Search...

Debian Security Advisory DSA 1093-1 (xine-ui)

2008-01-17T00:00:00

ID OPENVAS:56922
Type openvas
Reporter Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com
Modified 2017-07-07T00:00:00

Description

The remote host is missing an update to xine-ui announced via advisory DSA 1093-1.

Several format string vulnerabilities have been discovered in xine-ui, the user interface of the xine video player, which may cause a denial of service.

The old stable distribution (woody) is not affected by these problems.

                                        
                                            # OpenVAS Vulnerability Test
# $Id: deb_1093_1.nasl 6616 2017-07-07 12:10:49Z cfischer $
# Description: Auto-generated from advisory DSA 1093-1
#
# Authors:
# Thomas Reinke &lt;reinke@securityspace.com&gt;
#
# Copyright:
# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com
# Text descriptions are largerly excerpted from the referenced
# advisory, and are Copyright (c) the respective author(s)
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#

include("revisions-lib.inc");
tag_solution = "For the stable distribution (sarge) these problems have been fixed in
version 0.99.3-1sarge1.

For the unstable distribution (sid) these problems will be fixed soon.

We recommend that you upgrade your xine-ui package.

 https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201093-1";
tag_summary = "The remote host is missing an update to xine-ui
announced via advisory DSA 1093-1.

Several format string vulnerabilities have been discovered in xine-ui,
the user interface of the xine video player, which may cause a denial
of service.

The old stable distribution (woody) is not affected by these problems.";


if(description)
{
 script_id(56922);
 script_version("$Revision: 6616 $");
 script_tag(name:"last_modification", value:"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $");
 script_tag(name:"creation_date", value:"2008-01-17 23:09:45 +0100 (Thu, 17 Jan 2008)");
 script_cve_id("CVE-2006-2230");
 script_tag(name:"cvss_base", value:"5.0");
 script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:P");
 script_name("Debian Security Advisory DSA 1093-1 (xine-ui)");



 script_category(ACT_GATHER_INFO);

 script_copyright("Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com");
 script_family("Debian Local Security Checks");
 script_dependencies("gather-package-list.nasl");
 script_mandatory_keys("ssh/login/debian_linux", "ssh/login/packages");
 script_tag(name : "solution" , value : tag_solution);
 script_tag(name : "summary" , value : tag_summary);
 script_tag(name:"qod_type", value:"package");
 script_tag(name:"solution_type", value:"VendorFix");
 exit(0);
}

#
# The script code starts here
#

include("pkg-lib-deb.inc");

res = "";
report = "";
if ((res = isdpkgvuln(pkg:"xine-ui", ver:"0.99.3-1sarge1", rls:"DEB3.1")) != NULL) {
    report += res;
}

if (report != "") {
    security_message(data:report);
} else if (__pkg_match) {
    exit(99); # Not vulnerable.
}

