Debian Security Advisory DSA 1472-1 (xine-lib) Network Vulnerability

Summary

The remote host is missing an update to xine-lib announced via advisory DSA 1472-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201472-1

Insight

Luigi Auriemma discovered that the Xine media player library performed insufficient input sanitising during the handling of RTSP streams, which could lead to the execution of arbitrary code. For the unstable distribution (sid), this problem will be fixed soon. For the testing distribution (lenny), this problem has been fixed in version 1.1.8-3+lenny1. For the stable distribution (etch), this problem has been fixed in version 1.1.2+dfsg-5. For the old stable distribution (sarge), this problem has been fixed in version 1.0.1-1sarge6. We recommend that you upgrade your xine-lib packages.

Severity

Classification

CVE CVE-2008-0225
CVSS Base Score: 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:N

Related Vulnerabilities

Debian Security Advisory DSA 1093-1 (xine-ui)
Debian Security Advisory DSA 1119-1 (hiki)
Debian Security Advisory DSA 1064-1 (cscope)
Debian Security Advisory DSA 1112-1 (mysql-dfsg-4.1)
Debian Security Advisory DSA 093-1 (postfix)

Take action and discover your vulnerabilities