[Frugalware-security] [ FSA-417 ] xine-lib
Miklos Vajna
vmiklos at frugalware.org
Mon Apr 14 15:49:55 CEST 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Frugalware Security Advisory FSA-417
Date: 2008-04-14
Package: xine-lib
Vulnerable versions: <= 1.1.11-1kalgan1
Unaffected versions: >= 1.1.11-1kalgan2
Related bugreport: http://bugs.frugalware.org/task/2892
CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1482
Description
===========
Luigi Auriemma has reported some vulnerabilities in xine-lib, which potentially can be exploited by malicious people to compromise a user's system.
The vulnerabilities are caused due to integer overflow errors when allocating memory in src/demuxers/demux_flv.c, src/demuxers/demux_qt.c, src/demuxers/demux_real.c, src/demuxers/demux_wc3movie.c, src/demuxers/ebml.c, and src/demuxers/demux_film.c. These can be exploited to cause heap-based buffer overflows via overly large fields included in e.g. FLV, MOV, RM, MVE, MKV, and CAK files.
Updated Packages
================
Check if you have xine-lib installed:
# pacman-g2 -Q xine-lib
If found, then you should upgrade to the latest version:
# pacman-g2 -Sy xine-lib
Availability
============
The latest revision of this advisory is available at
http://frugalware.org/security/417
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: See http://ftp.frugalware.org/pub/README.GPG for info
iEYEARECAAYFAkgDYQMACgkQZ7NElSD1VhlBMwCgnOxPPEtXoTQp5arUECZXvoUg
ZNwAoJsMA9CnKduWHtsyq0G2eQ2JjwGW
=4uiz
-----END PGP SIGNATURE-----
More information about the Frugalware-security
mailing list