JSON Vulners Source

Initial Source

{"bulletinFamily": "scanner", "viewCount": 1, "naslFamily": "Debian Local Security Checks", "reporter": "Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com", "references": [], "description": "The remote host is missing an update to xine-ui\nannounced via advisory DSA 1093-1.\n\nSeveral format string vulnerabilities have been discovered in xine-ui,\nthe user interface of the xine video player, which may cause a denial\nof service.\n\nThe old stable distribution (woody) is not affected by these problems.", "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "ed107e5672747aaa6b50db0d429245a0"}, {"key": "cvss", "hash": "84813b1457b92d6ba1174abffbb83a2f"}, {"key": "description", "hash": "c826cf69e817d23d222d040a6e9d0b0e"}, {"key": "href", "hash": "a23a894eb14d1454cd7683993bb06220"}, {"key": "modified", "hash": "d89cc672a6266551218ef8145d1f22e2"}, {"key": "naslFamily", "hash": "74562d71b087df9eabd0c21f99b132cc"}, {"key": "pluginID", "hash": "d9687be677a820405d77009772535d9d"}, {"key": "published", "hash": "d50ef4187c812efcd7df8d6f70c1cb0e"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "9ede898fe6a9cc1e1facbdf53679b23d"}, {"key": "sourceData", "hash": "7570f261440833841baab3ad288befd1"}, {"key": "title", "hash": "3f8bfde188caeb561dcdd0b0db4ffbb8"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}], "href": "http://plugins.openvas.org/nasl.php?oid=56922", "modified": "2017-07-07T00:00:00", "objectVersion": "1.3", "enchantments": {"score": {"value": 5.8, "vector": "NONE", "modified": "2017-07-24T12:49:45", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2006-2230"]}, {"type": "exploitdb", "idList": ["EDB-ID:27791"]}, {"type": "osvdb", "idList": ["OSVDB:25606"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-1093.NASL"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1093-1:9E354"]}], "modified": "2017-07-24T12:49:45", "rev": 2}, "vulnersScore": 5.8}, "id": "OPENVAS:56922", "title": "Debian Security Advisory DSA 1093-1 (xine-ui)", "hash": "87829188c36ddb3294d4bffba27cfa4d0796ecef593a254c2d78bcad6c50f037", "edition": 2, "published": "2008-01-17T00:00:00", "type": "openvas", "history": [{"lastseen": "2017-07-02T21:10:09", "bulletin": {"hash": "72ed1913242e452607e4ab6b5631bfe87945514ae2b67a65d473ec96f7bbc5a4", "viewCount": 0, "reporter": "Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com", "references": [], "description": "The remote host is missing an update to xine-ui\nannounced via advisory DSA 1093-1.\n\nSeveral format string vulnerabilities have been discovered in xine-ui,\nthe user interface of the xine video player, which may cause a denial\nof service.\n\nThe old stable distribution (woody) is not affected by these problems.", "hashmap": [{"key": "title", "hash": "3f8bfde188caeb561dcdd0b0db4ffbb8"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "pluginID", "hash": "d9687be677a820405d77009772535d9d"}, {"key": "reporter", "hash": "9ede898fe6a9cc1e1facbdf53679b23d"}, {"key": "modified", "hash": "843701789aea7d810604d0bba9313605"}, {"key": "cvelist", "hash": "ed107e5672747aaa6b50db0d429245a0"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}, {"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "href", "hash": "a23a894eb14d1454cd7683993bb06220"}, {"key": "cvss", "hash": "84813b1457b92d6ba1174abffbb83a2f"}, {"key": "description", "hash": "c826cf69e817d23d222d040a6e9d0b0e"}, {"key": "naslFamily", "hash": "74562d71b087df9eabd0c21f99b132cc"}, {"key": "published", "hash": "d50ef4187c812efcd7df8d6f70c1cb0e"}, {"key": "sourceData", "hash": "fb59661050c2dd4f1ee05613945b2c34"}], "naslFamily": "Debian Local Security Checks", "modified": "2016-08-23T00:00:00", "objectVersion": "1.3", "href": "http://plugins.openvas.org/nasl.php?oid=56922", "published": "2008-01-17T00:00:00", "enchantments": {}, "id": "OPENVAS:56922", "title": "Debian Security Advisory DSA 1093-1 (xine-ui)", "bulletinFamily": "scanner", "edition": 1, "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1093_1.nasl 3873 2016-08-23 14:29:29Z teissa $\n# Description: Auto-generated from advisory DSA 1093-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"For the stable distribution (sarge) these problems have been fixed in\nversion 0.99.3-1sarge1.\n\nFor the unstable distribution (sid) these problems will be fixed soon.\n\nWe recommend that you upgrade your xine-ui package.\n\n https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201093-1\";\ntag_summary = \"The remote host is missing an update to xine-ui\nannounced via advisory DSA 1093-1.\n\nSeveral format string vulnerabilities have been discovered in xine-ui,\nthe user interface of the xine video player, which may cause a denial\nof service.\n\nThe old stable distribution (woody) is not affected by these problems.\";\n\n\nif(description)\n{\n script_id(56922);\n script_version(\"$Revision: 3873 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-08-23 16:29:29 +0200 (Tue, 23 Aug 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:09:45 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2006-2230\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Debian Security Advisory DSA 1093-1 (xine-ui)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"HostDetails/OS/cpe:/o:debian:debian_linux\", \"login/SSH/success\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"xine-ui\", ver:\"0.99.3-1sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "type": "openvas", "history": [], "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "cvelist": ["CVE-2006-2230"], "lastseen": "2017-07-02T21:10:09", "pluginID": "56922"}, "differentElements": ["modified", "sourceData"], "edition": 1}], "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "cvelist": ["CVE-2006-2230"], "lastseen": "2017-07-24T12:49:45", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1093_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1093-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"For the stable distribution (sarge) these problems have been fixed in\nversion 0.99.3-1sarge1.\n\nFor the unstable distribution (sid) these problems will be fixed soon.\n\nWe recommend that you upgrade your xine-ui package.\n\n https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201093-1\";\ntag_summary = \"The remote host is missing an update to xine-ui\nannounced via advisory DSA 1093-1.\n\nSeveral format string vulnerabilities have been discovered in xine-ui,\nthe user interface of the xine video player, which may cause a denial\nof service.\n\nThe old stable distribution (woody) is not affected by these problems.\";\n\n\nif(description)\n{\n script_id(56922);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:09:45 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2006-2230\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Debian Security Advisory DSA 1093-1 (xine-ui)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"xine-ui\", ver:\"0.99.3-1sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "pluginID": "56922"}

