漏洞信息详情
xine-lib MP3 Processing 远程拒绝服务漏洞
漏洞简介
xine是一款免费的媒体播放器,支持多种格式。
xine-lib 1.1.15之前的版本存在拒绝服务漏洞。远程攻击者可以借助 \"具有由分离器所组成的元数据地MP3文件\",引起拒绝服务 (崩溃)。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
Ubuntu Ubuntu Linux 7.10 powerpc
Ubuntu libxine-dev_1.1.7-1ubuntu1.4_all.deb
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.1.7-1ubuntu1.4_all.deb
Ubuntu libxine1-console_1.1.7-1ubuntu1.4_powerpc.deb
http://security.ubuntu.com/ubuntu/pool/universe/x/xine-lib/libxine1-console_1.1.7-1ubuntu1.4_powerpc.deb
Ubuntu libxine1-dbg_1.1.7-1ubuntu1.4_powerpc.deb
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1-dbg_1.1.7-1ubuntu1.4_powerpc.deb
Ubuntu libxine1-doc_1.1.7-1ubuntu1.4_all.deb
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1-doc_1.1.7-1ubuntu1.4_all.deb
Ubuntu libxine1-ffmpeg_1.1.7-1ubuntu1.4_powerpc.deb
http://security.ubuntu.com/ubuntu/pool/universe/x/xine-lib/libxine1-ffmpeg_1.1.7-1ubuntu1.4_powerpc.deb
Ubuntu libxine1-gnome_1.1.7-1ubuntu1.4_powerpc.deb
http://security.ubuntu.com/ubuntu/pool/universe/x/xine-lib/libxine1-gnome_1.1.7-1ubuntu1.4_powerpc.deb
Ubuntu libxine1-plugins_1.1.7-1ubuntu1.4_all.deb
http://security.ubuntu.com/ubuntu/pool/universe/x/xine-lib/libxine1-plugins_1.1.7-1ubuntu1.4_all.deb
Ubuntu libxine1_1.1.7-1ubuntu1.4_powerpc.deb
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.1.7-1ubuntu1.4_powerpc.deb
Ubuntu Ubuntu Linux 8.04 LTS powerpc
Ubuntu libxine-dev_1.1.11.1-1ubuntu3.2_powerpc.deb
http://ports.ubuntu.com/pool/main/x/xine-lib/libxine-dev_1.1.11.1-1ubuntu3.2_powerpc.deb
Ubuntu libxine1-all-plugins_1.1.11.1-1ubuntu3.2_all.deb
http://security.ubuntu.com/ubuntu/pool/universe/x/xine-lib/libxine1-all-plugins_1.1.11.1-1ubuntu3.2_all.deb
Ubuntu libxine1-bin_1.1.11.1-1ubuntu3.2_powerpc.deb
http://ports.ubuntu.com/pool/main/x/xine-lib/libxine1-bin_1.1.11.1-1ubuntu3.2_powerpc.deb
Ubuntu libxine1-console_1.1.11.1-1ubuntu3.2_powerpc.deb
http://ports.ubuntu.com/pool/main/x/xine-lib/libxine1-console_1.1.11.1-1ubuntu3.2_powerpc.deb
Ubuntu libxine1-dbg_1.1.11.1-1ubuntu3.2_powerpc.deb
http://ports.ubuntu.com/pool/main/x/xine-lib/libxine1-dbg_1.1.11.1-1ubuntu3.2_powerpc.deb
Ubuntu libxine1-doc_1.1.11.1-1ubuntu3.2_all.deb
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1-doc_1.1.11.1-1ubuntu3.2_all.deb
Ubuntu libxine1-ffmpeg_1.1.11.1-1ubuntu3.2_powerpc.deb
http://ports.ubuntu.com/pool/universe/x/xine-lib/libxine1-ffmpeg_1.1.11.1-1ubuntu3.2_powerpc.deb
Ubuntu libxine1-gnome_1.1.11.1-1ubuntu3.2_powerpc.deb
http://ports.ubuntu.com/pool/universe/x/xine-lib/libxine1-gnome_1.1.11.1-1ubuntu3.2_powerpc.deb
Ubuntu libxine1-misc-plugins_1.1.11.1-1ubuntu3.2_powerpc.deb
http://ports.ubuntu.com/pool/main/x/xine-lib/libxine1-misc-plugins_1.1.11.1-1ubuntu3.2_powerpc.deb
Ubuntu libxine1-plugins_1.1.11.1-1ubuntu3.2_all.deb
http://security.ubuntu.com/ubuntu/pool/universe/x/xine-lib/libxine1-plugins_1.1.11.1-1ubuntu3.2_all.deb
Ubuntu libxine1-x_1.1.11.1-1ubuntu3.2_powerpc.deb
http://ports.ubuntu.com/pool/main/x/xine-lib/libxine1-x_1.1.11.1-1ubuntu3.2_powerpc.deb
Ubuntu libxine1_1.1.11.1-1ubuntu3.2_powerpc.deb
http://ports.ubuntu.com/pool/main/x/xine-lib/libxine1_1.1.11.1-1ubuntu3.2_powerpc.deb
Ubuntu Ubuntu Linux 8.10 powerpc
Ubuntu libxine-dev_1.1.15-0ubuntu3.1_powerpc.deb
http://ports.ubuntu.com/pool/main/x/xine-lib/libxine-dev_1.1.15-0ubuntu3.1_powerpc.deb
Ubuntu libxine1-all-plugins_1.1.15-0ubuntu3.1_all.deb
http://security.ubuntu.com/ubuntu/pool/universe/x/xine-lib/libxine1-all-plugins_1.1.15-0ubuntu3.1_all.deb
Ubuntu libxine1-bin_1.1.15-0ubuntu3.1_powerpc.deb
http://ports.ubuntu.com/pool/main/x/xine-lib/libxine1-bin_1.1.15-0ubuntu3.1_powerpc.deb
Ubuntu libxine1-console_1.1.15-0ubuntu3.1_powerpc.deb
http://ports.ubuntu.com/pool/main/x/xine-lib/libxine1-console_1.1.15-0ubuntu3.1_powerpc.deb
Ubuntu libxine1-dbg_1.1.15-0ubuntu3.1_powerpc.deb
http://ports.ubuntu.com/pool/main/x/xine-lib/libxine1-dbg_1.1.15-0ubuntu3.1_powerpc.deb
参考网址
来源: BID
名称: 32505
链接:http://www.securityfocus.com/bid/32505
来源: MANDRIVA
名称: MDVSA-2009:298
链接:http://www.mandriva.com/security/advisories?name=MDVSA-2009:298
来源:sourceforge.net
链接:http://sourceforge.net/project/shownotes.php?release_id=619869
来源: SUSE
名称: SUSE-SR:2009:004
链接:http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
受影响实体
- Xine Xine-Lib:1.1.13<!--2000-1-1-->
- Xine Xine-Lib:1.1.12<!--2000-1-1-->
- Xine Xine-Lib:1.1.11.1<!--2000-1-1-->
- Xine Xine-Lib:1.1.11<!--2000-1-1-->
- Xine Xine-Lib:1.1.10.1<!--2000-1-1-->
补丁
暂无
还没有评论,来说两句吧...