GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Tue Apr 26, 2005 9:04 pm Post subject: [ GLSA 200504-27 ] xine-lib: Two heap overflow vulnerabiliti |
|
|
Gentoo Linux Security Advisory
Title: xine-lib: Two heap overflow vulnerabilities (GLSA 200504-27)
Severity: normal
Exploitable: remote
Date: April 26, 2005
Bug(s): #89976
ID: 200504-27
Synopsis
Two vulnerabilities have been found in xine-lib which could lead to the
remote execution of arbitrary code.
Background
xine-lib is a multimedia library which can be utilized to create
multimedia frontends.
Affected Packages
Package: media-libs/xine-lib
Vulnerable: < 1.0-r2
Unaffected: >= 1.0-r2
Unaffected: >= 1_rc6-r2 < 12
Architectures: All supported architectures
Description
Heap overflows have been found in the code handling RealMedia RTSP
and Microsoft Media Services streams over TCP (MMST).
Impact
By setting up a malicious server and enticing a user to use its
streaming data, a remote attacker could possibly execute arbitrary code
on the client computer with the permissions of the user running any
multimedia frontend making use of the xine-lib library.
Workaround
There is no known workaround at this time.
Resolution
All xine-lib users should upgrade to the latest version:
Code: | # emerge --sync
# emerge --ask --oneshot --verbose media-libs/xine-lib |
References
Xine Advisory XSA-2004-8
Last edited by GLSA on Sat Nov 24, 2012 4:19 am; edited 3 times in total |
|