{"cve": [{"lastseen": "2019-05-29T18:08:32", "bulletinFamily": "NVD", "description": "Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.4 might allow attackers to cause a denial of service via format string specifiers in an MP3 filename specified on the command line. NOTE: this is a different vulnerability than CVE-2006-1905. In addition, if the only attack vectors involve a user-assisted, local command line argument of a non-setuid program, this issue might not be a vulnerability.", "modified": "2018-10-18T16:38:00", "id": "CVE-2006-2230", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-2230", "published": "2006-05-05T19:02:00", "title": "CVE-2006-2230", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "exploitdb": [{"lastseen": "2016-02-03T06:44:38", "bulletinFamily": "exploit", "description": "Xine 0.99.x Filename Handling Remote Format String Vulnerability. CVE-2006-2230. Dos exploit for linux platform", "modified": "2006-05-01T00:00:00", "published": "2006-05-01T00:00:00", "id": "EDB-ID:27791", "href": "https://www.exploit-db.com/exploits/27791/", "type": "exploitdb", "title": "Xine 0.99.x Filename Handling Remote Format String Vulnerability", "sourceData": "source: http://www.securityfocus.com/bid/17769/info\r\n\r\nThe xine package is susceptible to a remote format-string vulnerability. \r\n\r\nThis issue arises when the application handles specially crafted filenames. An attacker can exploit this vulnerability by crafting a malicious filename that contains format specifiers and then coercing unsuspecting users to try to execute the affected application with the malicious filename as an argument.\r\n\r\nA successful attack may crash the application or lead to arbitrary code execution. \r\n\r\nVersion 0.99.4 of xine is vulnerable to this issue; other versions may also be affected.\r\n\r\nThe following command is sufficient to demonstrate this issue:\r\nxine %p-%p.mp3\r\n\r\nThis will result in a file-not-found dialog being displayed. The dialog will report that the file that was not found has a name similar to '0x811ac8e-0xbe1fdabc.mp3'", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/27791/"}], "osvdb": [{"lastseen": "2017-04-28T13:20:22", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\nVendor URL: http://xine.sourceforge.net/\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-05/0019.html\n[CVE-2006-2230](https://vulners.com/cve/CVE-2006-2230)\n", "modified": "2006-04-29T00:25:29", "published": "2006-04-29T00:25:29", "href": "https://vulners.com/osvdb/OSVDB:25606", "id": "OSVDB:25606", "title": "xine xiTK Multiple Format String", "type": "osvdb", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "nessus": [{"lastseen": "2020-07-01T01:10:06", "bulletinFamily": "scanner", "description": "Several format string vulnerabilities have been discovered in xine-ui,\nthe user interface of the xine video player, which may cause a denial\nof service.", "modified": "2020-07-02T00:00:00", "id": "DEBIAN_DSA-1093.NASL", "href": "https://www.tenable.com/plugins/nessus/22635", "published": "2006-10-14T00:00:00", "title": "Debian DSA-1093-1 : xine - format string", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1093. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(22635);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/08/02 13:32:19\");\n\n script_cve_id(\"CVE-2006-2230\");\n script_xref(name:\"DSA\", value:\"1093\");\n\n script_name(english:\"Debian DSA-1093-1 : xine - format string\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several format string vulnerabilities have been discovered in xine-ui,\nthe user interface of the xine video player, which may cause a denial\nof service.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2006/dsa-1093\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the xine-ui package.\n\nThe old stable distribution (woody) is not affected by these problems.