The real_parse_audio_specific_data function in demux_real.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, uses an untrusted height (aka codec_data_length) value as a divisor, which allow remote attackers to cause a denial of service (divide-by-zero error and crash) via a zero value.

This update of xine fixes multiple buffer overflows while parsing files :

  - CVE-2008-3231

  - CVE-2008-5233

  - CVE-2008-5234

  - CVE-2008-5235

  - CVE-2008-5236

  - CVE-2008-5237

  - CVE-2008-5238

  - CVE-2008-5239

  - CVE-2008-5240

  - CVE-2008-5241

  - CVE-2008-5242

  - CVE-2008-5243

  - CVE-2008-5244

  - CVE-2008-5245

  - CVE-2008-5246

  - CVE-2008-5247

  - These bugs can lead to remote code execution.
    (CVE-2008-5248)

The remote host is affected by the vulnerability described in GLSA-201006-04 (xine-lib: User-assisted execution of arbitrary code)

    Multiple vulnerabilities have been reported in xine-lib. Please review     the CVE identifiers referenced below for details.
  Impact :

    A remote attacker could entice a user to play a specially crafted video     file or stream with a player using xine-lib, potentially resulting in     the execution of arbitrary code with the privileges of the user running     the application.
  Workaround :

    There is no known workaround at this time.

This update of xine fixes multiple buffer overflows while parsing files :

  - CVE-2008-3231

  - CVE-2008-5233

  - CVE-2008-5234

  - CVE-2008-5235

  - CVE-2008-5236

  - CVE-2008-5237

  - CVE-2008-5238

  - CVE-2008-5239

  - CVE-2008-5240

  - CVE-2008-5241

  - CVE-2008-5242

  - CVE-2008-5243

  - CVE-2008-5244

  - CVE-2008-5245

  - CVE-2008-5246

  - CVE-2008-5247

  - CVE-2008-5248 These bugs can lead to remote code     execution.

This release fixes multiple bugs and security issues: - DoS via corrupted Ogg files (CVE-2008-3231) - multiple possible buffer overflows detailed in oCERT-2008-008 For more details, see:
http://sourceforge.net/project/shownotes.php?release_id=619869&group_i d=9655 http://www.ocert.org/advisories/ocert-2008-008.html NOTE: A coordinated release with 3rd-party repos was not possible, so this update may result in dependency issues with currently-installed xine-lib-extras-* rpms. This temporary problem will be rectified asap.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
51768	SuSE 10 Security Update : xine (ZYPP Patch Number 5965)	Nessus	SuSE Local Security Checks	critical
46771	GLSA-201006-04 : xine-lib: User-assisted execution of arbitrary code	Nessus	Gentoo Local Security Checks	critical
40156	openSUSE Security Update : xine-devel (xine-devel-483)	Nessus	SuSE Local Security Checks	critical
35599	openSUSE 10 Security Update : xine-devel (xine-devel-5966)	Nessus	SuSE Local Security Checks	critical
34136	Fedora 8 : xine-lib-1.1.15-1.fc8 (2008-7572)	Nessus	Fedora Local Security Checks	critical
34133	Fedora 9 : xine-lib-1.1.15-1.fc9 (2008-7512)	Nessus	Fedora Local Security Checks	critical

Detections

Analytics

CVE-2008-5247

high

Tenable Plugins

critical

critical

critical

critical

critical

critical