USN-42-1: Xine library vulnerabilities

21 December 2004

xine-lib vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 4.10

Software Description

Details

Several buffer overflows have been discovered in xine-lib, the video/audio codec library for Xine frontends (xine-ui, totem-xine, kaffeine, and others). If an attacker tricked a user into loading a malicious RTSP stream or a stream with specially crafted AIFF audio or PNM image data, they could exploit this to execute arbitrary code with the privileges of the user opening the audio/video file.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 4.10
libxine1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

References