GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Tue Jun 01, 2010 7:26 pm Post subject: [ GLSA 201006-04 ] xine-lib: User-assisted execution of arbi |
|
|
Gentoo Linux Security Advisory
Title: xine-lib: User-assisted execution of arbitrary code (GLSA 201006-04)
Severity: normal
Exploitable: remote
Date: June 01, 2010
Bug(s): #234777, #249041, #260069, #265250
ID: 201006-04
Synopsis
Multiple vulnerabilities in xine-lib might result in the remote execution
of arbitrary code.
Background
xine-lib is the core library package for the xine media player, and
other players such as Amarok, Codeine/Dragon Player and Kaffeine.
Affected Packages
Package: media-libs/xine-lib
Vulnerable: < 1.1.16.3
Unaffected: >= 1.1.16.3
Architectures: All supported architectures
Description
Multiple vulnerabilities have been reported in xine-lib. Please review
the CVE identifiers referenced below for details.
Impact
A remote attacker could entice a user to play a specially crafted video
file or stream with a player using xine-lib, potentially resulting in
the execution of arbitrary code with the privileges of the user running
the application.
Workaround
There is no known workaround at this time.
Resolution
All xine-lib users should upgrade to an unaffected version:
Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/xine-lib-1.1.16.3" |
NOTE: This is a legacy GLSA. Updates for all affected architectures are
available since April 10, 2009. It is likely that your system is
already no longer affected by this issue.
References
CVE-2008-3231
CVE-2008-5233
CVE-2008-5234
CVE-2008-5235
CVE-2008-5236
CVE-2008-5237
CVE-2008-5238
CVE-2008-5239
CVE-2008-5240
CVE-2008-5241
CVE-2008-5242
CVE-2008-5243
CVE-2008-5244
CVE-2008-5245
CVE-2008-5246
CVE-2008-5247
CVE-2008-5248
CVE-2009-0698
CVE-2009-1274
Last edited by GLSA on Sat Jul 27, 2013 4:29 am; edited 3 times in total |
|