\n\nFor the stable distribution (sarge) these problems have been fixed in\nversion 0.99.3-1sarge1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xine-ui\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/06/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/10/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.1\", prefix:\"xine-ui\", reference:\"0.99.3-1sarge1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "debian": [{"lastseen": "2019-05-30T02:23:07", "bulletinFamily": "unix", "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 1093-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nJune 8th, 2006 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : xine-ui\nVulnerability : format string\nProblem type : local (remote)\nDebian-specific: no\nCVE ID : CVE-2006-2230\n\nSeveral format string vulnerabilities have been discovered in xine-ui,\nthe user interface of the xine video player, which may cause a denial\nof service.\n\nThe old stable distribution (woody) is not affected by these problems.\n\nFor the stable distribution (sarge) these problems have been fixed in\nversion 0.99.3-1sarge1.\n\nFor the unstable distribution (sid) these problems will be fixed soon.\n\nWe recommend that you upgrade your xine-ui package.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given at the end of this advisory:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.1 alias sarge\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/x/xine-ui/xine-ui_0.99.3-1sarge1.dsc\n Size/MD5 checksum: 746 527be88be68d5710bf5e0a5b09ffc839\n http://security.debian.org/pool/updates/main/x/xine-ui/xine-ui_0.99.3-1sarge1.diff.gz\n Size/MD5 checksum: 1288 64415eeb7634cc0dca6d7a44e7a8f404\n http://security.debian.org/pool/updates/main/x/xine-ui/xine-ui_0.99.3.orig.tar.gz\n Size/MD5 checksum: 2610080 aa7805a93e511e3d67dc1bf09a71fcdd\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/x/xine-ui/xine-ui_0.99.3-1sarge1_alpha.deb\n Size/MD5 checksum: 1877496 56392abc6057d656c041bfbad49976ad\n\n AMD64 architecture:\n\n http://security.debian.org/pool/updates/main/x/xine-ui/xine-ui_0.99.3-1sarge1_amd64.deb\n Size/MD5 checksum: 1766792 b093fcc76082ac6e95518f2ec9a27bd9\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/x/xine-ui/xine-ui_0.99.3-1sarge1_arm.deb\n Size/MD5 checksum: 1711066 856ce425a4db60d0d043b95ad0a7ec18\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/x/xine-ui/xine-ui_0.99.3-1sarge1_i386.deb\n Size/MD5 checksum: 1731748 5f971967308012850fecd3c9362cec9b\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/x/xine-ui/xine-ui_0.99.3-1sarge1_ia64.deb\n Size/MD5 checksum: 2041594 6f37253dad654f31f5bd12c2109e5726\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/x/xine-ui/xine-ui_0.99.3-1sarge1_hppa.deb\n Size/MD5 checksum: 1682926 1ac6f7faa43469e805c01be3d8756a2b\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/x/xine-ui/xine-ui_0.99.3-1sarge1_m68k.deb\n Size/MD5 checksum: 1588564 baea2fa096194f491dcf2438cfa489c7\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/x/xine-ui/xine-ui_0.99.3-1sarge1_mips.deb\n Size/MD5 checksum: 1762350 fbbaa304745c86021a0ffe463530a573\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/x/xine-ui/xine-ui_0.99.3-1sarge1_mipsel.deb\n Size/MD5 checksum: 1762594 6399a62f5e919c04333a2c5533e64cc0\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/x/xine-ui/xine-ui_0.99.3-1sarge1_powerpc.deb\n Size/MD5 checksum: 1776176 387dfa9a66f0fa3e26e9d26b5cc3aed0\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/x/xine-ui/xine-ui_0.99.3-1sarge1_s390.deb\n Size/MD5 checksum: 1742376 b41686f1d871c498d6f4185736317ff2\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/x/xine-ui/xine-ui_0.99.3-1sarge1_sparc.deb\n Size/MD5 checksum: 1761044 f37b88d9d0a99ee2a6be783e403d634c\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n\n", "modified": "2006-06-08T00:00:00", "published": "2006-06-08T00:00:00", "id": "DEBIAN:DSA-1093-1:9E354", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2006/msg00179.html", "title": "[SECURITY] [DSA 1093-1] New xine-ui packages fix denial of service", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}]}