Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
slackwareSlackware Linux ProjectSSA-2008-089-03
HistoryMar 30, 2008 - 12:05 a.m.

[slackware-security] xine-lib

2008-03-3000:05:12
Slackware Linux Project
www.slackware.com
21

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

74.5%

JSON

New xine-lib packages are available for Slackware 10.0, 10.1, 10.2, 11.0, 12.0,
and -current to fix security issues.

More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:

https://vulners.com/cve/CVE-2008-0073

Here are the details from the Slackware 12.0 ChangeLog:

patches/packages/xine-lib-1.1.11-i686-1_slack12.0.tgz:
Earlier versions of xine-lib suffer from an array index bug that
may have security implications if a malicious RTSP stream is
played. Playback of other media formats is not affected.
If you use RTSP, you should probably upgrade xine-lib.
For more information on the security issue, please see:
https://vulners.com/cve/CVE-2008-0073
(* Security fix *)

Where to find the new packages:

Updated package for Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/xine-lib-1.1.11-i686-1_slack10.0.tgz

Updated package for Slackware 10.1:
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/xine-lib-1.1.11-i686-1_slack10.1.tgz

Updated package for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/xine-lib-1.1.11-i686-1_slack10.2.tgz

Updated package for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/xine-lib-1.1.11-i686-1_slack11.0.tgz

Updated package for Slackware 12.0:
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/xine-lib-1.1.11-i686-1_slack12.0.tgz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/xine-lib-1.1.11-i686-1.tgz

MD5 signatures:

Slackware 10.0 package:
6b92de022505be8325e7e4abcc0f01de xine-lib-1.1.11-i686-1_slack10.0.tgz

Slackware 10.1 package:
df802bf3a66c1212953600a24f1dba49 xine-lib-1.1.11-i686-1_slack10.1.tgz

Slackware 10.2 package:
6e4306bbc8ed6280f33883097296fb76 xine-lib-1.1.11-i686-1_slack10.2.tgz

Slackware 11.0 package:
012c8ad12a1456e31f9bf299b878b19b xine-lib-1.1.11-i686-1_slack11.0.tgz

Slackware 12.0 package:
04dfd67cfc12258f05b2e01612494572 xine-lib-1.1.11-i686-1_slack12.0.tgz

Slackware -current package:
db569bcc52fffaa132b16d967ddfe495 xine-lib-1.1.11-i686-1.tgz

Installation instructions:

Upgrade the package as root:
> upgradepkg xine-lib-1.1.11-i686-1_slack12.0.tgz

Related

nessus 14
exploitpack 1
debiancve 1
cve 1
packetstorm 1
openvas 22
fedora 3
ubuntucve 1
prion 1
redhatcve 1
securityvulns 2
cvelist 1
seebug 2
nvd 1
exploitdb 1
gentoo 2
osv 2
debian 2
ubuntu 1
nessus
nessus
Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / current : xine-lib (SSA:2008-089-03)
2008-03-31 00:00:00
SuSE 10 Security Update : xine (ZYPP Patch Number 5116)
2008-04-01 00:00:00
openSUSE 10 Security Update : xine-devel (xine-devel-5113)
2008-03-31 00:00:00
exploitpack
exploitpack
MPlayer 1.0 rc2 - sdpplin_parse() Array Indexing Buffer Overflow (PoC)
2008-03-25 00:00:00
debiancve
debiancve
CVE-2008-0073
2008-03-24 22:44:00
cve
cve
CVE-2008-0073
2008-03-24 22:44:00
packetstorm
packetstorm
mplayer-overflowpoc.txt
2008-03-26 00:00:00
openvas
openvas
Fedora Update for xine-lib FEDORA-2008-2569
2009-02-16 00:00:00
Fedora Update for xine-lib FEDORA-2008-2569
2009-02-16 00:00:00
Slackware Advisory SSA:2008-089-03 xine-lib
2012-09-11 00:00:00
fedora
fedora
[SECURITY] Fedora 8 Update: xine-lib-1.1.11-1.fc8
2008-03-21 22:06:16
[SECURITY] Fedora 7 Update: xine-lib-1.1.11.1-1.fc7
2008-04-09 05:18:08
[SECURITY] Fedora 8 Update: xine-lib-1.1.15-1.fc8
2008-09-10 06:45:50
ubuntucve
ubuntucve
CVE-2008-0073
2008-03-24 00:00:00
prion
prion
Design/Logic Flaw
2008-03-24 22:44:00
redhatcve
redhatcve
CVE-2008-0073
2019-10-04 21:36:03
securityvulns
securityvulns
[Full-disclosure] CVE-2008-0073 - MPlayer and VLC "sdpplin_parse()" Array Indexing Vulnerability
2008-03-25 00:00:00
Xine / MPlayer / VLC buffer overflow
2008-03-25 00:00:00
cvelist
cvelist
CVE-2008-0073
2008-03-24 22:00:00
seebug
seebug
xine-lib sdpplin_parse()ε‡½ζ•°θΏœη¨‹ζΊ’ε‡ΊζΌζ΄ž
2008-03-21 00:00:00
MPlayer sdpplin_parse() Array Indexing Buffer Overflow Exploit PoC
2008-03-26 00:00:00
nvd
nvd
CVE-2008-0073
2008-03-24 22:44:00
exploitdb
exploitdb
MPlayer 1.0 rc2 - 'sdpplin_parse()' Array Indexing Buffer Overflow (PoC)
2008-03-25 00:00:00
gentoo
gentoo
xine-lib: User-assisted execution of arbitrary code
2008-08-06 00:00:00
VLC: User-assisted execution of arbitrary code
2008-04-23 00:00:00
osv
osv
xine-lib - several vulnerabilities
2008-03-31 00:00:00
vlc - several vulnerabilities
2008-04-09 00:00:00
debian
debian
[SECURITY] [DSA 1536-1] New libxine packages fix several vulnerabilities
2008-03-31 20:51:58
[SECURITY] [DSA 1543-1] New vlc packages fix several vulnerabilities
2008-04-09 19:26:06
ubuntu
ubuntu
xine-lib vulnerabilities
2008-08-06 00:00:00

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

74.5%

JSON
Related for SSA-2008-089-03
nessus14exploitpack1debiancve1cve1packetstorm1openvas22fedora3ubuntucve1prion1redhatcve1securityvulns2cvelist1seebug2nvd1exploitdb1gentoo2osv2debian2ubuntu1