USN-295-1: xine-lib vulnerability
9 June 2006
xine-lib vulnerability
Releases
Details
Federico L. Bossi Bonin discovered a buffer overflow in the HTTP input
module. By tricking an user into opening a malicious remote media
location, a remote attacker could exploit this to crash Xine library
frontends (like totem-xine, gxine, or xine-ui) and possibly even
execute arbitrary code with the user's privileges.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 6.06
-
libxine-main1
-
1.1.1+ubuntu2-7.1
Ubuntu 5.10
-
libxine1c2
-
1.0.1-1ubuntu10.3
Ubuntu 5.04
-
libxine1
-
1.0-1ubuntu3.7
In general, a standard system upgrade is sufficient to effect the
necessary changes.
XXX OR XXX
After a standard system upgrade you need to reboot your computer to
effect the necessary changes.