USN-295-1: xine-lib vulnerability

9 June 2006

xine-lib vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 6.06 LTS
  • Ubuntu 5.10
  • Ubuntu 5.04

Software Description


Federico L. Bossi Bonin discovered a buffer overflow in the HTTP input module. By tricking an user into opening a malicious remote media location, a remote attacker could exploit this to crash Xine library frontends (like totem-xine, gxine, or xine-ui) and possibly even execute arbitrary code with the user’s privileges.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 6.06 LTS
libxine-main1 - 1.1.1+ubuntu2-7.1
Ubuntu 5.10
libxine1c2 - 1.0.1-1ubuntu10.3
Ubuntu 5.04
libxine1 - 1.0-1ubuntu3.7

To update your system, please follow these instructions:

In general, a standard system upgrade is sufficient to effect the necessary changes. XXX OR XXX After a standard system upgrade you need to reboot your computer to effect the necessary changes.