[Frugalware-security] [ FSA-438 ] xine-lib
Miklos Vajna
vmiklos at frugalware.org
Mon May 5 14:36:33 CEST 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Frugalware Security Advisory FSA-438
Date: 2008-05-05
Package: xine-lib
Vulnerable versions: <= 1.1.11-1kalgan2
Unaffected versions: >= 1.1.11-1kalgan3
Related bugreport: http://bugs.frugalware.org/task/3027
CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1878
Description
===========
Guido Landi has discovered a vulnerability in xine-lib, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error within the "demux_nsf_send_chunk()" function in src/demuxers/demux_nsf.c. This can be exploited to cause a stack-based buffer overflow via an overly long NSF title.
Updated Packages
================
Check if you have xine-lib installed:
# pacman-g2 -Q xine-lib
If found, then you should upgrade to the latest version:
# pacman-g2 -Sy xine-lib
Availability
============
The latest revision of this advisory is available at
http://frugalware.org/security/438
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: See http://ftp.frugalware.org/pub/README.GPG for info
iEYEARECAAYFAkge/1EACgkQZ7NElSD1Vhny9gCdFBu7ZG7JlQqqGcSxb6JoTyi+
8NoAnifOAs3U61OeFTavXZxlJYorq+Yd
=DmGq
-----END PGP SIGNATURE-----
More information about the Frugalware-security
mailing list