Mandrake Security Advisory MDVSA-2009:190 (OpenEXR)
Mandrake Security Advisory MDVSA-2009:083 (mozilla-thunderbird)
Mandrake Security Advisory MDVSA-2009:165 (ghostscript)
Mandrake Security Advisory MDVSA-2009:111-1 (firefox)

Mandriva Update for xine-lib MDVSA-2008:124 (xine-lib)

Take action and discover your vulnerabilities