USN-123-1: Xine library vulnerabilities

6 May 2005

xine-lib vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 5.04
  • Ubuntu 4.10

Software Description

Details

Two buffer overflows have been discovered in the MMS and Real RTSP stream handlers of the Xine library. By tricking a user to connect to a malicious MMS or RTSP video/audio stream source with an application that uses this library, an attacker could crash the client and possibly even execute arbitrary code with the privileges of the player application.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 5.04
libxine1
Ubuntu 4.10
libxine1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

References