GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Wed Apr 26, 2006 5:26 pm Post subject: [ GLSA 200604-15 ] xine-ui: Format string vulnerabilities |
 |
|
Gentoo Linux Security Advisory
Title: xine-ui: Format string vulnerabilities (GLSA 200604-15)
Severity: normal
Exploitable: remote
Date: April 26, 2006
Bug(s): #130801
ID: 200604-15
Synopsis
Format string vulnerabilities in xine-ui may lead to the execution of arbitrary code.
Background
xine-ui is a skin-based user interface for xine. xine is a free multimedia player. It plays CDs, DVDs, and VCDs, and can also decode other common multimedia formats.
Affected Packages
Package: media-video/xine-ui
Vulnerable: < 0.99.4-r5
Unaffected: >= 0.99.4-r5
Architectures: All supported architectures
Description
Ludwig Nussel discovered that xine-ui incorrectly implements formatted printing.
Impact
By constructing a malicious playlist file, a remote attacker could exploit these vulnerabilities to execute arbitrary code with the rights of the user running the application.
Workaround
There is no known workaround at this time.
Resolution
All xine-ui users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=media-video/xine-ui-0.99.4-r5" |
References
CVE-2006-1905
Last edited by GLSA on Wed Nov 14, 2007 4:18 am; edited 3 times in total |
|
News & Announcements
